Recently we did a network analysis of the smaller sites where they do not have local AD servers and we found that a majority of the WAN traffic during office hours come from the AD servers from other sites (> 50% of the traffic is WAN related). This has contributed to the network congestion to the site. We saw port 445 (CIFS) which is normally used for file sharing is consuming high bandwidth but the source is showing DC names. Why this is showing that this is coming from the AD servers.
we crosschecked the GPO for any misconfiguration or any file server usage but no luck. what we found is that each user has diff logon script to connect to map network drive. Also there is no domain level DFS namespace
Could you please provide some guideline to troubleshoot this issue