Sites overview

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Sites overview

Sites in Active Directory® represent the physical structure, or topology, of your network. Active Directory uses topology information, stored as site and site link objects in the directory, to build the most efficient replication topology. You use Active Directory Sites and Services to define sites and site links. A site is a set of well-connected subnets. Sites differ from domains; sites represent the physical structure of your network, while domains represent the logical structure of your organization.

Using sites

Sites help facilitate several activities within Active Directory, including:

  • Replication. Active Directory balances the need for up-to-date directory information with the need for bandwidth optimization by replicating information within a site more frequently than between sites. You can also configure the relative cost of connectivity between sites to further optimize replication. For more information, see Replication between sites and Managing replication.

  • Authentication. Site information helps make authentication faster and more efficient. When a client logs on to a domain, it first searches its local site for a domain controller to authenticate against. By establishing multiple sites, you can ensure that clients authenticate against domain controllers nearest to them, reducing authentication latency and keeping traffic off WAN connections.

  • Active Directory-enabled services. Active Directory-enabled services can leverage site and subnet information to enable clients to locate the nearest server providers more easily. For information about services, see Services.

Defining sites using subnets

In Active Directory, a site is a set of computers well-connected by a high-speed network, such as a local area network (LAN). All computers within the same site typically reside in the same building, or on the same campus network. A single site consists of one or more Internet Protocol (IP) subnets. Subnets are subdivisions of an IP network, with each subnet possessing its own unique network address. A subnet address groups neighboring computers in much the same way that postal codes group neighboring postal addresses. The following figure shows several clients within a subnet that defines an Active Directory site.

Several clients contained within a subnet

Sites and subnets are represented in Active Directory by site and subnet objects, which you create through Active Directory Sites and Services. Each site object is associated with one or more subnet objects.

For information about creating sites, see Create a site.

For information about creating subnets, see Create a subnet.

For information about subnets, see "Introduction to TCP/IP" at the Microsoft Windows Resource Kits Web site.

Assigning computers to sites

Computers are assigned to sites based on their Internet Protocol (IP) address and subnet mask. Site assignment is handled differently for clients and member servers than for domain controllers. For a client, site assignment is dynamically determined by its IP address and subnet mask during logon. For a domain controller, site membership is determined by the location of its associated server object in Active Directory. For more information, see "Active Directory Replication" at the Microsoft Windows Resource Kits Web site.

For information about associating subnets with sites, see Associate a subnet with a site.

For information about establishing single or multiple sites, see When to establish a single or separate sites.

Understanding sites and domains

In Active Directory, sites map the physical structure of your network, while domains map the logical or administrative structure of your organization. This separation of physical and logical structure provides the following benefits:

  • You can design and maintain the logical and physical structures of your network independently.

  • You do not have to base domain namespaces on your physical network.

  • You can deploy domain controllers for multiple domains within the same site. You can also deploy domain controllers for the same domain in multiple sites.

Active Directory sites overview

For more information about domains, see Domains.