Change Workstation AD SITE and DC - AD Site IP/Range/Decommission Questions


  • Hello,

    I am trying to understand Active Directory Sites and Services and the default domain controller a client will choose. Each site has its own subnet and ip address range.

    We have two separate sites, and have just brought up a new 2016 domain controller, transferred the FSMO roles to it, and added it into a new site.

    Our subnet range for the original site is a 10.10.X.X range subnet. (Site 1)
    The subnet range for the new site is 10.1.X.X range subnet. (Site 2)

    Our Azure AD Connect Server is using a 10.10.X.X IP address, so I assume it does a lookup, sees that Site 1 has that subnet and it automatically uses the older 2008 R2 domain controllers. The issue is, when we create objects in the Server 2016 Active Directory, the lowest time it takes to replicate to the old 2008 R2 DCs is 15 minutes. Azure AD Connect cannot immediately sync, because it needs to wait for the 15 minutes before replication happens.

    Eventually we'll want to decommission these older domain controllers, but we're not ready yet.

    So my question is, can I force the Azure AD Connect server to use our PDC in the new site? If we update the IP address from 10.10.X.X to 10.1.X.X this also should automatically make it choose the correct domain controller from the new site?

    Once we decommission these old servers, how will clients react? They'll need to be on this new IP Range/Subnet before they'll be able to use the 2016 PDC? 

    I've done a nltest /dclist:domainname and it does show both sites and all of our domain controllers. So I know that it can see all the sites, but it's only choosing to use the first original site (again most likely due to IP range/subnet?)

    • Edited by jrmoat Monday, April 10, 2017 4:07 PM
    Monday, April 10, 2017 3:58 PM


  • Hi,

    Each client will contact the DC in closest site. the closest site is defined by subnet and site in Active directory sites and services. So you should assign all client subnet  to the  closest site , to let the client to contact a closest DC.
    If you want to decommision all DC in site1, you should move all subnets to another site to help clients to find the closest DC.

    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog :

    • Marked as answer by jrmoat Tuesday, April 11, 2017 3:55 AM
    Monday, April 10, 2017 10:34 PM