Active Directory Sites and Services

Active Directory Sites and Services (ADSS) is a key element of any Active Directory Domain. It allows you to structure your Active Directory such that you can tightly control the replication and bandwidth used by multiple, segmented areas of your network.  I recently set up my own domain with separate sites to control the interaction between two different branch offices on the network – this is where it really shines.

Parts of the network are segmented by subnets.  For detailed information on a click here: subnet.  The short version is that a subnet is a high bandwidth, low latency, interconnected network of computers.  You might recognize the common home LAN subnet of 255.255.255.0.  This describes 254 address in an IP address range.  It is possible to have more say 192.168.1.1 – 192.168.3.1 would be 255.255.253.0.  Using subnets your domain can be segmented into different sites, allowing you to control your network over both high speed LAN connections and over slower speed $define(WAN) links that interconnect branch offices or other areas important to your domain.

Wow that sounds confusing, okay simple version as an example.  You have a main office building for a company called WinTastic.  This office is located in Paducah, KY.  WinTastic has expanded and now has opened a branch office in Marsville, TN – a prime business location for their product.  Your tasked with the job of adding this new branch office to their existing domain.  How do you do this? Why ADSS of course (Didn’t see that coming did you?).  Your office in Paducah is a lan that consists of IP addresses 192.168.1.1-192.168.1.254.  Knowing in advance you will be setting up a new Active Directory site you configure your shiny new DC in Marsville for DHCP and the IP address range 192.168.2.1-192.168.2.254.  Now with the setup portion done and some fancy spancy VPN linkage between your two networks, its now time to get knee deep in AD and setup your sites.

A bit more background first, the reason sites are important is to control your domain’s replication between different domain controllers.  Each site needs to have a DC on its subnet, with ADSS and the proper subnets, every time a client logs on the DNS servers will provide them with their closest DC (presumably the fastest available to them).  Without this key improvement one of our poor office bees in Paducah could login using the server in Marsville over our cruddy DSL connection.  Now this won’t solve every problem with multiple branches but it goes a long way toward making your domain very quick, clean, and accessible.

Okay onto how to setup a site.  First and foremost you much setup subnets.  Heres an image of my ADSS:

You can see I have two sites (and subsequently two subnets though you can assign more than one subnet to a site).  First we’ll look at how to create sites and set up a new site.  So lets start by right-clicking on our root sites folder and clicking add site.  The wizard that pops up is fairly straight forward except for the site link:

The name is just a descriptive name so that you can remember where this site is (though in its properties you also can set a more descriptive location).  The only interesting thing here is our site link.  You can create a site link or use the default one but this just defines a connection between two or more sites and its cost to use.  This way the AD can determine the lowest cost link to follow to arrive at a AD site (Exchange uses this heavily to deliver mail amongst hub servers).  The wizard for site links is fairly easy to understand just a name and the sites to include.  If you want to set more detailed information on it, create it then right click and open its properties where you can adjust its cost and other settings.  We aren’t going to talk about bridges in depth but on a quick note a bridge head is a hub between two links.  I. E. Marsville,TN <–> Paducah, KY <–> Hopkinton, MA.  Paducah acts as a bridge between Marsville and Hopkinton (though it won’t unless its defined as one otherwise theres no connection between Marsville and Hopkinton – this isn’t a big problem though depending on where your network services are located not always advisable.

Second we’ll look at the subnets you can see I have 192.168.1.0/24 and 192.168.2.0/24.  The first part is the starting IP for the range you are interested in defining aka 192.168.1.0 and 192.168.2.0.  The second part is a subnet bit.  You can calculate your subnet bit at http://www.subnet-calculator.com/.  A subnet bit of 24 stands for the subnet mask 255.255.255.0 which given my combinations above provides two IP ranges (192.168.1.1-192.168.1.254 and 192.168.2.1-192.168.2.254).  NOTE: if you don’t care about what a subnet bit is don’t read the following paragraph just skip it, its really useless because the calculator determines it for you.

For those that didn’t skip, I see you enjoy knowing everything.  A subnet bit describes how many bits of the given IP address (in our case 192.168.1.0) do not change on our network or make it a part of our subnet.  The part that does change is known as the host id and is the part of the IP address that is changed when it is assigned to the computer (aka the .0 part will change when DHCP assigns a new IP).  In our case the 192.168.1 is the subnet id and will stay the same.  So where does 24 come from?  Well and IP address is a 32 bit binary number.  Each octet of the IP is eight binary bits (hence its an octet).  In ours, three octets (24 bits) do not change and this defines are subnet.  It doesn’t have to be 8, 16, or 24.  It can be many options in-between though not every range can be represented due to how the conversion between binary and octets end up.  AKA 255.255.255.0 works 255.255.253.0 doesn’t.  :x However 255.255.254.0 does. Also the last octet can exist too 255.255.255.128 is valid though 255.255.255.5 isn’t.  Short version, use the calculator.

Okay enough of that.  For those of you who could care less of the gory details, way to go.  Now onward.  Using this fun subnet bit we defined our subnets by right clicking on the subnet folder and clicking add a subnet.  This brings up the following wizard:

The prefix is a base IP address and subnet bit i.e. 192.168.1.0/24.  The next thing to select is a site to assign this subnet too.  We just click the site we care about and hit okay.

Now we’ve done the hard part.  Now its just drag and drop to move our DCs between sites so that they are placed in there respective areas.  Once moved your done, its a piece of cake.  If you want to force replication you can drill down to a server’s NTDS settings (click a server on the left and NTDS settings appears at the right) then right click the NTDS settings and click replicate from or to.  Normally the servers replicate every 180 minutes or a custom interval specified in your site link properties.

If there are questions leave them in the comments but hopefully this will help explain a very important part of the Active Directory.

One Comment

  1. press release says:

    I used to be recommended this web site via my cousin. I’m now not certain whether this put up is written by way of him as no one else recognise such detailed approximately my trouble. You are amazing! Thank you!

Leave a Comment