An Active Directory (AD) environment has things like forests, trees, domains, organization units, and objects. After growing acquainted with these concepts, the next step on this learning journey is to understand AD sites.
What are AD sites?
AD sites are highly connected networks of IP subnets that define the physical structure of AD. These networks are highly reliable and fast, which is why it’s important to ensure that traffic for AD change replication does not slow down the entire network and does not put load on domain controllers. Every AD site is mapped to an AD domain, and an AD domain can have multiple sites mapped to it.
Each AD environment needs to have at least one AD site defined for itself. The first site gets created just as the first domain controller is created in the AD forest, and it’s called Default-First-Site-Name. A site can have domain controllers from more than one domain.
To strengthen our knowledge further, let’s go over a few terms you’ll need to know when discussing AD sites:
Subnets Subnets are associated with a range of IP addresses and are linked to a site. They identify and define the available IP addresses for a particular AD site. A site can be considered the collection of these well-connected and fast subnets.
AD site links
Site link objects are used to form links between AD sites so that replication can occur between them. The default site link is called Default-First-Site-Link, and it gets created when Active Directory is first installed in a forest. AD sites are manually linked to each other using site links. In this way, domain controllers can replicate changes amongst themselves from one site to another.
Site link bridge
A site link bridge is an AD object that connects a group of site links together. All the sites connected together can use the same transport channel for communication.
By default, site links are transitive in nature, i.e, if sites A and B are linked to each other and sites C and D are linked to each other, then sites A and C are also linked through a transitive connection. However, administrators have the option to disable the transitive nature of site links.
In instances where site link transitivity is enabled, the site link bridge gets automatically created between the sites. However, when it is disabled, admins need to create site link bridges manually.
There are continuous changes made in the AD infrastructure. It is important that, whenever a change happens in any domain controller, the other domain controllers get notified about it and are updated accordingly. This happens in AD through the process of replication.
The replication process in the AD environment can be one of two types: intra-site replication and inter-site replication.
a) Intra-site replication Replication takes place between the domain controllers that are part of the same site. It is based on the change notification and occurs automatically whenever an update happens on the domain controller. When a change or update is made to a domain controller, it notifies its replication partners about the change after waiting for a particular time interval. By default, the change notification is sent every five minutes.
On receiving the change notification, the closest domain controller partners will send a directory update request to the source domain controller. The source domain controller performs replication upon receiving the request and ensures that no changes are missed during the replication process.
b) Inter-site replication
Here, the replication takes place between domain controllers that are at different sites. Since, the replication here takes place between two different locations (DCs in different sites), the bandwidth is compressed, and AD gives admins the flexibility to schedule it.
Importance of AD sites
Here are a few benefits of AD sites:
1. AD sites provide better control over logon and authentication traffic by ensuring that the DC at the client side finds a DC on its own site by using the client’s IP address.
2. AD sites are a well-connected group of IP subnets, which makes it easier to define the physical structure of AD.
3. AD sites help to control and optimize replication traffic over WAN links better than Windows NT 4.0. Unlike Windows NT, which uses a single-master model of replication, AD sites use multi-master mode of replication where all the domain controllers are eligible for initiating replication processes. This prevents single-point-of-failure issues in the directory and optimizes and controls the replication traffic.
4. AD sites ensure that the network bandwidth of an organization does not get hampered by unnecessary traffic.
Managing Active Directory sites
Managing Active Directory sites is a crucial aspect of AD administration.
To gain control over sites, you can:
View AD sites: It helps administrators to be able to view all the sites created by them, which helps them in understanding what sites are available for carrying out which functions, including replication, and helps them in troubleshooting scenarios as well.
Delete AD sites and networks: Delete the sites that are no longer required by administrators in the network and maintain good network hygiene.
Modify AD sites: Administrators need the flexibility to modify sites in case the organization decides to redesign its network.
Add additional networks to the AD sites: Administrators need to be able to easily add more subnets or associate additional networks to the sites as and when required by the organization.
All these actions can be performed on the AD Sites and Services console, which can be accessed via the Administrative Tools folder by navigating to:
Grid tab > Microsoft Servers > Active Directory Domains
To ensure your organization’s Active Directory health is up to par, you need to monitor sites effectively. Sign up for a personalized demo with our product experts to learn how ManageEngine ADAudit Plus can help you monitor and secure your AD environment.