Active Directory replication is the process of duplicating Active Directory information between domain controllers for the purpose of fault tolerance and redundancy. The multimaster replication model within Active Directory requires that domain controllers from each domain participate in the replication process for that domain, as well as replicating forest-wide schema and configuration information. The process of replicating the database and ensuring that updates occur in a timely manner requires you to define how this information is replicated within a domain and throughout the forest. Active Directory Sites are the means by which administrators can control replication traffic. Domain controllers that reside within the same site participate in intrasite replication. Domain controllers located in different sites will participate in intersite replication. Intrasite replication will transit changes to the Active Directory database almost as soon as they occur. Intersites replication occurs on a scheduled basis. Intersite replication traffic is also compressed by default the use of network bandwidth, intrasite replication traffic is not.
Active Directory is made up of separate logical and physical structures. The logical structure of Active Directory defines the logical grouping of Active Directory resources, consisting of forests, domains, trees, and OUs.
In contrast, the physical structure of Active Directory defines how information passes through the underlying local area network (LAN) and wide area network (WAN) topology of the network. Specially defining how Active Directory sites and domain controllers map to this physical structure.
You can view and manage Active Directory Sites and Services. Active Directory sites are based on IP subnets within a physical network. You will create these subnets within Active Directory based on the physical design of your network.
When clients log on to Active Directory, they use DNS to query the Active Directory site topology to locate the closet available domain controller and other network resources. Domain controllers use the site topology to established replication partners that provide efficiency and keep the Active Directory database consistent.
How to Configure Active Directory Sites?
When you install the forest root domain controller in an Active Directory forest, the Active Directory installations wizard creates a single site called Default-First-Site-Name, which you can see in the Active Directory Sites and Services tool. The forest root domain controller server object is placed within the servers folder of this site. As you will see later, the site can be renamed to more accurately reflect a physical location.
After you installed the first Active Directory domain controller within the Default-First-Site-Name container, you can customize the site configuration of Active Directory to allow replication to take place between appropriate domain controllers.
Active Directory Sites Characteristics
In general, Active Directory sites have the following characteristics:
- Sites are defined by IP subnets that are well-connected, which means that network infrastructure between them is fast and reliable. In most cases, an Active Directory site will map to a single LAN.
- Multiple sites will be joined together by site links. Intersite replication takes place along site links that you defined within Active Directory Sites and Services. In most cases, your Active Directory site links map to the WAN connections on your network.
- Sites organize the replication process by defining groups of servers that will replicate with each another using intrasite or intersite replication.
- During the logon process, each client queries site information within DNS to assist in determining appropriate domain controllers to be used for Active Directory authentication.
- Active Directory sites are independent of the logical structure of Active Directory. This means that a single site can contain multiple domains or a single domain can span multiple sites.
Planning your site topology should be a fundamental component of the Active Directory design process, and it should take place before any actual Active Directory deployment. Because sites are based on IP subnets and on LAN and WAN connections, establishing a site topology prior to installing domain controllers allows you to take advantage of the automatic placement of a domain controller in its appropriate site.
During the installation of a new domain controller, the domain controller will automatically be placed in the site corresponding to the network address portion of the domain controller’s IP address. However, if the appropriate sites have not been created in the Defualt-First-Site-Name container, and you will need to move it later manually.
This can lead to Active Directory clients attempting to authenticate against DCs that may reside in a remote physical location or be separated by slow WAN links. Creating sites according to your IP topology design before the Active Directory rollout saves time and effort and delivers a more robust Active Directory implementation to your end users.