Understanding about sites,subnets and site links
Sites overview
Sites in AD DS
represent the physical structure, or topology, of your network. AD DS uses
network topology information, which is stored in the directory as site, subnet,
and site link objects, to build the most efficient replication topology. The
replication topology itself consists of the set of connection objects that
enable inbound replication from a source domain controller to the destination
domain controller that stores the connection object. The Knowledge Consistency
Checker (KCC) creates these connection objects automatically on each domain
controller.
Note :
You do not have to manage connection objects. In fact, changes that you make to connection objects that the KCC creates automatically are ignored.
You can also use Active Directory Sites and Services to manage sites in an Active Directory Lightweight Directory Services (AD LDS) configuration set.
You can use the
Active Directory Sites and Services snap-in to manage the site, subnet,
and site link objects that combine to influence the replication topology.
It is important to
distinguish between sites and domains. Sites represent the physical structure
of your network, while domains represent the logical structure of your
organization. Site objects and their contents are replicated to all domain
controllers in the forest, irrespective of domain or site.
Using sites
Domain controllers and
other servers that use sites publish server objects in AD DS to take
advantage of the good network connectivity that sites provide. You place domain
controllers into sites according to where the domain data is needed. For
example, if no users from a domain are physically located in a site, there is
no reason to place a domain controller for that domain in the site.
Sites help facilitate
several activities, including:
- Replication . AD DS balances the need for up-to-date directory
information with the need for bandwidth optimization by replicating
information within a site whenever data is updated and between sites
according to a configurable schedule.
- Authentication . Site information helps make authentication faster and
more efficient. When a client logs on to a domain, it first requests a
domain controller in its local site for authentication. By establishing
sites, you can ensure that clients use domain controllers that are nearest
to them for authentication, which reduces authentication latency and
traffic on wide area network (WAN) connections.
- Service location . Other services, such as Active Directory Certificate
Services (AD CS), Exchange Server, and Message Queuing, use
AD DS to store objects that can use site and subnet information that
make it possible for clients to locate the nearest service providers more
easily.
Associating sites and
subnets
A subnet object in
AD DS groups neighboring computers in much the same way that postal codes
group neighboring postal addresses. By associating a site with one or more
subnets, you assign a set of IP addresses to the site.
Note :
The term "subnet" in AD DS does not have the strict networking definition of the set of all addresses behind a single router. The only requirement for an AD DS subnet is that the address prefix conforms to the IP version 4 (IPv4) or IP version 6 (IPv6) format.
When you add the
Active Directory Domain Services server role to create the first domain
controller in a forest, a default site (Default-First-Site-Name) is created in
AD DS. As long as this site is the only site in the directory, all domain
controllers that you add to the forest are assigned to this site. However, if
your forest will have multiple sites, you must create subnets that assign IP
addresses to Default-First-Site-Name as well as to all additional sites.
Assigning computers to
sites
Server objects are
created in AD DS by applications or services, and they are placed into a
site based on their IP address. When you add the Active Directory Domain
Services server role to a server, a server object is created in the AD DS
site that contains the subnet to which the server's IP address maps. If the
domain controller's IP address does not map to any site in the forest, the
domain controller's server object is created in the site of the domain
controller that provides the replication source for AD DS.
Note:
Server objects are not created in Default-First-Site-Name by default unless there are no other sites in the forest.
For a client, site
assignment is determined dynamically by its IP address and subnet mask during
logon.
Locating domain
controllers by site
Domain controllers
register service (SRV) resource records in Domain Name System (DNS) that
identify their site names. Domain controllers also register host (A) resource
records in DNS that identify their IP addresses. When a client requests a
domain controller, it provides its site name to DNS. DNS uses the site name to
locate a domain controller in that site (or in the next closest site to the
client). DNS then provides the IP address of the domain controller to the
client for the purpose of connecting to the domain controller. For this reason,
it is important to ensure that the IP address that you assign to a domain controller
maps to a subnet that is associated with the site of the respective server
object. Otherwise, when a client requests a domain controller, the IP address
that is returned might be the IP address of a domain controller in a distant
site. When a client connects to a distant site, the result can be slow
performance and unnecessary traffic on expensive WAN links.
Connecting sites with
site links
Networks usually
consist of a set of local area networks (LANs) that are connected by WANs. In
AD DS, site link objects represent the WAN connections between sites.
Whereas replication within a site is triggered automatically when a directory
update occurs, replication between sites (over slower, more expensive WAN
links) is scheduled to occur every 3 hours. You can change the default
schedule to occur during the periods that you specify, and at the intervals
that you specify, so that you can control WAN link traffic.
No comments:
Post a Comment