为什么域控制器的 IP 地址应该映射到它所服务的站点？

我对此特定事件有疑问：

Index              : 865
EntryType          : Warning
InstanceId         : 5802
Message            : None of the IP addresses (192.168.254.17) of this Domain Controller map to the configured site 'North'.
                    While this may be a temporary situation due to IP address changes, it is generally
                    recommended that the IP address of the Domain Controller (accessible to machines in
                    its domain) maps to the Site which it services. If the above list of IP addresses is
                    stable, consider moving this server to a site (or create one if it does not already
                    exist) such that the above IP address maps to the selected site. This may require the
                    creation of a new subnet object (whose range includes the above IP address) which maps
                    to the selected site object.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {North, 192.168.254.17}
Source             : NETLOGON
TimeGenerated      : 11/10/2018 4:45:42 PM
TimeWritten        : 11/10/2018 4:45:42 PM
UserName           :

该事件被域控制器反复记录，该域控制器的 IPv4 地址当时未与其所服务的站点相关联，如在 Active Directory 站点和服务控制台上配置的那样。我通过创建/32映射到所服务站点的子网对象来抑制它，但我想知道实际后果。

• 为什么域控制器的 IPv4 地址应该映射到它所服务的站点？
• 为什么 Netlogon 要进行这样的测试？为什么一般都会建议这样做？
• 除了事件日志之外，这种配置不匹配会如何影响 Active Directory 基础设施？

虽然连接站点的网络基础设施只有几米长的光纤，并且具有低延迟和高带宽，但是为了在保持 IPv4 地址不变的情况下建立用户和域控制器之间的亲和性，还是创建了多个站点。这是容量管理的目的。

---

在测试环境下，几行 Windows PowerShell 代码可能会重现该问题。

DC1：

New-NetIPAddress -IPAddress 192.168.254.16 `
    -InterfaceAlias Ethernet -AddressFamily IPv4 `
    -Type Unicast -PrefixLength 24

Set-DnsClientServerAddress -InterfaceAlias Ethernet `
    -ServerAddresses @('192.168.254.17','192.168.254.16')

Import-Module ServerManager
Install-WindowsFeature -IncludeManagementTools ("AD-Domain-Services")

Import-Module ADDSDeployment
$dsrm_password = ConvertTo-SecureString 'Pa$$w0rd' -AsPlainText -Force
Install-ADDSForest `
    -DomainName 'contoso.com' `
    -InstallDns `
    -SafeModeAdministratorPassword $dsrm_password

#--------------

New-ADReplicationSite -Name 'North'
New-ADReplicationSite -Name 'South'
Get-ADReplicationSite -Identity 'Default-First-Site-Name' | `
    Get-ADObject | Rename-ADObject -NewName 'CPD'
New-ADReplicationSubnet -Name '192.168.0.0/16' -Site 'CPD'
New-ADReplicationSubnet -Name '192.168.0.0/18' -Site 'North'
New-ADReplicationSubnet -Name '192.168.128.0/18' -Site 'South'

New-ADReplicationSiteLink -Name 'CPD-North' `
    -SitesIncluded @('CPD', 'North') `
    -InterSiteTransportProtocol IP `
    -ReplicationFrequencyInMinutes 15 `
    -OtherAttributes @{'Options'=5}

New-ADReplicationSiteLink -Name 'CPD-South' `
    -SitesIncluded @('CPD', 'South') `
    -InterSiteTransportProtocol IP `
    -ReplicationFrequencyInMinutes 15 `
    -OtherAttributes @{'Options'=5}

Get-ADReplicationSiteLink 'DEFAULTIPSITELINK' | Remove-ADReplicationSiteLink

数据中心2：

New-NetIPAddress -IPAddress 192.168.254.17 `
    -InterfaceAlias Ethernet -AddressFamily IPv4 `
    -Type Unicast -PrefixLength 24

Set-DnsClientServerAddress -InterfaceAlias Ethernet `
    -ServerAddresses @('192.168.254.16','192.168.254.17')

Import-Module ServerManager
Install-WindowsFeature -IncludeManagementTools ("AD-Domain-Services")

Import-Module ADDSDeployment
$dsrm_password = ConvertTo-SecureString 'Pa$$w0rd' -AsPlainText -Force

Install-ADDSDomainController `
    -InstallDns `
    -SiteName 'North' `
    -DomainName 'contoso.com' `
    -SafeModeAdministratorPassword $dsrm_password `
    -Credential (Get-Credential)

#--------------

Get-EventLog -LogName 'System' -InstanceId 5802 -Newest 1