I've asked this question in the Directory Services forum, but realise that it's more of a DA than AD question, so asking it here too:
(The other topic: https://social.technet.microsoft.com/Forums/windowsserver/en-US/a9d82b7d-f6a4-482c-b229-9b5eec88a312/site-assignment-for-group-policy-for-direct-access-site-with-no-domain-controller?forum=winserverDS )
To recap:
I've setup a new AD Site for our Direct Access clients "Remote-Clients". We have only one other site, "Default...". The subnets are defined correctly. However, I've not assigned any specific DCs to the Site, as they can just use the DCs of our main site (we have no other sites, were previously using just one site for both local and remote clients).
Clients are able to process Group Policy just fine, except they still seem to be processing GPOs as clients of the main site.
i.e.,
- I run "nltest /getgetdc:domain" and 'Our Site Name' = Remote-Clients but 'Dc Site Name' = "Default....".
- I run "gpresult /r /scope computer" and 'Site Name' = "Default...."
- I check in the registry here: "HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteName\" and that's "Remote-Clients" (but the SiteName value is "Default...".
So, is this expected? Must I create and assign a DC (or two) to this new Site just so that I can get the clients to process for policy for their own site?
Digging further, I can actually watch the SiteName value being created, and being removed, as DA connects and disconnects. So I'm pretty sure that's what's setting it. Am I correct?
An extract of our GPO:
NB: A 3rd party setup our DA, and I don't support it. I need evidence to confirm that it's the DA config that's the cause of the problem, and where lies the resolution.
Suspect here: https://technet.microsoft.com/en-us/library/hh848435(v=wps.630).aspx and the -adsite parameter. Or via the GUI.