DistributedNetworks DistributedNetworks


Active Directory  «Prev 

Why sites are useful

What is a site? A site is one or more IP subnets connected by a high-speed link, as shown here:
This is a site

What consequences are there of partitioning or not partitioning?
Consider a user at a branch office, whose LAN is connected to the main office by a 56K modem link. Without sites, when he attempts to log on to the network, his computer could use any domain controller (DC) on the network to authenticate his username and password. If a DC on the other side of the 56K link is used, this will result in slow performance and congestion of the link. With sites, his computer would look for a local DC, which results in a faster logon for him, and he doesn't use up sparse bandwidth on the wide area link. Sites are also used in determining frequency of replication of Active Directory information from one domain controller to another, to further cut down on excessive usage of bandwidth over the slow links.

What do you think?

  1. What potential do sites hold for you as an administrator?
  2. Have there been situations where sites could have helped you administer a network better.

Sites

An Active Directory site is generally defined as a collection of well-connected AD subnets. You use sites to group subnets together into logical collections to help define replication flow and resource location boundaries. Active Directory uses sites directly to generate its replication topology, and also to help clients find the nearest distributed resources to use in the environment (such as DFS shares or domain controllers).
The client's IP address is used to determine which Active Directory subnet the client belongs to, and then that subnet information, in turn, is used to look up the AD site. The site information can then be used to perform DNS queries via the DC locator service to determine the closest domain controller or Global Catalog.
Most members of a domain dynamically determine their site when they start up, and they continue to validate what site they are in in the background. This allows administrators to make modifications to the site topology and have them take effect properly in relatively short order with the least amount of manual work. Domain controllers, on the other hand, select their site when they are promoted and will not automatically change unless an administrator wants them to become part of another site.

Moving a domain controller to another site is an administrative task that is most easily performed via the Active Directory Sites and Services tool. By default, there is one site defined in Active Directory, the Default-First-Site-Name site. If there are no subnet objects defined, all members of the domain are magically assumed to be part of this initial site, or any other single defined site if you have replaced the default site with another site. Once there are multiple site objects, or after subnet objects are defined and assigned, the magic feature goes away and subnet objects must be defined for the subnets in which domain members reside. There is nothing special about this initial site other than that it is the first one created; you can rename it as you see fit.
You can even delete it, as long as you have created at least one other site and moved any domain controllers located within the Default-First-Site-Name site to another site.
Multiple sites can be defined for a single physical location. This can allow you to better segregate which resources are used for which requestors. For instance, it is common practice in large companies to build a separate site just to harbor the Microsoft Exchange 2000 and 2003 servers and the global catalogs that are used to respond to Exchange and Outlook queries. This allows an administrator to easily control which GCs are used without having to hardcode preferred GC settings into Exchange. You can define the subnets as small as you need them, including down to a single IP address (32-bit subnet), to place servers in the proper site.