Hello, I am currently running a multi-site Windows 2008 R2 functional level domain between 2 sites. I have Sites and Services separated by subnets (172.17.0.0) and (172.16.0.0) and replication all works properly. This design works great to keep things local that should stay local, and to ensure policy goes to proper site. DNS is ADI. Clients point to local site DNS first, secondary site DNS second. Is there a way that I can ensure that if Site A's DCs are downed completely, we cross campus to Site B. With this simply work with my current design, pointing to second sites DNS, which references all DCs? To be fair, I haven't pulled a DC down to test, and it might work already, but since Server 2008 r2 won't broadcast it's services over the WAN link, I'm not certain. Basically, my question is... does Sites and Services steer a user to authenticate to local site, and then after not finding an available DC allow them authentication to other sites, OR does it restrict to authenticate ONLY at that site's specific DCs? Thanks, let me know if you need any more info. Eric

So, its actually DNS that contain SRV records which points the clients where to go for authentication. If you have a client in Site A and the DC fails, as long as your clients are configured with at least two DNS servers and one DNS server can respond, the client will be able to get to a DC that is still functioning. Not sure what you mean by "2008R2 won't broadcast it's services over the WAN link". What services are you referring to? broadcast? there are no services being broadcasted. Please elaborate. Guides and tutorials, visit ITGeared.com.

Sorry, what I meant was it's the client initiating the authentication via SRV records and not the server broadcasting out like a DHCP server would. You verified exactly my thoughts, much appreciated JM.