I have a fair small AD environment. DC1, 2 and 3 at main office and DC4 at the only branch office. 60 users at main and 5 at branch connected by a P2P T1. Everything is working fine. Today I ran the "Microsoft IT Environment Health" check, and got the errors against each DC. error 1:Error: The DC1 server does not contain an IP Address that can be authenticated from a defined subnet. error 2: Error: The DC1 domain controller does not have an IP address that matches the subnet definitions for the Default-First-Site-Name Active Directory site where the domain controller is located. So I went into AD Sites and Services console, and found out all 4 DCs are in "Default-First-Site-Name/Servers" folder, and it's empty in "Subnets" folder. Since we don't experience problems, I prefer NOT to change them. Do you see any potential problems here? The only thing I have seen is sometimes computers at main site would authenticate via the DC at branch office. Any advice is appreciated. Thanks Calvin

You should add approperiate subnets in Active Directory Sites and Services, all subnets from your company that uses AD authentication should be added (this way you will prevent warning / erros in event log). Addtionally I would create a new site forbranch office and move DC4 to it. Those operations are safe so you won't crash anything and in the result your AD will reflect real life design. Placing DC in proper sites is also important in respect to replication between DCs , login process [users should authenticate on their local DC], and site aware services like DFS for example. As a side note it is also recommended to rename default-first-site-name to something more meaningful With kind regards Krystian Zieja http://www.projectenvision.com Follow me on twitter My Blog

I agree with Krystian.Zieja.... However, to answer your question "Is creating Sites and Subnets a must in AD Sites and Services?", the answer is NO...its not required for AD to function. However, you will not be able to manage/control which DCs authenticate your users and/or replication traffic between sites.Visit: anITKB.com, an IT Knowledge Base.

Hello, you have to create two AD sites: one for the main office and the other for the branch office. Once created, add DC 1, 2 and 3 to the main office site and DC 4 to the branch office site. Also, create the used subnets and affect them to the correct site. Like that, all should be okay. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator