Active Directory Sites

Active Directory (AD) sites, which consist of well-connected networks defined by IP subnets that help define the physical structure of your AD, give you much better control over replication traffic and authentication traffic than the control you get with Windows NT 4.0 domains. Because AD relies on IP, all LAN segments should have a defined IP subnet. This makes creating your AD site structure straightforward; you simply group well-connected subnets to form a site.

Creating AD sites benefits you in several ways, the first of which is that creating these sites lets you control replication traffic over WAN links. This control is important in Windows 2000 because any Win2K domain controller (DC) can originate changes to AD. To ensure that a change you make on one DC propagates to all DCs, Win2K uses multimaster replication (instead of the single-master replication that NT 4.0 uses). You might think that multimaster replication would make it difficult to plan for AD replication’s effect on your WAN links, but you can overcome this obstacle using AD sites.

AD employs two types of replication: intra-site replication, which occurs between DCs that are members of the same site, and inter-site replication, which occurs between DCs at different sites. Intra-site replication requires high bandwidth because it’s based on change notification and because it initiates within 5 minutes of any change that occurs to a DC's local copy of the AD. With inter-site replication, bandwidth is limited because it occurs over WAN links. Inter-site replication is usually compressed to conserve bandwidth, and you can schedule it to occur during periods of low network utilization. In an NT 4.0 domain environment, you have to adjust registry parameters to gain such control.

Another important advantage of using sites in your AD design is that the AD site structure ensures that logon traffic doesn’t travel over WAN links to remote DCs. Because the system stores site information in the DNS zone file, a client can locate a DC at its local site when it needs one for authentication purposes. This feature is a great improvement over WINs queries under NT 4.0, which randomly return a list of DCs.

Finally, because Microsoft Dfs is site-aware, it will direct clients to shared folders at their own sites when available. As AD- and site-aware third-party applications emerge, they will be able to take advantage of this functionality as well.

AD sites are crucial for keeping unnecessary traffic out of your WAN links. In an upcoming column, I'll discuss other important issues you need to consider when designing sites, including Global Catalog (GC) server placement.

TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.