Designing the Active Directory Structure
Designing the Active Directory Structure |
|
To create the site topology for a forest, you will take the physical topology of your network and create a more general topology based on available bandwidth and network reliability.
If you performed the physical partitioning exercise when you created your domain plan, you can use the site topology and domain controller placement plan that you created as a starting point for your site topology. If you skipped the physical partitioning exercise earlier in this chapter, it is recommended that you see "Determining the Number of Domains in Each Forest" and create a basic site topology now.
When creating your site topology, it is useful to have a complete map of the physical topology of your network. That map should include the list of physical subnets on your network, the media type and speed of each network, and the interconnections between each network.
To begin, create a list of sites on your network.
For each site you add to the plan, record the set of IP subnets that comprise the site. You will need this information later when you create the sites in the directory.
Note
Site names are used in the records that are registered in DNS by the domain locator, so they must be legal DNS names. It is recommended that you only use the standard characters A–Z, a–z, 0–9, and the hyphen (–) in site names.
Remember, clients will attempt to communicate with domain controllers in the same site as the client before trying to communicate with domain controllers in any other site. Any time bandwidth between a set of networks is plentiful enough that you do not care whether a client on one network communicates with a server on a different network, then consider those networks all to be in one site.
If a client is on a subnet that is not defined in the directory, it is not considered part of a site, and it selects randomly from all domain controllers for a particular domain. You might encounter situations where not all subnets are defined in the directory, such as when new subnets are being added to your network. To associate these clients with a site, create the two default subnets shown in Table 9.2 and then associate them with a site.
Table 9.2 Default Subnets
| Subnet ID | Mask | Description |
|---|---|---|
| 128.0.0.0 | 192.0.0.0 | Captures all clients on class B networks not yet defined in the directory. |
| 192.0.0.0 | 224.0.0.0 | Captures all clients on class C networks not yet defined in the directory. |
There is no default subnet for clients on a class A network.
Any time two networks are separated by links that are heavily used during parts of the day and are idle during other parts of the day, put those networks into separate sites. You can use the ability to schedule replication between sites to prevent replication traffic from competing with other traffic during high usage hours.
If your entire network consists of fast, reliable connectivity, the entire network can be considered a single site.
Next, connect sites with site links to reflect the physical connectivity of your network. Assign each site link a name.
Site links are transitive, so if site A is connected to site B, and site B is connected to site C, then the KCC assumes that domain controllers in site A can communicate with domain controllers in site C. You only need to create a site link between site A and site C if there is in fact a distinct network connection between those two sites.
For each site link you create, record the following information:
Replication polling only occurs during the scheduled period or periods over a seven-day interval. The default schedule on a link allows replication polling to happen throughout the seven-day interval.
Replication polling occurs at the specified interval when the schedule allows replication. The default polling interval is three hours.
If the site is only reachable via SMTP, select the SMTP transport. Otherwise, select the TCP/IP transport.
Assign a cost value to each site link to reflect the available bandwidth or cost of bandwidth as compared to other site links.
A backbone network that connects many sites can be represented by a single site link that connects many sites, instead of creating a mesh of links between sites. This is a useful way to reduce the number of site links that need to be created and managed if many links have the same characteristics. Figure 9.16 illustrates how a frame relay network that connects four offices can be represented as a single link, instead of a mesh of six individual links.
Figure 9.16 Single Link or Mesh of Links
Note
The replication schedule determines when a domain controller polls replication partners for changes. If a replication cycle is underway when the scheduled window closes, replication continues until the current cycle is complete.
Figure 9.17 shows the site topology for the Reskit company. The site naming convention uses a combination of region code, the code of the nearest airport, and an identifying number. Site link names include the names of the connected sites.
Figure 9.17 Reskit Company Site Topology
Table 9.3 shows the parameters for each site link in the Reskit site topology.
Table 9.3 Site Link Parameters for Reskit Site Topology
Site Link |
Transport |
Cost |
Polling Interval | Schedule |
|---|---|---|---|---|
| SEA01-YYZ14 | SMTP | 100 | 30 mins | 0500 to 0900 UTC daily |
| SEA01-CAI10 | IP | 100 | 30 mins | 2000 to 0400 UTC daily |
| SEA01-LHR03 | IP | 25 | 1 hr | (always) |
| LHR03-CAI10 | IP | 50 | 15 mins | 2000 to 0400 UTC daily |
Replication is scheduled to occur only during off-hours for the link between the manufacturing plant and headquarters. Replication is also scheduled for off-hours only between the regional office and other sites. Since the link cost between the regional office and the operations center is lower than the cost between the regional office and headquarters, the KCC attempts to make connections with bridgeheads in the operations center before making connections with bridgeheads in headquarters. The schedule for the link between headquarters and the operations center is wide open, but uses a longer polling interval to reduce traffic.
