If the domain controller’s IP address does not map to any site in the forest, the domain controller’s server object is created in the site of the domain controller that provides the replication source for AD DS. When you add the Active Directory Domain Services server role to a server, a server object is created in the AD DS site that contains the subnet to which the server’s IP address maps.
Server objects are created in AD DS by applications or services, and they are placed into a site based on their IP address. However, if your forest will have multiple sites, you must create subnets that assign IP addresses to Default-First-Site-Name as well as to all additional sites. As long as this site is the only site in the directory, all domain controllers that you add to the forest are assigned to this site. When you add the Active Directory Domain Services server role to create the first domain controller in a forest, a default site (Default-First-Site-Name) is created in AD DS. The only requirement for an AD DS subnet is that the address prefix conforms to the IP version 4 (IPv4) or IP version 6 (IPv6) format. The term “subnet” in AD DS does not have the strict networking definition of the set of all addresses behind a single router. By associating a site with one or more subnets, you assign a set of IP addresses to the site. Other services, such as Active Directory Certificate Services (AD CS), Exchange Server, and Message Queuing, use AD DS to store objects that can use site and subnet information that make it possible for clients to locate the nearest service providers more easily.Ī subnet object in AD DS groups neighboring computers in much the same way that postal codes group neighboring postal addresses. By establishing sites, you can ensure that clients use domain controllers that are nearest to them for authentication, which reduces authentication latency and traffic on wide area network (WAN) connections. When a client logs on to a domain, it first requests a domain controller in its local site for authentication. Site information helps make authentication faster and more efficient. AD DS balances the need for up-to-date directory information with the need for bandwidth optimization by replicating information within a site whenever data is updated and between sites according to a configurable schedule. Sites help facilitate several activities, including: For example, if no users from a domain are physically located in a site, there is no reason to place a domain controller for that domain in the site.
You place domain controllers into sites according to where the domain data is needed. Using sitesĭomain controllers and other servers that use sites publish server objects in AD DS to take advantage of the good network connectivity that sites provide. Site objects and their contents are replicated to all domain controllers in the forest, irrespective of domain or site. Sites represent the physical structure of your network, while domains represent the logical structure of your organization. It is important to distinguish between sites and domains. You can also use Active Directory Sites and Services to manage sites in an Active Directory Lightweight Directory Services (AD LDS) configuration set. You can use the Active Directory Sites and Services snap-in to manage the site, subnet, and site link objects that combine to influence the replication topology. In fact, changes that you make to connection objects that the KCC creates automatically are ignored. You do not have to manage connection objects. The Knowledge Consistency Checker (KCC) creates these connection objects automatically on each domain controller. The replication topology itself consists of the set of connection objects that enable inbound replication from a source domain controller to the destination domain controller that stores the connection object. AD DS uses network topology information, which is stored in the directory as site, subnet, and site link objects, to build the most efficient replication topology.
Sites in AD DS represent the physical structure, or topology, of your network. Also helps you effectively manage sites and their implementation in Active Directory Domain Services. This article will help you to understand the basic concept of AD sites, subnets, and site.