For GPO analysis, because a GPO can be linked with a site, I'm trying to determine what is the algorithm to determine the client site.
[MS-GPSO] 6.2.1.3 Site SOM Search and Response specifies:
After the GP Client has determined its Domain SOM, it then determines the site that the computer belongs to. The site to which the Client computer belongs (the SiteName) is detailed in [MS-DISO] section 4.3.1.1. Because the site can change based on the
GP client's location, this step must occur as part of policy processing
Then [MS-DISO] 4.3.1.1 Client Data Model specifies:
SiteName (Public): The client can retain the site that it has determined either through administrative configuration or dynamic discovery. Preserving the site name allows the client to use the site in the process of finding a "near" domain
controller (DC) during the location process. However, for clients that are mobile and may shift sites frequently (for example, a business traveler using a laptop), preserving the site may not help, or may require additional information such as network awareness
that are outside the scope of this document. Client implementations SHOULD incorporate site awareness and preserve the name of the site.
In short, the algorithm to determine a site is not written and is up to the client implementation.
However I'm trying to get the answer to the following questions:
- If there are many sites which has the same network definition, what site is chosen ?
- If a computer belong to 2 different sites, which one is chosen ? The subnet having the shortest prefix, or if a site has a DC and not the other one ?
- Are there a priority to use subnet, if ipv4 or ipv6 give different sites ?
- Are the default site chosen if there is no subnet matching the ip address ?
- Are there an exception for DC because their server object is defined in the site object (or its children) itself ?
In short, it is possible to have more insight on how the Windows client behave ?
Thanks in advance
