Where does client will go if all the DC in a site fails?

active-directory

How can we determine which is the closest site if all the DCs in a site fails?

How does the client know the next closest site and how can we know exactly that the client will go to this site?


Solution 1:

By default clients will use any available domain controller, unless the Group Policy setting is enabled:

Computer > Administrative Templates > System > Net Logon > DC Locator DNS Records  

Try Next Closest Site

Then the client leverages the Windows DC Locator Process to identify domain controllers using a combination of AD site cost data and DNS LDAP weights/priorities. If the client is not associated with a site, it uses the first domain controller to respond.

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/enabling-clients-to-locate-the-next-closest-domain-controller

"This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively. The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost.

"If you enable this policy setting, Try Next Closest Site DC Location will be turned on for the computer.

"If you disable this policy setting, Try Next Closest Site DC Location will not be used by default for the computer. However, if a DC Locator call is made using the DS_TRY_NEXTCLOSEST_SITE flag explicitly, the Try Next Closest Site behavior is honored.

"If you do not configure this policy setting, Try Next Closest Site DC Location will not be used by default for the machine. If the DS_TRY_NEXTCLOSEST_SITE flag is used explicitly, the Next Closest Site behavior will be used."

More information about the DC Locator Process:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759550(v=ws.10)#domain-controller-locator-process

https://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx

Related

How to enable TLS 1.1 and TLS 1.0 on apache?
nginx add_header is not working
configure master and slave with powerdns version 4.2
Attach timestamp to each line of stdout
Renew ssl cert but only have private key and fullchain file
100Base FX and 1000Base LX - are they compatible?
Access point Netgear WAX610 Ethernet not working at 2.5Gbps
Fails on GCP VM import precheck tool
wireguard "destination address required" when trying to communicate from client-to-client rather than client-to-server
How to make reverse mDNS through IPv6 on OSX?
What do each of the powerups do in STRAFE?
How do I change Kat's costume?