Should I create active directory site for site with no domain controller (but with site-to-site VPN)?

This should hopefully be a quick and easy one.

I have a remote site with no domain controller (no servers at all), connected back to HQ by a site-to-site VPN. Prompted by Netlogon Event 5807 (client connection from subnet not linked to a site), I read this and this. This leads me to think I should create a site, subnet and site link for this site. Am I correct?


Creating an Active Directory site with no domain controller for these clients is one way to go. But without a domain controller to put in the site container, there's probably no point in doing so. As pointed out in drookie's answer, you'll just end up with a different warning in your event logs, and assuming that the remote site without a domain controller doesn't contain any services that are ADDS-site-aware, I don't see that you accomplish anything with this approach.

Personally, I'd probably just add the subnet to an existing site which contains the domain controller I want the clients to prefer for authentication. No more event log warnings, and the clients go to the domain controller(s) I want them to.


Yes. However, domain clients will still be able to log in to the domain without it, using a random DC. But you will be unable to designate the closest DC to such clients (and they will be unable to determine it automatically) and you will be receiving tonnes of warnings like "During the past 2.15 hours there have been 56 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise."