Overview of Active Directory Sites and Services

Applies To: Windows Server 2008

You can use the Active Directory Sites and Services snap-in to manage the site-specific objects that implement the intersite replication topology. These objects are stored in the Sites container in Active Directory Domain Services (AD DS).

Note

You can also use Active Directory Sites and Services to administer the replication of directory data among all sites in an Active Directory Lightweight Directory Services (AD LDS) configuration set.

In addition, Active Directory Sites and Services provides a view of the Services container, which you can use to view service-related objects that are published in AD DS.

The following sections provide detailed information about site management and service publication with Active Directory Sites and Services:

  • Site management

  • Service publication

  • Additional references

Site management

In your physical network, a site represents a set of computers that are connected by a high-speed network, such as a local area network (LAN). Typically, all computers in the same physical site reside in the same building or perhaps the same campus network.

In AD DS, a site object represents the aspects of the physical site that you can manage, specifically, replication of directory data between domain controllers. You can use Active Directory Sites and Services to manage the objects that represent the sites and the servers that reside in those sites.

Site objects and their related objects are replicated to all domain controllers in an AD DS forest. You can manage the following objects in Active Directory Sites and Services:

  • Sites

  • Subnets

  • Servers

  • NTDS Settings

  • Connections

  • Site links

  • IP and SMTP intersite transports

Sites

Site objects are located in the Sites container. You can use site objects to accomplish the following tasks:

  • Create new sites

  • Delegate control over sites by using Group Policy and permissions

In every site, there is an NTDS Site Settings object. This object identifies the intersite topology generator (ISTG). The ISTG is the one domain controller in the site that generates connection objects from domain controllers in different sites. It also performs advanced replication management tasks.

For more information about sites and the NTDS Site Settings object, see Understanding Sites, Subnets, and Site Links.

Subnets

Subnet objects identify the ranges of IP addresses within a site. You can use subnet objects to accomplish the following tasks:

  • Create new subnets

  • Associate subnets with sites

  • Provide a location for a site that can be used by the printer location tracking feature in Group Policy

For more information about subnets, see Understanding Sites, Subnets, and Site Links.

Servers

Server objects are created automatically when you add the Active Directory Domain Services server role. Servers represent domain controllers in the replication topology.

You can use server objects to accomplish the following tasks:

  • Identify domain controllers that will act as preferred bridgehead servers. You can use preferred bridgehead servers to control intersite replication so that it occurs only between those domain controllers that you specify and not between domain controllers that might be less able to handle intersite replication traffic.

  • Move servers between sites. If you create a new site and you have already installed domain controllers with IP addresses that map to the new site, you can move the domain controllers to the new site.

NTDS Settings

Every server object contains an NTDS Settings object, which represents the domain controller in the replication system. The NTDS Settings object stores connection objects, which make replication possible between two or more domain controllers.

You can use NTDS Settings objects to accomplish the following tasks:

  • Generate the replication topology. The Check Replication Topology command for the NTDS Settings object signals the ISTG to perform a check of all connections between domain controllers and add or remove any connections that are needed.

  • Enable or disable the global catalog on a server. When you enable the global catalog, the domain controller replicates the read-only directory partitions that make up the global catalog in the forest.

For more information about the global catalog, see Understanding the Global Catalog.

Connections

Replication partners of servers in a site are identified by connection objects. Replication occurs in one direction. A connection object for a server contains information about the other server (the "from" server) that sends replication to the first server. Connection objects store schedules that control replication within a site. By default, they automatically poll a replication partner for new changes once every hour. For intersite replication, connection objects derive their schedule from the site link object. You do not have to manage schedules on connection objects. Connection objects are created automatically by the replication system.

You can use connection objects to accomplish the following tasks:

  • Identify replication partnerships of servers in the site

  • Force replication over a connection, when you do not want to wait for scheduled replication or to test replication over a connection

Site links represent the flow of replication between sites. You can manage intersite replication by configuring site properties: over what time periods replication can occur, how often replication occurs within a certain time period, and the preferred routes between two sites.

You can use site link objects to accomplish the following tasks:

  • Add and remove sites that use the site link

  • Set the cost of replication over the site link, which determines the likelihood that replication occurs over this site link when there are multiple routes that replication could take to reach a destination site

  • Set the site link schedule, which determines the hours and days that replication is available (can occur) over the site link

  • Set the replication interval, which determines how often replication occurs over the site link when replication is available

For more information about using site links, see Scheduling Replication Between Sites.

IP and SMTP intersite transports

Replication uses remote procedure call (RPC) over either the IP transport or the Simple Mail Transfer Protocol (SMTP) transport. You can use SMTP to send replication within mail messages in environments where wide area network (WAN) links are not available. In this case, replication occurs according to the messaging schedule and not the site link schedule. By default, intersite replication uses the IP transport protocol to deliver replication packets. You can use the IP and SMTP Intersite Transport containers to accomplish the following tasks:

  • Create site links. You can add site links to the replication topology as needed to accommodate new sites.

  • Create site link bridges. Site links are bridged by default in AD DS, and they are not necessary in most deployments.

For more information about intersite transports, see Scheduling Replication Between Sites.

Service publication

Some services, such as Certificate Services, Message Queuing, and Exchange Server, publish information in the Sites container in AD DS automatically when they are installed. Other services can be published in the directory with programming interfaces.

Active Directory Sites and Services exposes published service-related objects in the Services node. This node is not visible by default. To view this node, open Active Directory Sites and Services, and then, on the View menu, click Show Services Node.

The objects in the Services node in Active Directory Sites and Services are published for use by the respective application administrators. For this reason, information about these objects is available in documentation for the service or application.

For more information about service publication in AD DS, see Service Publication (https://go.microsoft.com/fwlink/?LinkId=86230).

Additional references