Examining Active Directory Site Administration

Previous page
Table of content
Next page

Sites can be different things, depending on whom you ask. Within the scope of Active Directory, a site defines the internal and external replication boundaries and helps users locate the closest servers for authentication and network resource access. If you ask an operations manager, she might describe a site as any physical location from which the organization operates business. This section discusses Active Directory site administration.

AD sites can be configured to match a single or many locations that have high-bandwidth connectivity between them. They can be optimized for replication and, during regular daily operations, require very little network bandwidth. After an AD site is defined, servers and client workstations use the information stored in the site configuration to locate the closest domain controllers, global catalog servers, and distributed file shares. Configuring a site can be a simple task, but if the site topology is not defined correctly, network access speed might suffer because servers and users may connect to resources across the wide area network instead of using local resources. In most cases, defining and setting up an Active Directory site configuration might take only a few hours of work. After initial setup, AD sites rarely need to be modified unless changes are made to network addressing, domain controllers are added to or removed from a site, or new sites are added and old ones are decommissioned.

Site Components

As mentioned previously, configuring a site should take only a short time because there are very few components to manipulate. A site is made up of a site name; subnets within that site; links and bridges to other sites; site-based policies; and, of course, the servers, workstations, and services provided within that site. Some of the components, such as the servers and workstations, are dynamically configured to a site based on their network configuration. Domain controller services and Distributed File System (DFS) targets are also located within sites by the network configuration of the server on which the resources are hosted.

Subnets

Subnets define the network boundaries of a site and limit WAN traffic by allowing clients to find local services before searching across a WAN link. Many administrators do not define subnets for locations that do not have local servers; instead, they relate site subnets only to Active Directory domain controller replication. If a user workstation subnet is not defined within Active Directory, the user workstation may authenticate and download policies or run services from a domain controller that is not directly connected to a local area network. This authentication and download across a WAN could create excessive traffic and unacceptable response times.

Site Links

Site links control Active Directory replication and connect individual sites directly together. A site link is configured for a particular type of protocolnamely, RPC, IP, or SMTPand the frequency and schedule of replication is configured within the link.

Licensing Server (Per Site)

Within Active Directory, server licenses and licensing usage can be tracked by a central server in each site. Using the Active Directory Sites and Services Microsoft Management Console (MMC) snap-in, you can define a particular server as the site-licensing server. All Windows servers, including NT4, Windows 2000, and Windows Server 2003, replicate licenses and licensing usage to this server. The site-licensing servers replicate with one another to enable the enterprise administrator to track licenses for the entire enterprise from the Licensing console on any of the site-licensing servers.

Site Group Policies

Site group policies allow computer and user configurations and permissions to be defined in one location and applied to all the computers and/or users within the site. Because the scope of a site can span all the domains and domain controllers in a forest, site policies should be used with caution. Therefore, site policies are not commonly used except to define custom network security settings for sites with higher requirements or to delegate administrative rights when administration is performed on a mostly geographic basis.

Note

Because sites are usually defined according to high-bandwidth connectivity, some design best practices should be followed when you're defining the requirements for a site. If possible, sites should contain local network services such as domain controllers, global catalog servers, DNS servers, DHCP servers, and, if necessary, WINS servers. This way, if network connectivity between sites is disrupted, the local site network will remain functional for authentication, Group Policy, name resolution, and resource lookup. Placing file servers at each site may also make sense unless files are housed centrally for security or backup considerations.




Previous page
Table of content
Next page
Microsoft Windows Server 2003 Unleashed(c) R2 Edition
Microsoft Windows Server 2003 Unleashed (R2 Edition)
ISBN: 0672328984
EAN: 2147483647
Year: 2006
Pages: 499
Authors: Rand Morimoto, Michael Noel, Alex Lewis
BUY ON AMAZON
Metrics and Models in Software Quality Engineering (2nd Edition)
WebLogic: The Definitive Guide
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Java Concurrency in Practice
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy