Configuring Primary Authentication for New Branch Office
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B
The proposed solution of configuring the "Try Next Closest Site" Group Policy Object (GPO) setting in a GPO linked to Site1 might meet the stated goal of primarily authenticating client computers in the new office against the domain controllers in Site1. However, the actual effectiveness of this solution depends on the network topology and the location of the new office relative to the existing sites.
The "Try Next Closest Site" setting is used to control how client computers choose a domain controller for authentication when a domain controller in the current site is not available. By default, client computers attempt to locate a domain controller in their own site for authentication. If no domain controller is available in the site, the client computer will then try to locate a domain controller in the nearest site based on the site link cost.
By configuring the "Try Next Closest Site" setting in a GPO linked to Site1, you are instructing the client computers in the new office to try to locate a domain controller in Site1 first, and then move on to the nearest site if none are available. This can potentially reduce the authentication traffic over the WAN link and improve authentication performance for the client computers in the new office.
However, if the new office is located closer to Site2 or Site3, the proposed solution may not be effective, as client computers will still attempt to locate a domain controller in Site1 first. In this case, a more effective solution would be to create a new site in AD DS for the new office and assign it a separate subnet. Then, you would need to deploy domain controllers in the new site and configure the site link cost to prioritize authentication requests from the new site.
Therefore, the answer to the question is not straightforward, as the effectiveness of the proposed solution depends on the network topology and the location of the new office relative to the existing sites. Without further information, it is difficult to determine if the proposed solution meets the stated goal.
