What is Subnet Netmask Ordering

Four things define whether a client talks to a remote DC
1.AD sites (if there is no DC in the site it will select randomly)
2.Costed sites. if you no not cost the sites correctly then you will have issues as they all cost the same so it does not care
3.If the subnet in question is defined in a site,it will talk to the DCs in that site (if the subnet is not defined in a site it will broadcast a request, First DC that answers, wins)

4.Subnet netmask ordering – this is primarily around where the client gets the group policy files from (which will cause a login event on the remote DC if it is getting the files from there)
Basically , by default subnet netmask ordering is a class C subnet.


Description of the netmask ordering feature and the round robin feature in Windows Server 2003 DNS

(Ignore the fact it is 2003)

How ‘netmask ordering’ feature in DNS affects the resultant queries

So how does this relate to group polices?

Simple that’s how the client decides to select the “right” Domain Controller to talk to….just for group policies… It takes no notice of sites and subnets!

So if there are any DCs on your Cass C subnet  (/24) it will always present those first.

Simples eh!

err no

If there are no DCs  in the subnet mask, then it will Round Robin.


So to explain 4. better

By default subnet mask ordering is a class C subnet.

Basically its absolutely rubbish if you want multiple sites.

Lets take an example

4 Sites, each with a /24. You have a DC in each site

Sweet you think: “my subnet mask is a /24, therefore everything will work fine”

Is that right? Yes it is!

Then you decide head office needs another VLAN an another /24.

Simple you think, add the subnet into the head office site and your good to go. Its a /24 subnet mask is the same

Is that right? No!

Those devices in the new /24 look in the subnet for a DC and can’t find one, so it will round robin, through all DCs in the domain!

So you think OK, I will change my subnet mask to a /23, that will sort it!
Is that right? Maybe!

So lets look at an example of your 4 offices

London 192.168.0/24

Paris 192.168.10/24

Rome 192.168.11/24

New York 192.168.12/24

So will expanding London , adding in 192.168.1/24 and changing the subnet mask to /23 for everybody. Will that work?

Ah no, well sorta, It will work for London

Will it work for Paris? nope the DCs in Paris and Rome now are in the same subnet mask, so both DCs will be preferentially round robined.

So it will also not work for Rome for the same reason.

What about New York? Well yes for now, as no-one is using 192.168.13/24


Does that help?



Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.