Designing the Active Directory Structure

Previous Topic Next Topic

Creating a Site Topology Plan

An Active Directory site topology is a logical representation of a physical network. Site topology is defined on a per-forest basis. Active Directory clients and servers use the site topology of a forest to route query and replication traffic efficiently. A site topology also helps you decide where to place domain controllers on your network. Keep the following key concepts in mind when designing your site topology:

A site is a set of networks with fast, reliable connectivity.

A site is defined as a set of IP subnets connected by fast, reliable connectivity. As a rule of thumb, networks with LAN speed or better are considered fast networks.

A site link is a low-bandwidth or unreliable network that connects two or more sites.

Site links are used to model the amount of available bandwidth between two sites. As a general rule, any two networks connected by a link that is slower than LAN speed is considered to be connected by a site link. A fast link that is near capacity has a low effective bandwidth, and can also be considered a site link. Site links have four parameters:

Client computers first try to communicate with servers located in the same site as the client.

When a user turns on a client computer, the computer sends a message to a randomly selected domain controller of the domain in which the client is a member. The domain controller determines the site in which the client is located based on its IP address, and returns the name of the site to the client. The client caches this information and uses it the next time it is looking for a replicated server in the site.

Active Directory replication uses the site topology to generate replication connections.

The knowledge consistency checker (KCC) is a built-in process that creates and maintains replication connections between domain controllers. Site topology information is used to guide the creation of these connections. Intra-site replication is tuned to minimize replication latency, and inter-site replication is tuned to minimize bandwidth usage. Table 9.1 shows the differences between intra-site and inter-site replication.

Table 9.1 Intra-site vs. Inter-site Replication

Intra-site replication Inter-site replication
Replication traffic is not compressed to save processor time. Replication traffic is compressed to save bandwidth.
Replication partners notify each other when changes need to be replicated, to reduce replication latency. Replication partners do not notify each other when changes need to be replicated, to save bandwidth.
Replication partners poll each other for changes on a periodic basis. Replication partners poll each other for changes on a specified polling interval, during scheduled periods only.
Replication uses the remote procedure call (RPC) transport. Replication uses the TCP/IP or SMTP transport.
Replication connections can be created between any two domain controllers located in the same site.

The KCC creates connections with multiple domain controllers to reduce replication latency.

Replication connections are only created between bridgehead servers.

One domain controller from each domain in a site is designated by the KCC as a bridgehead server. The bridgehead server handles all inter-site replication for that domain.

The KCC creates connections between bridgehead servers using the lowest cost route, according to site link cost. The KCC will only create connections over a higher cost route if all of the domain controllers in lower cost routes are unreachable.


Site topology information is stored in the Configuration container.

Sites, site links, and subnets are all stored in the configuration container, which is replicated to every domain controller in the forest. Every domain controller in the forest has complete knowledge of the site topology. A change to the site topology causes replication to every domain controller in the forest.


note-icon

Note

Site topology is separate and unrelated to domain hierarchy. A site can contain many domains, and a domain can appear in many sites.

© 1985-2000 Microsoft Corporation. All rights reserved.