Tag Archives: site links

How to setup active directory sites, subnets, site-links?

In my previous article I explain the use of AD sites, subnets. If you still not read it you can find it here.

In this article let’s look in to sites and subnet setup and configurations.

In demo I am using the following setup.

Server Name

Roles

Operating System

Site

Subnets

DC1.contoso.com

Primary Domain Controller

Windows server standard 2012 R2

Site A (HQ)

192.168.148.0/24

SRV1.contoso.com

Additional Domain Controller

Windows server standard 2012 R2

Site B (Branch Office)

10.10.10.0/24

In demo SRV1 server is located in Branch office which is located in different geographical location. It is connected to primary domain via 256kb link. Currently it is setup under default AD site.

In the demo I am going to create 2 sites called Site A and Site B. then assign the relevant servers to it along with the subnets.

To initiate the configuration we need to log in to the primary DC. The user account used for the configuration must be member of domain admin or enterprise admin security groups.

All the configurations will be done via “Active Directory Sites and Services” mmc.

To load it go to Server manager > Tools > Active Directory Sites and Services

s1

As we can see below, both servers are under default AD site.

s2

Create New Site  

1.    Right click on “Sites” and select “New Site”

s3

2.    It will open new window and here type the new Site name. Also we need to select the Site link for the site. In here I will use the default site link. Click “Ok” to create site.

s4

3.    Then it will give information windows and click ok to exit from window.

s5

4.    Then I follow same steps and create SiteB.

s6

Create Subnets

According to the table we need to create the subnets for each site and associate them.

1.    In Active Directory Sites and Services mmc right click on “Subnets” and click on New Subnet.

s7

2.    In next window type the subnet with the relevant prefix. Also under “select a site object for this prefix” option select the relevant site it should associate. Then click OK.

s8

3.    I did follow same steps and created the 10.10.10.0/24 subnet and assign it with siteB.

s9

Create Site Links

As per demo configuration I explain, Site A and Site B connected with 256kb link. We need to create new site link for it.

1.    In Active Directory Sites and Services mmc right click on “Inter-Site Transports > IP” and click on New Site Link.

s10

2.    Then in next windows, type a name for the link and select the sites which will communicate between each other and click add to move them to “Sites in this site link”

s11

s12

3.    Then click ok to create the link.
4.    The link will be created with the default values but we can optimize it with our requirement. In order to change settings right click on the link and select properties.

s13

5.    In here, the cost define the link bandwidth. You can find the cost in here https://technet.microsoft.com/en-us/library/cc782827%28v=ws.10%29.aspx according to Microsoft.

s14

6.    Also we can define when to replicate changes between sites. To change the schedule click on “Change Schedule” button.

s15

7.    In next window you can define the schedule. I have go ahead and did a custom schedule.

s16

8.    Click ok to apply the changes.

Move Domain controllers to sites

Now we have sites, subnets an site links setup. Now we need to move the domain controllers in to relevant sites.

1.    In Active Directory Sites and Services mmc go to “Default-First-Site-Name > Servers”. Then right click on the DC server you need to move and select option move.

s17

2.    In next window select the Site it should move to. According to demo I select SiteA and click ok.

s18

3.    Then we can see its move to relevant site.

s19

4.    I have followed same steps and move the SRV1 to SiteB.

s20

This completes the configuration of sites, subnets and site links. If you have any questions about the post feel free to contact me on rebeladm@live.com

Why active directory sites and subnets?

In any sort of SUCCESFUL NETWORK, there is mainly two topologies. One is called as physical topology which represents the structure of the network including such as network topologies, hardware placements, IP address allocations. The other one is the logical topology which represents the security boundaries of the network, network services etc. In active directory based infrastructure setup, “Domain” represents the logical topology while “Sites and Subnets” represents the physical topology.

Site simply we can define as a physical location or network. It can be either in separate building, separate city or even in separate country. As an example, Contoso Ltd. has its head office located in London, UK. It is have its domain controller and rest of servers, equipment running. It uses Ip address allocation for the network with subnet 192.168.148.0/24. With the business requirements company opens a branch office in Toronto, Canada. Even its located in different physical location, it’s under main contoso.com domain. It does running a separate network with ip address allocation of 10.10.10.0/24. To make the company operations smooth and productive it is important to keep the network as one even its in two geographical locations. Company spent large amount of money to connect two offices with 256kb link. As we know in active directory environment replication is crucial. Whatever changes happens in one domain controller should replicates to others. But in here in this setup if we just setup network by allowing direct replication between HQ and branch office domain controllers it will be slow and majority of link bandwidth will use for the replication traffic and other DC service related traffic. Also let’s assume users in branch office are accessing some files from a DFS file share. If it’s via the slow 256kb link it will be bottleneck for the company operations due to time and reliability. Answer for all these concerns is use of sites, subnets, site links. Sites helps to localize the services. So when sites are setup when users authenticate DC or try to access file in DFS share it will immediately direct users in to local domain controllers, DFS servers in same site. Also we can optimize the links between sites and decide how much of traffic should allocate, when replications should happens etc. isn’t it beauty?

sites

In sites setup subnets represents the IP address allocations. But it’s not exactly means all address behind router in a sites. It can be IPv4 or IPv6. Based on subnets sites decides its physical boundaries of the network.

Sites and Domain setup mainly can divide in to two types.

Single site with multiple domains – in here one site can be hosting multiple domains. For example Contoso Ltd. London Site may using contoso.com and also xyz.net domains.

Single domain with multiple sites – in here one domain will have multiple sites. So its exactly same as my previous example. Contoso Ltd. have two sites in London UK and Toronto Canada. But these all are under same contoso.com domain.

Benefits of Sites and Services

There are mainly three benefits we can identify.

Replication – In typical AD DS setup all domain controllers are set to replicate changes between each other assuming all are connected via fast network links. But in real world it’s not. With use of sites and site links we can optimize the replications between domain controllers to get the best benefits out from slow links.

Service Location – In active directory setup there are other services integrated which helps on company operations. For example DFS, Active directory certificate services, mail services. Using sites and subnet setup we can point users to nearest server for the services. So users in Site B severed by DFS server in Site B when they try to access a file instead of passing the request to Site A. 

Authentication – when user logs in to domain it simply communicate with the domain controller for the authentication. But let’s assume 100 users in Site B is trying to log in to their computers in morning. In order communicate with domain controller in Site A it will take lot of bandwidth from the slow link between the sites and also large amount of time. But with correct server placement and site setup we can point all the users in site B to communicate with site B domain controller.

In this article I have explain the use of sites, subnets and site links and in next article lets look in to configurations. If you have any questions about the post feel free to contact me on rebeladm@live.com