Active Directory Sites: Remote site is smaller subnet in main site's subnet definition

Currently, we have one site Default-First-Site - Gross default name, I know. We have plans to add a remote site. The the main site is a 172.18.0.0/16 that is split into dozens of smaller subnets. The remote site is connected to us by a MAN. Essentially, it is a 20Mbps bidirectional link between the main site and the remote site. The remote site is 172.18.228.0/22, which is obviously in the 172.18.0.0/16 range.

I am setting up DFS, a RODC, and a few other things for that remote site and have now set up a site for in in Active Directory so that the clients will connect to the appropriate DFS member and use the RODC that is on-site. We'll call this site Remote-Site for this question. In AD Sites I defined the 172.18.228.0/22 as belonging to Remote-Site. I have no subnet definition for Default-First-Site.

My question is, do I need to define 172.18.0.0/16 as the subnet for Default-First-Site, or will anything not in Remote-Site assume it is part of Default-First-Site? Also, if I define 172.18.0.0/16 as the subnet for Default-First-Site, will that screw up anything in Remote-Site, since 172.18.228.0/22 is obviously a subnet of 172.18.0.0/16?


You can have overlapping subnets in AD and they'll behave as you'd expect. A less-specific "catch all" subnet, like 172.16.0.0/16, will be selected by clients unless a more specific subnet, like 172.16.228.0/22, is defined in the Sites container.

So, define the 172.16.0.0/16 subnet and associated it with your Default-First-Site-Name site (which you can rename to be less ugly), and then create addt'l sites and subnets for the remote locations with more specific subnets inside 172.16.0.0/16 specified.

You can read a more in-depth article if you want more details, but based on your question I think you already understand what you're looking for and your expected behavior is the product's designed behavior.