Your network contains an Active Directory domain.
The domain is configured as shown in the following table:
Users in Branch2 sometimes authenticate to a domain controller in Branch1.
You need to ensure that users in Branch2 only authenticate to the domain controllers in Main.
What should you do?
A.
On DC3, set the AutoSiteCoverage value to 0.
B.
On DC3, set the AutoSiteCoverage value to 1.
C.
On DC1 and DC2, set the AutoSiteCoverage value to0.
D.
On DC1 and DC2, set the AutoSiteCoverage value to1.
Explanation:
http://technet.microsoft.com/en-us/library/cc787491%28v=ws.10%29.aspx
Parameters\AutoSiteCoverage
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Description
Specifies whether the system can add sites to the coverage area of this domain controller.
Domain controllers cover, that is, provide servicesto, the site in which they reside and to other sites listed in the
value of the entry SiteCoverage. In addition, when the value of AutoSiteCoverageis 1, the system can add
sites that do not have domain controllers to this domain controller’s coverage area.
The sites added to the domain controller’s coverageare stored in memory, and a new list is assembled each
time the Net Logon service starts or when Netlogon is notified of the site object changes. While Net Logon runs,
it updates this list at an interval specified by the value of the entry DnsRefreshInterval.
…
http://technet.microsoft.com/en-us/library/cc749944.aspx
Planning Active Directory for Branch Office
..
Disabling AutoSiteCoverageRegistration in DNS
Another situation that requires configuration of SRV records results from not having a domain controller in a
particular site. This may happen because there are no users needing constant logon access, or because
replication to the site might be too expensive or too slow. To ensure that a domain controller can be located in
the site closest to a client computer, if not the same site, Windows 2000 automatically attempts to register a
domain controller in every site by using an “autositecoverage” algorithm. The algorithm determines howone
site can “cover” another site when no domain controller exists in the second site. By default, the process uses
the replication topology.
The algorithm works as follows. Each domain controller checks all sites in the forest and then checks the
replication cost matrix. A domain controller advertises itself (registers a site-related SRV record inDNS) in any
site that does not have a domain controller for that domain and for which its site has the lowest-cost
connections. This process ensures that every site has a domain controller even though its domain controller
may not be located in that site. The domain controllers that are published in DNS are those from the closest site
(as defined by the replication topology).
In the branch office scenario, any computer from other sites should not discover branch office domain
controllers. A client should always communicate with a local domain controller, and if that is not available, use a
domain controller in the hub site. To achieve this:
1. Disable AutoSiteCoverage on all of the domaincontrollers, not only for the branch domain controllers, but
also hub domain controllers.
2. Do not register generic records as described above.
If both of these configurations (1. and 2.) are performed, then all-site clients will discover the local domain
controller if it is available, or its hub domain controller (if no local domain controller is available).
In the unusual scenario when a site with a domain controller for some domain is closer to another sitethan the
central hub, the administrator has the ability to configure that domain controller with the specific (“close”) sites
to be covered using the following registry values: SiteCoverage, GcSiteCoverage. Alternatively, the
administrator can use the following Group Policy settings:
Sites Covered by the domain controller Locator DNS SRV Records
Sites Covered by the global catalog server Locator DNS SRV Records
Sites Covered by the NDNC Locator DNS SRV Records
