Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object
(GPO) setting in a GPO that is linked to the new OU.
Does this meet the goal?
- A. Yes
- B. No
B. No
The suggested answer is correct
smudo1965
Highly Voted 2 years, 1 month ago
As stated in the link provided by Jaybro: If you enable the Try Next Closest Site setting, DC Locator uses the following algorithm to locate a domain controller: Try to find a domain controller in the same site. If no domain controller is available in the same site, try to find a domain controller in the next closest site. A site is closer if it has a lower site-link cost than another site with a higher site-link cost. If no domain controller is available in the next closest site, try to find any domain controller in the domain. As there is no diffent sitelink cost this will not help - so No
upvoted 9 times
neilkraftmann
Most Recent 3 months, 3 weeks ago
Had this on my exam recently.
upvoted 2 times
syu31svc
1 year, 8 months ago
Selected Answer: B
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/enabling-clients-to-locate-the-next-closest-domain-controller Only one site link so answer is No
upvoted 4 times
phi3nix
1 year, 7 months ago
This is a very good link: By default, the Try Next Closest Site setting is not enabled. When the setting is not enabled, DC Locator uses the following algorithm to locate a domain controller: * Try to find a domain controller in the same site. * If no domain controller is available in the same site, try to find any domain controller in the domain. If you enable the Try Next Closest Site setting, DC Locator uses the following algorithm to locate a domain controller: Try to find a domain controller in the same site. If no domain controller is available in the same site, try to find a domain controller in the next closest site. A site is closer if it has a lower site-link cost than another site with a higher site-link cost. If no domain controller is available in the next closest site, try to find any domain controller in the domain. To GPO works you still need to create links... Answer is NO.
upvoted 3 times
lukiduc9625
2 years, 2 months ago
In my opinion suggested answer is correct. 1. Computers from new branch office will be located in subnet which is not configured in AD (there is no information about configuring new subnet in AD) so they can not recognize to which site they belong thus they can not recognize which site is closest. 2. Enabling Try Next Closest Site Group Policy Object cause that if DC Locator running on certain client does not find domain controller (DC) in same site he try to find DC in closest site - which site is closer than others? Site to which site-link has lower cost. In our case all sites are connected by ONE site-link named DEFAULTIPSITELINK thus there is no way to choose which one is closest and in my opinion DC Locator will use evenly DCs from Site1, Site2 and Site3
upvoted 3 times
xrisimix
2 years, 2 months ago
A is correct answer If you have a domain controller that runs Windows Server 2008 or newer, you can make it possible for client computers that run Windows Vista or newer or Windows Server 2008 or newer to locate domain controllers more efficiently by enabling the Try Next Closest Site Group Policy setting. This setting improves the Domain Controller Locator (DC Locator) by helping to streamline network traffic, especially in large enterprises that have many branch offices and sites.
upvoted 3 times
Rel2002
2 years, 2 months ago
Its a tricky question. The question is repeated in q18 of this topid where it says that the gpo has connected to site 1. So thats definetaly a No. But I am affraid this one is wrong too.. because it says that all sites uses the DefaultIPSitelink.. so there are no different sitelink costs so this gpo setting still will take a random DC. So I am doubting.. any guru out there 😀
upvoted 2 times
rimvydukas
2 years, 1 month ago
Rel2002, you are right. Correct answer is B. There is only one site link. And for the GPO setting to work correctly we need several site links. Algoryth is the following: If you enable the Try Next Closest Site setting, DC Locator uses the following algorithm to locate a domain controller: Try to find a domain controller in the same site. If no domain controller is available in the same site, try to find a domain controller in the next closest site. A site is closer if it has a lower site-link cost than another site with a higher site-link cost. If no domain controller is available in the next closest site, try to find any domain controller in the domain.
upvoted 1 times
Jaybro
2 years, 3 months ago
Looks ok. See https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/enabling-clients-to-locate-the-next-closest-domain-controller
upvoted 2 times