In this lesson you will examine the concept of a Windows 2000 site and the limitations that Windows 2000 sites can help resolve in comparison to a Windows NT environment.
After this lesson, you will be able to
Estimated lesson time: 15 minutes
One of the problems with single domains in Windows NT 4.0 is that objects are replicated through a master-slave replication of PDC objects to BDCs. Consequently, if you have a single domain spread across WAN links, any new object would have to be created on the PDC no matter where the object itself is located. The object would then be automatically replicated across the WAN no matter how much bandwidth that consumes. There's no way to control this apart from changing some registry entries such as the replication governer on the BDCs or by segmenting the enterprise into separate domains.
Another problem with a single domain in Windows NT 4.0 is that you can't control whether a client will log on to the nearest domain controller. For example, a client in the United Kingdom might sometimes be authenticated by a domain controller located in the United States, even when there is a closer BDC in the United Kingdom. Such authentication uses expensive WAN links rather than authenticating via the domain controllers physically closest to the client. To address this problem, Microsoft released a tool in Windows NT Service Pack 4 called Setprfdc, which allows you to create a file that directs the client to log on to domain controllers in a specified order. If the first one in the list isn't available, the client will try the second, and so on. However, manually setting and updating this file can be laborious.
Windows 2000 provides the following ways to mitigate and control the issues raised above:
A site is a set of Windows 2000 machines joined together by local area network connections known as well-connected links. Sites let you map the physical topology of your network onto the logical arrangement of your Active Directory design. By using the Active Directory Sites And Services administrative tool, you can configure Windows 2000 to make the best use of LAN and WAN connections for authentication and replication. To do this, a cost is assigned to the link between two sites where the domain controllers have been placed. The cost mechanism allows clients to identify the closest domain controllers rather than being authenticated across an expensive WAN link, and it also allows you to schedule replication across slow WAN links.
An Active Directory site should have a set of well-connected domain controllers. When considering an Active Directory design, be sure that any additional traffic produced by the migration process won't severely affect the production environment. In cases where the network infrastructure is operating at close to capacity, be sure to plan migration such that additional loading is minimized. You can do this by first upgrading to higher bandwidth links or by isolating the segment of the network that's under construction from the main WAN.
You must validate the site design against the current environment. Begin this effort by considering the existing network topology in depth, and then move to considerations such as the following:
You must also consider your site design in light of your migration goals. The design and the goals might be mutually incompatible. For example, you might have a migration goal that requires 100 percent availability of user logon. If the site design provides for only a single Windows 2000 domain controller in each site, this goal can't be met. As another example, if the network connections between sites can't support a large volume of replication traffic, you won't be able to make information widely available within a particular time frame.
In this lesson, you learned what sites are and how they address the limitations of the Windows NT architecture. You also learned how to use sites to optimize replication and authentication traffic, and how other factors such as extra network traffic could affect a site plan.