We have successfully set up DSfW, and successfully added computers to the domain, and moved a dozen or so users into domain. So we added an additional DC at a different location, and noticed that we sometimes got long delays when logging in at the original location, because sometimes the workstation would decide to authenticate to the server at the other location, instead of the one on the local network.

Reading up on how this is dealt with in a "native" AD setup, I quickly found that I should define additional Sites in MMC, assign a subnet to the Sites, and then workstations would default to authenticating to the servers that are assigned to their subnet.

Here's the Technet document that explains this:
Understanding Sites, Subnets, and Site Links

I had no problems defining the Sites and subnets in MMC, but when I tried to move the Servers into the appropriate Sites, I get an error:
Windows cannot move object <servername> because
The operation affects multiple DSAs.

Looking at the objects in ConsoleOne, I'm told that "You can only move container objects that are partitions", which might explain why MMC wasn't able to move the object.

So the question is - is the Sites/Subnets approach the right solution to avoid authentication happening over the WAN when there is a local DSfW/AD server available?

If it is the right approach, how do I go about moving my DSfW/AD into the appropriate Site? If the Move command just isn't going to work, can I just "demote" the DSfW server, and then promote it again, or do I need to uninstall it and re-install it. (The Microsoft documentation says "When you add the Active Directory Domain Services server role to a server, a server object is created in the AD DS site that contains the subnet to which the server's IP address maps", but I'm not sure that applies to a DSfW server).

Any advice would be appreciated - I really don't want to go any further with this until this issue is resolved.