Published: February 25, 2008

The site design is the mapping of the physical network to the logical site construct within Active Directory. A site within Active Directory is a logical collection of one or more well-connected TCP/IP subnets. Sites are used to control directory replication by setting a schedule for inter-site replication. Sites also are used to direct client systems to network resources that are Active Directory–aware, and thus can be logically placed closest to these resources.

The following decisions need to be made:

• Should a physical location be directly correlated to a site?
• Can a physical location be grouped with other locations into a site?

Once the sites have been identified, the final tasks will be to map the TCP/IP subnets represented in a specific location to the corresponding site. The site design can be changed later if necessary.

Task 1: Create a Site for the Location

A site should be defined for any physical location in which domain controllers are being placed, as well as any physical location that contains resources or services that rely on site topology information to direct the client to the nearest requested resource.

For example, if numerous physical locations need to access file resources, these resources can be configured within a Distributed File System (DFS) environment. After placing the DFS servers that contain the resources in the physical locations, a site can be configured for each location. When a client accesses the DFS-based resource, the local DFS resource will be accessed, reducing WAN traffic and increasing performance for the resource access.

Finally, sites can be created to control which domain controllers handle authentication traffic for applications that have extremely high authentication requirements. Large Microsoft SharePoint® portal environments can generate significant domain controller/global catalog traffic. By creating a site specifically for the SharePoint servers and assigning specific domain controller/global catalogs to the site, administrators can control the authentication traffic of the portal solution.

For each site identified, record the site name and the IP subnets that are assigned to that site.

Task 2: Associate Location to Nearest Defined Site

For any remaining physical locations that have not been associated with a site within Active Directory, associate the subnets in that location to an existing site. The site selected should include a location that has the greatest WAN speed and available bandwidth to the location being configured. This approach will help direct client traffic generated within the location to the site having the greatest capacity to handle the additional traffic.

Record the assignment of the additional subnet information to the selected site.

Decision Summary

Each physical location should be examined and a decision should be made as to whether the location should be a new site within the directory or should be associated to another site. The subnets within each location should be assigned to the site in which they belong. Each domain controller should also be assigned to the proper site.

The site design needs to be completed for each forest.

Additional Reading

“Best Practices for Active Directory Design and Deployment” at https://www.microsoft.com/technet/community/columns/profwin/pw0302.mspx