Finding a Computer’s Active Directory Site

Using a command-line interface

In the following command, replace <HostName> with the name of the host whose site you want to find.

> nltest /server:<HostName> /DsGetSite

To force a computer to use a particular site, modify the registry as follows:

> reg add HKLM\System\CurrentControlSet\Services\Netlogon\Parameters /v SiteName /t

REG_SZ /d <SiteName>

Using VBScript

Although you cannot use it directly from a scripting language such as VBScript, Microsoft provides a DsGetSiteName method that can be used by languages such as Visual Basic and C++ to retrieve site coverage information. In fact, the nltest command shown in the CLI solution is a wrapper around this method.

The IADsTools interface provides a wrapper around this method.

set objIadsTools = CreateObject("IADsTools.DCFunctions")

strSite = objIadsTools.DsGetSiteName("<HostName>")

Wscript.Echo "Site: " & strSite' This code forces the host the script is run on to use a particular site

' ------ SCRIPT CONFIGURATION ------

strSite = "<SiteName>"   ' e.g., Raleigh

' ------ END CONFIGURATION ---------

strNetlogonReg = "SYSTEM\CurrentControlSet\Services\Netlogon\Parameters"

const HKLM = &H80000002

set objReg = GetObject("winmgmts:root\default:StdRegProv")

objReg.SetStringValue HKLM, strNetlogonReg, "SiteName", strSite

WScript.Echo "Set SiteName to " & strSite

Each domain controller has a server object that is contained within a site. Clients are differentthey are associated with a site based on their IP address, and the corresponding subnet that it matches is in the Subnets container. The client site information is important because it determines which domain controller it will authenticate against. If the client’s IP address does not match a subnet range of any of the subnets stored in Active Directory, it will randomly pick a site to use, which means it could authenticate against any domain controller in the domain.

Finding the site that contains a client is an important first step when troubleshooting authentication delays or errors. If a client is experiencing significant delays, it could be that the client is authenticating with a random site because it is on a new subnet that has yet to be added to Active Directory. This may also result in a client authenticating over a slow WAN link.

You can bypass the part of the DC Locator process that determines a client’s site by hardcoding it in the Registry. This is generally not recommended and should primarily be used as a troubleshooting tool. If a client is experiencing authentication delays due to a misconfigured site or subnet object, you can hardcode its site so they temporarily point to a more optimal location (and domain controller).