3. Configuring Sites
Sites represent collections of forest member
computers that have high speed network connectivity between them. This
typically means that the computers are located at the same geographical
location, but this does not have to be so. The key requirement is that
all members of the site have high-speed network connectivity between
them. Sites can contain DCs, servers, and desktop computers. These
systems may be all from the same domain or from multiple domains in the
same forest. Systems from different forests cannot be in the same AD
site. (They may, of course, be in the same physical location.), For
example, a site may consist of six servers in Boston, two DCs and 300
desktops in New York, and 100 desktops in Jersey City if all of the
computers are members of the same forest. If, however, 50 of the
desktops in Jersey City and 10 of the New York desktops are members in a
different forest they cannot be members of the same site with the other
desktops and the two DCs.
Creating and configuring sites entails using the AD Sites and Services administration tool
to add a site, and then moving DCs and computers to the new site. When
you create and configure sites, your network realizes several important
benefits, including the following:
Authentication may improve because it does not have to take place across the WAN.
Replication is more frequent within sites, as opposed to between them. This means less replication traffic on the WAN.
Services and the location of DCs is site-sensitive and, therefore, should be more efficient.
Multiple sites can make the most efficient use of bandwidth for replication, improve granular replication control
, and reduce authentication latency
. Granular replication control is the
ability that sites provide to control replication at a lower level. For
example, when all computers are in one site, replication occurs across
all DCs under the control of AD. When multiple sites are created,
replication between sites can be scheduled and administered by
administrators. Authentication latency
is the delay caused when users must authenticate across a wide area
network. User Joe, for example, may be sitting at his desktop in New
York, but his credentials may have to travel across the network to Los
Angeles, even though a DC may be present in New York. If a New York site
is created and both the DC and Joe's desktop are placed in the site,
the local DC will most likely be used because the authentication process
attempts to locate a DC in the same site as the logon user's computer.
Thus, the process has been speeded up.
Clients are dynamically assigned to sites by their IP address and subnet mask during logon.
DC site membership is determined by the location of the associated server object in AD.
If these benefits will improve your network
functionality, determine the sites that should be created and which
computers will be in which sites, and then create and configure the
sites. Sites can also be modified to keep up with changes in your
network.
3.1. Creating, configuring, and modifying sites
To create a site, begin by opening Start →
Administrative Tools → AD Sites and Services. Right-click the Sites node
and then click New Site. Enter the name for the new site. Select a site
link object as shown in Figure 5
and then click OK. (A site-link object defines the protocol and
scheduling required for linking two sites. Use the Default Site Link
Object unless you have defined a site link object specifically for this
connection.) When prompted, click OK to complete the creation of the
site.
To add additional sites, begin by creating new
site as just explained. Ensure that the site is connected to at least
one other site via a site link, as shown in Figure 7-5.
After creating the sites, you must configure them.
To configure site links, begin by opening AD
Sites and Services. Expand the Inter-Site Transports node. Right-click
the site link and select Properties, which results in the screen shown
in Figure 6.
Enter a site link cost in the Cost field. The
Cost field is used if multiple network paths (and hence multiple site
links) exist. Multiple network paths are often configured for
redundancy. The Cost field is assigned a number based on the speed and
perhaps the actual monetary cost of the link. If the speed is slow, or
the monetary cost high, a high number is assigned. Cost field numbers
are relative (that is, a slow network link such as dial-up might be
assigned the number 500, but a high-speed connection such as a T-1 line
might be assigned the number 100). A low-cost site link will be used in
preference to a high-cost link. For example, if two site links (dial-up
and T-1) exist and are assigned a cost as described previously, the T-1
link will be used if it is available or if both links are available.
Click the Change Schedule button to enter a site link schedule, which represents the times at which the site link is available for replication. In the Replicate every field enter a site link replication frequency, which is the frequency at which replication should occur. Finally, click OK.
Sites must be defined in AD by identifying the
TCP/IP subnets at their location(s). To do so, you add the subnet
information to the subnet node and associate (or identify) the site
where the subnet is located. This information is used by AD in many
ways. For example, when user Joe attempts to log on, the authentication
process uses his TCP/IP information to determine which subnet (and,
therefore, which site) he is located in. The site information is then
used to locate a DC in the same site if one exists.
To create a subnet and associate a subnet with a
site, begin by opening AD Sites and Services and then expand the Sites →
Subnets node. Right-click the Subnet node and select "New subnet."
Enter the new subnet address and subnet mask. Select the site object for
the subnet as shown in Figure 7, and then click OK.
If DCs are physically located in the area served
by a site but were created before the AD site was created, use the AD
Sites and Services console to move the DC to the new AD site. If DCs are
moved to from one site to another, use the AD Sites and Services
console to move the DC to the new site.
To move DCs to the site, begin by opening AD
Sites and Services. Right-click on the DC to move and select Move.
Select the site as shown in Figure 8 and click OK.
The site-licensing server for a site is used to
help an organization comply with the license agreements for Windows
Server 2003. Noncompliance can result in heavy fines. The site-licensing
server collects license information using the License Logging service.
Each server uses this service to replicate its information to a
centralized database on the site license server. Licensing information
is essential for proving compliance with your Microsoft licensing
agreement. Since a site administrator can use the Licensing console to
view the licensing history for the site, using this tool makes this job
easier. The site licensing server is usually the first domain controlled
created for the site.
To create a site licensing server in a site,
begin by selecting the site. Double-click the Licensing Site Settings
object in the detail pane to open its properties. Click the Change
button. Use the object picker to select the computer. Click OK.
A bridgehead server
for a site is the server used for AD replication between sites. Each
replication transport can have its own bridgehead server. Creating
bridgehead servers
establishes more control over replication. In addition, because the DC
used for replication between sites is designated, you can ensure that it
is adequately provisioned for this extra activity.
To create a bridgehead server, begin by opening
AD Sites and Services. Expand the site container. Right-click the server
that will be a bridgehead server and click Properties. Select the
General tab, then select the transport for which the server will be a
bridgehead server. Click Add, as shown in Figure 9 to move the transport. The server is now a bridgehead server for that transport in its site.
Now that you have correctly configured your sites, you are ready to correctly position the operations masters within the domain.
