Designing the Active Directory Structure |
An Active Directory site topology is a logical representation of a physical network. Site topology is defined on a per-forest basis. Active Directory clients and servers use the site topology of a forest to route query and replication traffic efficiently. A site topology also helps you decide where to place domain controllers on your network. Keep the following key concepts in mind when designing your site topology:
A site is defined as a set of IP subnets connected by fast, reliable connectivity. As a rule of thumb, networks with LAN speed or better are considered fast networks.
Site links are used to model the amount of available bandwidth between two sites. As a general rule, any two networks connected by a link that is slower than LAN speed is considered to be connected by a site link. A fast link that is near capacity has a low effective bandwidth, and can also be considered a site link. Site links have four parameters:
The cost value of a site link helps the replication system determine when to use the link when compared to other links. Cost values will determine the paths that replication will take through your network.
A site link has an associated schedule that indicates at what times of day the link is available to carry replication traffic.
The replication interval indicates how often the system polls domain controllers on the other side of the site link for replication changes.
The transport that is used for replication.
When a user turns on a client computer, the computer sends a message to a randomly selected domain controller of the domain in which the client is a member. The domain controller determines the site in which the client is located based on its IP address, and returns the name of the site to the client. The client caches this information and uses it the next time it is looking for a replicated server in the site.
The knowledge consistency checker (KCC) is a built-in process that creates and maintains replication connections between domain controllers. Site topology information is used to guide the creation of these connections. Intra-site replication is tuned to minimize replication latency, and inter-site replication is tuned to minimize bandwidth usage. Table 9.1 shows the differences between intra-site and inter-site replication.
Table 9.1 Intra-site vs. Inter-site Replication
Intra-site replication | Inter-site replication |
---|---|
Replication traffic is not compressed to save processor time. | Replication traffic is compressed to save bandwidth. |
Replication partners notify each other when changes need to be replicated, to reduce replication latency. | Replication partners do not notify each other when changes need to be replicated, to save bandwidth. |
Replication partners poll each other for changes on a periodic basis. | Replication partners poll each other for changes on a specified polling interval, during scheduled periods only. |
Replication uses the remote procedure call (RPC) transport. | Replication uses the TCP/IP or SMTP transport. |
Replication connections can be created between any two domain controllers located in the same site.
The KCC creates connections with multiple domain controllers to reduce replication latency. |
Replication connections are only created between bridgehead servers.
One domain controller from each domain in a site is designated by the KCC as a bridgehead server. The bridgehead server handles all inter-site replication for that domain. The KCC creates connections between bridgehead servers using the lowest cost route, according to site link cost. The KCC will only create connections over a higher cost route if all of the domain controllers in lower cost routes are unreachable. |
Sites, site links, and subnets are all stored in the configuration container, which is replicated to every domain controller in the forest. Every domain controller in the forest has complete knowledge of the site topology. A change to the site topology causes replication to every domain controller in the forest.
Note
Site topology is separate and unrelated to domain hierarchy. A site can contain many domains, and a domain can appear in many sites.