Lead Image © Allan Swart, 123RF.com

Lead Image © Allan Swart, 123RF.com

Managing Active Directory sites and subnets

Divide and Conquer

Article from ADMIN 70/2022
By
Active Directory domains distributed across multiple physical locations with IP subnetting and network configuration allows for replication and universal user logins.

One important area of Active Directory (AD) management is replication of domain controllers (DCs), especially across multiple sites (Figure 1). Separate domains for each of the physical locations is not necessary – multiple domains are more complicated to manage in most cases than multiple locations for a single AD domain. Active Directory recognizes the physical subdivision and adjusts replication to reflect this. For example, AD replication between sites uses data compression and occurs far less frequently than on a local network.

Figure 1: Replication between sites lets you map physically separate networks in Active Directory.

Active Directory uses its own service to manage replication automatically within and between sites. This service, known as the Knowledge Consistency Checker, connects the domain controllers of the various sites and automatically creates a replication topology on the basis of defined schedules and site associations.

If more than one DC is available at each site, not all are replicated between sites. Intelligent mechanisms detect grouped DCs and control their replication, as well, so that a slower line between sites is not unnecessarily disrupted by AD replication. Each site has bridgehead servers that pass the information from their own AD site to the bridgehead servers at the other sites. In this way, you also minimize data traffic, because not all DCs transmit data externally.

AD Replication Basics

To use replication between sites, you first need to define it and then assign independent IP subnets. These subnets are stored in the Active Directory Management console and distinguish the sites from then on. You can then create links between the subnets and finally distribute the existing DCs to the individual sites. This kind of routing topology means you need to configure the schedules and investigate the cost of the best possible replication.

The management tool you need is the Active Directory Sites and Services snap-in (Figure 2). The fastest way to launch it on a domain controller or on a computer with the Remote Server Administration Tools (RSAT) is with dssite.msc. Of course, you can also use PowerShell. To create new sites, you must be a member of the Organization Administrators group.

Figure 2: Creating new AD sites in the Active Directory Sites and Services snap-in.

Once you have defined sites and the associated subnets, DCs will automatically be assigned as a function of the subnet to which the IP address belongs. You then need to assign to the right sites existing DCs or servers previously assigned to a location. You can also define these while upgrading the DCs.

To connect each site to the head office, you do not need to use a star topology. Replication in Active Directory also lets you integrate sites that are connected to other sites but not to the head office. Active Directory can manage this, provided you defined the sites and subnets correctly.

Creating New Sites

When you open the Active Directory Sites and Services snap-in, below the Sites entry you will see Default-First-Site-Name as the first site. Active Directory always automatically has one site. In the first step, make sure you assign a meaningful name to this site; you can do so in the context menu.

Next, create the additional sites where you want to install DCs by right-clicking Sites in the snap-in and selecting New Site from the context menu. In PowerShell, use the

New-ADReplicationSite <site>

command. At this point, no extensive configuration is required for the time being, and if you don't have a DC at the site, creating sites will not affect replication in Active Directory.

When you create a new site in the snap-in, a window opens in which you need to specify its name and the site link. You can use the link to manage replication. The settings for this can be changed at any time. By default the DEFAULTIPSITELINK link already exists. Now create a list of locations with a CSV file that starts with the line name. It can then be imported with the command:

Import-Csv -Path C:\newsites.csv | Import New-ADReplicationSite

Creating IP Subnets

After creating the sites, create the IP subnets and assign them to the respective sites. To create a new subnet, right-click Subnets in the snap-in and select New Subnet from the context menu.

If desired, you can create IPv6 subnets. After you create the subnet, the console displays it below the menu item of the same name. At this point, you will also want to create IP subnets on which no domain controllers are installed but that member computers that log on to the DC may be running. You need to assign them to the appropriate sites.

If you click Subnets , you will see all the IP subnets and their assigned sites on the right. You can assign subnets to specific sites at any time in the subnets' properties. Sites can be created retroactively, and new subnets can be assigned to existing sites.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Windows Server 2012 Tricks

    Users of Windows Server 2012 will benefit from numerous innovations, especially in the areas of virtualization, high availability, and storage. In this article, we show you some tricks that make handling the new system much easier.

  • The 12 best tricks for Windows Server 2012
    Users of Windows Server 2012 will benefit from numerous innovations, especially in the areas of virtualization, high availability, and storage. In this article, we show you some tricks that make handling the new system much easier.
  • Resolving problems with DNS, Active Directory, and Group Policy
    Upgrading domain controllers or installing new servers can cause problems with name resolution, Active Directory replication, and Group Policy. A coordinated approach can isolate these errors in Windows Server 2008 or newer.
  • Database availability groups – High availability with Exchange Server 2012
    Companies wanting to operate Exchange for high availability need to work with database availability groups. In this article, we show you what to watch out for, looking into how DAGs work and how to use them.
  • Top PowerShell Cmdlets

    Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=