Active Directory uses multimaster replication, enabling any Windows 2000 domain controller in the forest to service requests, including modifications to the directory by users.

If there is a small deployment of well-connected computers, arbitrary selection of a domain controller may not cause problems. However, a deployment that comprises a Wide Area Network (WAN) could be extraordinarily inefficient when, for example, users in Sydney attempt to authenticate to domain controllers in New York using a dial-up connection. Active Directory Sites and Services can improve the efficiency of directory services for most deployments through the use of sites.

Authorized administrators provide information about the physical structure of the network by publishing sites to Active Directory using Active Directory Sites and Services. Active Directory uses this information to determine how to replicate directory information and handle service requests.

A site represents a region of uniformly good network access, which can be interpreted as being generally equivalent to local area network (LAN) connectivity. LAN connectivity assumes high, inexpensive bandwidth that allows similar and reliable network performance, regardless of which two computers in the site are communicating. This quality of connectivity does not indicate that all servers in the site must be on the same network segment nor that hop counts between all servers must be identical. Rather, it can be interpreted as the measure by which it is known that if a large amount of data needed to be copied from one server to another, it would not matter which servers were involved. If there is concern about such situations, consider creating another site.

Computers are assigned to sites based on their location in a subnet or in a set of well-connected subnets. Subnets provide a simple way to represent network groupings, much the same way that postal codes conveniently group mailing addresses. Subnets are formatted in terms that make it easy to post physical information about network connectivity to the directory. Having all computers in one or more well-connected subnets also reinforces the standard that all computers in a site must be well-connected, since computers in the same subnet typically have better connections than an arbitrary selection of computers on a network.

Sites facilitate:

  • Authentication. When clients log on using a domain account, the logon mechanism first searches for domain controllers that are in the same site as the client. Attempting to use domain controllers in the client's site first localizes network traffic, increasing the efficiency of the authentication process.

  • Replication. Directory information is replicated both within and among sites. Active Directory replicates information within a site more frequently than across sites. This balances the need for up-to-date directory information with the limitations imposed by available network bandwidth.

    Authorized administrators customize how Active Directory replicates information using site links to specify how the sites are connected. Active Directory uses the information about how sites are connected to generate Connection objects that provide efficient replication and fault tolerance.

    Authorized administrators provide information about the cost of a site link, times when the link is available for use and how often the link should be used. Active Directory uses this information to determine which site link will be used to replicate information. Customizing replication schedules so replication occurs during specific times, such as when network traffic is low, will make replication more efficient.

    Ordinarily, all domain controllers are used to exchange information between sites, but authorized administrators can further control replication behavior by specifying a bridgehead server for inter-site replicated information. Establish a bridgehead server when there is a specific server to dedicate for inter-site replication, rather than using any server available. Authorized administrators can also establish a bridgehead server when the deployment uses proxy servers, such as for sending and receiving information through a firewall.

  • Active Directory enabled services. Information such as service bindings and configurations can be made available through the directory, making administration and use of network resources easier and more efficient. Sites help structure and optimize distribution of service information, so the current information is available to clients and distributed efficiently throughout the network.

To create a site

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.

  2. Right-click the Sites folder, and then click New Site.

  3. In Name, type the name of the new site

  4. Click a site link object, and then click OK.

  5. Associate a subnet with a site for this newly created site.

  6. Move a domain controller from an existing site into this new site, or install a new domain controller.

  7. To choose a specific licensing computer, other than the one automatically selected, select another licensing computer.

  8. Delegate control of the site.

To delegate control

In Active Directory Sites and Services, authorized administrators can delegate control for the Subnets, Inter-site Transports, Sites, and Server containers. Delegating control of an object allows administrators to specify who has permissions to access or modify that object or it's child objects.

  1. Open Active Directory Sites and Services. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.

  2. Right-click the container whose control is to be delegated, and then click Delegate control to start the Delegation of Control wizard.

  3. Follow the instructions in the Delegation of Control wizard.