When to establish a single or separate sites

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

When to establish a single or separate sites

You can optimize the replication efficiency and reduce the administrative overhead of your network by establishing sites appropriately. The most effective number of sites depends on the physical design of your network. When you first create a new forest, a single, default Active Directory site (called Default-Site-First-Name) is created that represents your entire network. A forest or domain consisting of a single site can be very efficient for a single location network connected completely by high-speed bandwidth. If your forest or domain contains multiple geographic locations that communicate over low-speed wide area network (WAN) connections, establishing multiple sites gives you more detailed control of replication behavior, reduces authentication latency, and reduces network traffic on the WAN.

For information about sites, see Sites overview.

For information about designing a site topology, see "Designing the Site Topology" at the Microsoft Windows Resource Kits Web site.

Why bandwidth is important

Within a site, bandwidth affects how efficiently replication can work. The frequency with which intrasite replication occurs requires high-speed bandwidth to function most effectively. So before you a create new site, you should make sure that high-speed bandwidth connects all computers within the site candidate. Any area where domain controllers are connected by 10 megabits per second (Mbps) or more of bandwidth is a good site candidate.

When to establish a single site

If you have a single LAN consisting of a single subnet, or if your network contains multiple subnets connected by a high-speed backbone, establishing a single site replication topology can provide the following benefits:

  • Simplified replication management

  • Prompt directory updates between all domain controllers

A single site topology allows all replication on your network to occur as intrasite replication, which requires no manual replication configuration. A single site design also allows all domain controllers to remain very current with respect to directory changes, because directory updates are replicated almost immediately. For more information, see Replication within a site. For information about creating sites, see Create a site.

When to establish multiple sites

When your network consists of multiple geographic locations connected by a WAN, establishing separate sites for each location provides the following benefits:

  • Efficient use of WAN bandwidth for replication

  • Detailed control of replication behavior

  • Reduction in authentication latency

Physically separate network locations typically communicate over WAN connections, which are most often characterized by low-speed bandwidth. By creating a separate site for each physical location on your network, you ensure that domain controllers communicating over WAN connections use intersite replication, which is specifically designed for efficiency on low bandwidth connections. For more information, see Replication between sites.

With multiple sites, you have more detailed control of replication behavior through several configurable intersite replication settings. These settings include the relative cost of different replication paths, the domain controllers associated with each site, the subnets associated with each site, the frequency of directory update transfers, and the availability of connections for use by replication. For more information, see Managing replication.

A network client logging on to a domain must contact a domain controller as part of the authentication process, first looking within its own site. If the site includes two or more physically separate network locations, the client may authenticate against a domain controller across a WAN connection. Authentication across a WAN introduces a delay in the authentication process. By placing physically separate network locations into separate Active Directory sites, you can ensure that clients first attempt to authenticate against a domain controller in their own site.