DistributedNetworks DistributedNetworks

Active Directory  «Prev  Next»
Lesson 2 Active Directory sites
ObjectiveExplore the physical structure of Active Directory sites.

Replication and the physical structure of Active Directory Sites

Replication ensures that all directory information is available to all domain controllers and client computers across your entire network. However, many networks are composed of a number of smaller networks, or subnets, and the network links between these subnets may operate at varying speeds.
It is important to be able to control replication traffic and other types of traffic related to Active Directory across these various links. This is made possible in Active Directory by the use of sites.

Setting the frequency of replication updates

As you know, a site is an Internet Protocol (IP) subnet or a group of subnets joined by a fast link.
With Active Directory, the administrator sets the frequency of replication updates across the network. The administrator does this by first establishing site links[1] between the sites. As each site link is created, it is configured with a set of replication options that determine the replication topology. These include the site link cost, replication interval, and schedule. We will discuss site links more in the next lesson.

If you have a slow low-bandwidth link, replication traffic can slow down the network during the business day because of competition for resources. To avoid this, schedule replication between sites to take place after hours.

Designing a well-connected site

If a site in Active Directory is defined as one or more well-connected IP subnets, then a well-connected site depends largely on the speed and the traffic load of that particular network. For this reason, how well connected a site is must be defined by the administrator.
For a relatively small network, for example a small local area network (LAN) with perhaps 10 computers, a link offering 128 kilobytes per second (KBps) of available bandwidth may be fast enough, whereas for a very large network, a multilocation business or one with more than 500 computers, an output of 1.5 megabytes per second (MBps) may be too slow.

Understanding sites and subnets

A subnet is associated with a particular site when the site is created. Although a single site may contain multiple subnets, each subnet can belong to only a single site.

Sites and Subnets
Sites affect replication traffic and other forms of network traffic related to Active Directory, such as locating a domain controller in response to a request for logon authentication.
If a domain controller that offers the requested service is located locally in the client computer's site, the client is referred to that domain controller, thus using the faster connections within a site. The following Slide Show illustrates how sites conserve network bandwidth.

  1. Here we see local computers in two states, California and Texas.
  2. The slow wide area network (WAN) link connects the LANS together.
  3. Because they are defined as separate sites(A for California, and B for Texas), we conserve bandwidth over the slow link.

Defining Sites
Site objects define areas of good network connectivity. As a general guideline, you should create a site object for each area of the network that is separated from the rest of the network by a slow link. You must be a member of the Enterprise Administrators group to create and configure sites.

Site membership for clients and domain controllers

Site membership is determined differently depending on whether the computer is a client computer or a domain controller, as shown in thefollowing table:

Client Domain controller
Site assignment is established... when the user logs on during installation of Active Directory
Site assignment is changed... only when manually changed by the administrator; site assignment otherwise remains fixed

The importance of site membership for the domain controller

The site location of a domain controller is important to:
  1. Determine the placement of the domain controller in the replication sequence of Active Directory
  2. Authenticate logon, query the directory, and service requests from client computers

The first site: Default-First-Site-Name

When you create the first domain controller in a Windows 2000 network, the Active Directory Installation Wizard creates the initial physical structure, which consists of a single site.
The default name of this site is Default-First-Site-Name.
The Default-First-Site-Name site has an important role:
  1. It is automatically assigned the first domain controller.
  2. It is assigned additional domain controllers.
  3. It contains all IP subnets by default.

Configuration of sites and subnets

The configuration of sites and subnets depends on several factors, and there are multiple ways to resolve this issue. Review the Troubleshooter and the solution Microsoft has provided to this problem.


Your company, Acme Inc., has a headquarters office in Dallas and two branch offices, one in Austin and one in Los Angeles. The Dallas office has approximately 300 computers, Austin has 250, and Los Angeles has 250. The Dallas and Austin offices are connected by a T-1 line (1.5 MBPS). The Los Angeles office is connected to both Dallas and Austin by a one-channel ISDN(64K) link.


How would you recommend designing the site structure for this network? Click here to see the solution that Microsoft recommends.
In the next lesson, we will discuss replication in more detail and how the Active Directory uses the Knowledge Consistency Checker (KCC) to monitor the replication process.

[1]Site links: A relationship between two sites that allows replication to occur.