My organization has two main regions (USA and India). I currently have ADDS/DNS servers in both regions. I have two private apps configured for ADDS. One of them is directing traffic to the India ADDS servers using the local NPAs, the other is doing the same for USA.
I have a prelogin user that has access to both private apps.
I also have a DNS private app defined (*._http.domain.local, *._kkdcp.domain.local, etc) but it only uses the USA publishers.
With this configuration, our USA users are working fine with very little lag on computer startup and login. Our India users, however, are experiencing very long startup and login times.
My question is, what is the proper way of configuring AD and DNS access for clients when the organization is multi-regional and you want the client to always access the closest ADDS/DNS servers?
Some solutions I am considering are:
- Divide each region’s users into separate groups and give them only access to their local ADDS server. This however does not solve the DNS problem as that is defined using the above nomenclature and is not region specific). It also will cause the user issues if they ever travel to the opposite region
- Create a separate client configuration profile with a different prelogin user. Similar to #1 but this would help with the startup lag issue.
- Add all local NPAs to the DNS private app configuration. However I do not know how the private app selects the NPA to use in this specific instance. Does it just round robin through them? (This would actually be worse as then my USA users may end up using a India NPA to access a USA AD server)...Or does the private app somehow figure out the best path and stitch to the closest NPA by user location?
Please let me know what you all have done if you have a similar situation. I can’t imagine this is an uncommon setup.
Thank you,
Jason
Best answer by elawaetz
View original