Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, December 22, 2011 7:14 PM
I have a single forest single domain Windows Server 2003 AD domain. When I PING my domain name (OBPS.LOCAL) from clients on different subnets, the DC that replies varies. The two subnets tested are in the same site. Is this any reason for concern?
All replies (8)
Friday, December 23, 2011 8:18 AM âś…Answered
Hi,
Thank you for your post.
When I PING my domain name (OBPS.LOCAL) from clients on different subnets, the DC that replies varies.
It's correct, ping is not site aware, so pinging just the domain name will result in an answer from one your DCs.
Please use "ping DC server name"(logonserver) to check the domain connectivity.
If there are more inquiries on this issue, please feel free to let us know.
Regards,
Rick Tan
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected].
Rick Tan
TechNet Community Support
Thursday, December 22, 2011 7:21 PM
DCs in a domain, by default, will register their NIC's IP address in DNS as the domain name (a record without a hostname). If you look at your DNS zone that hosts the AD domain name, you'll notice that there are various domain name records with the IPs of all your DCs. This is by design.
If you do not have access to the DNS zone for viewing, just open a command prompt and type NSLOOKUP, then hit enter. At the prompt type obps.local and hit enter. You'll see various IPs returned.
Guides and tutorials, visit ITGeared.com.
Thursday, December 22, 2011 7:50 PM
Should all DCs IP addresses return with the NSLOOKUP command? I get 8 of them that answer.
Thursday, December 22, 2011 8:41 PM
I dont beleive that there are any limits on the NSLOOKUP results. A quick check into the DNS zone will validate your question. DCs by default register this type of record along with many other types of SRV records.
Guides and tutorials, visit ITGeared.com.
Saturday, December 24, 2011 2:06 AM | 1 vote
I agree with Rick, that ping, or even nslookup, are not AD Site aware resolvers. The only thing that are AD site aware are the AD domain client CSEs (client side extensions - about 50 of them) that resolve and perform various AD functions, such as logon, GetGpoList, GetDcList, etc, and any specific application that is AD Site aware, such as Exchange, or possibly some third party apps.
As JM mentioned, If you look in your obps.local zone, you will see a 'same as parent' A record for each DC that the netlogon service registers. These records are used for GPOs, DFS, and other functions. That is what ping and nslookup will retrieve, but as JM said, all of them will show up in the results.
I guess the limit of how many nslookup will show up in the resulst would be based on your EDNS0 limit, but as far as what you're doing, no, they will not resolve them based on what AD Site you are in.
Just check your AD Sites and Services, and make sure that each IP subnet objects is associated to their cooresponding AD Site, and the correct DCs are in their cooresponding AD Site name.
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Wednesday, December 28, 2011 1:50 AM
Hi,
I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.
Regards,
Rick Tan
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected].
Rick Tan
TechNet Community Support
Wednesday, February 22, 2012 7:46 AM
Hello,
I came across this post while trying to find a solution for my wifi problem. We have 3 sites with 3 DCs (one at each site), all connected through a VPN. I have defined the subnets in sites and services and associated the correct DC with the specific subnet. When I am on the LAN at site A and I ping domain.local, it returns randomly one of the 3 DCs. From what I have read on this post it would appear to be normal. My problem comes in with our Ucopia wireless gateway. I have a hotspot running for clients who when using their guest profile, they only have access to the web. Corporate users under the corporate profile have access to active directory, exchange, etc. The problem comes when the corporate user is on wireless and he tries to access domain.local but it is trying to access the DC on site B. The ucopia is not authorized to go out to this subnet and the corporate user cannot access the DFS share. In DFS I have made site A as the first target with lowest cost. Is there a way to prioritize a DC when doing a ping?
Thanks in advance.
Lien-Anh
Wednesday, February 22, 2012 1:36 PM
Is the wireless subnet associated to SiteA? If not, create a subnet object for the wireless subnet and associate it to SiteA.
Also make sure all DCs are GCs.
Ace
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.