What you will learn:
Active Directory (AD) is a powerful and versatile directory service that allows for quite a bit of customization according to an organization’s needs. Part of the reason that makes AD a powerful tool is that it allows the AD network to be designed based on two distinctly different structures it possesses: a logical structure and a physical structure. The logical structure consists of forests, domains, etc. On the other hand, the physical structure is represented by the Domain Controllers (DCs), servers, physical subnets, etc. A Site is a means to represent the physical aspects of an AD network. In this article, we will dive deep into what are AD sites, subnets, and site links, and also see how each of them can be created through the Active Directory Sites and Services console. We will also touch on AD site replication and the benefits of creating AD sites.
What are AD sites?
AD sites are used for managing organizations that have branches spread across different geographical locations but fall under the same domain. It is a robust solution to geographically manage an AD network without changing any aspect of the logical structure of the environment. AD sites are physical groupings of well-connected IP subnets that are used to replicate information among domain controllers (DC) efficiently. AD sites can be imagined as a map that describes the best routes for carrying out replication in AD, thus making efficient use of the available network bandwidth. AD sites help to achieve cost-efficiency and speed. It also lets one exercise better control over the replication traffic and the authentication process. When there is more than one DC in the associated site that is capable of handling client logon, services and directory searches, AD sites can locate the closest DC to perform these actions. Sites also play a role in the deployment and targeting of group policies.In AD, the information about the topology is stored as site link objects. By default, the Default-First-Site-Name site container is created for the forest. Until another site is created, all DCs are automatically assigned to this site.
What are subnets?
Within sites, subnets are entities that help in grouping neighboring computer systems based on their IP addresses. So, every subnet is identified by a range of associated IP addresses, and a site is the aggregate of all well-connected subnets. Subnets could be based on either TCP/IPv4 or TCP/IPv6 protocol addresses.
What are AD site Links?
As the name implies, AD site links are used to establish links between AD sites, with the default site link being called Default-First-Site-Link. AD site links give the flow of the replication that takes place between sites. By configuring site link properties such as site link schedule, replication cost, and interval, inter-site replication can be managed to be more efficient.
Sites and Replication
In AD, when a change is applied to a specific DC, all other DCs in the domain are informed about the change and updated. This happens through the process of replication. Replication ensures that all the DCs in an AD environment are aware and updated on a change to any resource or policy in the AD network. Replication is an important functionality that keeps all DCs up to speed on network updates. To learn more about replication based on the site topology, check this article.
What is Active Directory Sites and Services?
Active Directory Sites and Services is an administrative tool that is used to manage sites and their related components. The tool comes with its own Microsoft Management Console (MMC) snap-in.
Active Directory Snap-in for Sites and Services
The Active Directory Sites and Services snap-in is a GUI tool that allows IT network administrators to configure Active Directory as a distributed network service. Although this GUI is almost irrelevant in a small, single-site network with just a few domain controllers, large networks with many sites, this snap-in becomes one of the essential administrative tools. The following are the administrative tasks that can be performed:
- Creating a new site and configuring replication within the site
- Configuring directory service (DS) objects and licensing site settings
- Adding servers, domain controllers, intersite links, and subnets to a site
- Moving and repairing domain controllers
- Delegating control of a site
Configuring Active Directory Sites and Services
The following is a partial list of tasks that can be managed using Active Directory Sites and Services:
- Creating sites
- Creating subnets and associating subnets with sites
- Creating site links
- Configuring site properties
- Moving servers between sites
How to create a site
The following steps illustrate how to create an AD site:
- Go to Start → Administrative Tools → Active Directory Sites and Services. The Active Directory Sites and Services Window opens.
- In the left pane, right click Sites and click on New Site.
- Give the new site a suitable name. Select DEFAULTIPSITELINK, and click OK.
You now have created a new AD site.
How to create a subnet
Now that an AD site other than the default site has been created, a subnet that specifies the site boundaries has to be created as well. The following steps illustrate how you can create a subnet:
- Go to Start → Administrative Tools → Active Directory Sites and Services. The Active Directory Sites and Services window opens.
- In the left pane, right-click Subnets and click New Subnet.
- Enter the address prefix using network prefix notation.
- Select a site object for this prefix, and click OK.
You now have created a new subnet.
How to create site links
To create a new site link, you perform the following steps:
- Go to Start → Administrative Tools → Active Directory Sites and Services. The Active Directory Sites and Services Window opens.
- In the left pane, expand the Sites container. Under Inter-Site Transports, right-click IP and click New Site Link.
- Enter a suitable name for the site link.
- Add the required sites, and click OK.
You now have created a new site link. To configure the properties of the new site link, you can follow these steps:
- Right click on the created site link and select Properties. Specify the values for cost and the replication interval, and/or change schedule.
- Then, click OK to apply the changes.
Benefits of creating AD sites
Creating AD sites has multiple benefits for an organization. Firstly, by creating sites, you can control the replication process as per your organization’s needs. AD replication is of two types: intra-site and inter-site replication. Intra-site replication occurs within five minutes of any change made to a DC’s local AD copy. This would require a lot of bandwidth. Inter-site replication does not require as much bandwidth as intra-site replication. You can thus schedule inter-site replication based on your organization’s low network traffic times for better efficiency. Another benefit of using sites is that with careful design of sites, you can ensure that logon traffic travels only to local DCs and not remote DCs in another site. Ultimately, AD sites ensure that your organization’s network bandwidth is not bogged down by unnecessary traffic making it inefficient.
