locked
2012 R2 DirectAccess multi domain forest: Is it possible Limit Auto-discovery of domain controllers? RRS feed

  • Question

  • I've just successfully implemented Multisite server 2012 R2 DirectAccess in a child domain of a global company with numerous sub domains.  I'd like to limit the scope of the auto discovery of management servers in 2012 R2 DA is anyone aware of any way of doing this?

    During the default initial configuration of DirectAccess Auto-discovery of domain controllers is performed for all domains in the same forest as the DirectAccess server and client computers.

    In my scenario the number of sub domains and multinational nature of the company means that the DA servers cannot contact all DCs for every child domain in the forest.

    This means the Operations Status page in the Remote Access Management console always shows the status of the Domain Controller check as "critical" leaving a red X amongst my nice green ticks. It's untidy and at first glance it looks like there are major problems with the service.

    The DA servers, Client machines and users are in a single sub domain so we have no need to contact the other child domain DCs.

    I looked into using the Remove-DAMgmtServer PowerShell cmdlet however this is not applicable since it cannot be used to remove automatically configured management servers such as DCs.

    Also the child domain DCs don't actually appear in the management servers list.

    Thursday, November 13, 2014 3:39 PM

All replies

  • Hi, a colleague of mine had the same problem in a DirectAccess deployment in a large organization tat have a multi-domain forest. He had no choice to open network flow to have at least one domain controller per domain in the forest.  

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Friday, November 14, 2014 6:56 PM
  • Merci Benoit,

    That may not be an option in this case. I'll update the thread if I find an alternative approach.

    Thanks,

    Simon.

    Monday, November 17, 2014 10:31 AM
  • Hi,

    I will have a look on the subject too.

    Best regards.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Monday, November 17, 2014 5:19 PM