Windows Server


Active Directory Sites and Services    



Active Directory Sites and Services


Active Directory Sites and Services

Step-by-Step Guide to Active Directory Sites and Services


Step-by-Step Guide to Active Directory Sites and Services


This guide explains how to use the Active Directory Sites and Services snap-in to administer replication topology both within a site in a local area network (LAN) and between sites in a wide area network (WAN).



Step-by-Step Guides

The Windows Server 2003 Deployment step-by-step guides provide hands-on experience for many common operating system configurations. The guides begin by establishing a common network infrastructure through the installation of Windows Server 2003, the configuration of Active Directory®, the installation of a Windows XP Professional workstation, and finally the addition of this workstation to a domain. Subsequent step-by-step guides assume that you have this common network infrastructure in place. If you do not want to follow this common network infrastructure, you will need to make appropriate modifications while using these guides.

The common network infrastructure requires the completion of the following guides.

Part I: Installing Windows Server 2003 as a Domain Controller

Part II: Installing a Windows XP Professional Workstation and Connecting It to a Domain

Once the common network infrastructure is configured, any of the additional step-by-step guides may be employed. Note that some step-by-step guides may have additional prerequisites above and beyond the common network infrastructure requirements. Any additional requirements will be noted in the specific step-by-step guide.

Microsoft Virtual PC

The Windows Server 2003 Deployment step-by-step guides may be implemented within a physical lab environment or through virtualization technologies like Microsoft Virtual PC 2004 or Microsoft Virtual Server 2005. Virtual machine technology enables customers to run multiple operating systems concurrently on a single physical server. Virtual PC 2004 and Virtual Server 2005 are designed to increase operational efficiency in software testing and development, legacy application migration, and server consolidation scenarios.

The Windows Server 2003 Deployment step-by-step guides assume that all configurations will occur within a physical lab environment, although most configurations can be applied to a virtual environment without modification.

Applying the concepts provided in these step-by-step guides to a virtual environment is beyond the scope of this document.

Important Notes

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, places, or events is intended or should be inferred.

This common infrastructure is designed for use on a private network. The fictitious company name and Domain Name System (DNS) name used in the common infrastructure are not registered for use on the Internet. You should not use this name on a public network or Internet.

The Active Directory service structure for this common infrastructure is designed to show how Windows Server 2003 Change and Configuration Management works and functions with Active Directory. It was not designed as a model for configuring Active Directory for any organization.


The primary purpose of the Windows Server 2003 Active Directory Sites and Services snap-in is to administer the replication topology of an enterprise environment both within a site in a LAN and between sites in a WAN.

Note:  The Appendix provides additional information on how Active Directory service replication is performed. If you are not familiar with replication, you may want to review the Appendix prior to continuing.


A site is a region of your network with high bandwidth connectivity and, by definition, is a collection of well-connected computers—based on Internet Protocol (IP) subnets. Because sites control how replication occurs, changes made with the Sites and Services snap-in affect how efficiently domain controllers (DC) within a domain (but separated by great distances) can communicate.

A site is separate in concept from Windows Server 2003–based domains because a site may span multiple domains and a domain may span multiple sites. Sites are not part of your domain namespace. Sites control replication of your domain information and help to determine resource proximity. For example, a workstation will select a DC within its site with which to authenticate.

To ensure the Active Directory service can replicate properly, a service known as the Knowledge Consistency Checker (KCC) runs on all DCs and automatically establishes connections between individual computers in the same site. These are known as Active Directory connection objects. An administrator can establish additional connection objects or remove connection objects. However, at any point where replication within a site becomes impossible or has a single point of failure, the KCC steps in and establishes as many new connection objects as necessary to resume Active Directory replication.

Replication between sites is assumed to occur on either higher cost or slower speed connections. As such, the mechanism for inter-site (between sites) replication permits the selection of alternative transports and is established by creating Site Links and Site Link Bridges.


Your first site was set up automatically when you installed Windows Server 2003 on the first domain controller in your enterprise. The resulting first site is called Default-First-Site. You can rename this site later or leave it as is.

The replication topology of sites on your network controls:

Where replication occurs, such as which DCs communicate directly with which other DCs in the same site. Additionally, this topology controls how sites communicate with each other.

When replication occurs. Replication between sites can be completely scheduled by the administrator. Replication between DCs inside the same site is notification-based, where notifications are sent within five minutes of a change being made to an object in the domain.

All newly promoted DCs are placed in the Site container that applies to them at the time of installation. For example, a server bound for California might have been initially built and configured in the Maui, Hawaii, data center—therefore, the Configure Your Server wizard places the server in the Maui site. After it arrives in California, the server object can be moved to the new site using the Sites and Services snap-in.

You can use the sites portion of Sites and Services snap-in to:

Display the valid sites within an enterprise. As an example, Default-First-Site might be a site name such as Headquarters. You can create, delete, or rename sites.

Display the servers that participate in a site. You can delete or move servers between sites. (Note:  Although you can also manually add servers, the task of adding a server is typically performed automatically during Domain Controller setup.)

Display the applications that use site knowledge. The Active Directory topology is rooted at Sites\Default-First-Site\Servers. This contains just those servers participating in a specific site, regardless of domain. To view the connections for any given server, display Sites\Default-First-Site\Servers\{server}\NTDS Settings. For each server, there are connections and schedules that control replication to other servers in this site.

Connections. For two machines to have two-way replication, a connection must exist from the first machine to the second, and a complimentary connection must exist from the second machine to the first.

Schedules. Within a site, pull replication of new directory deltas occurs between servers approximately every five minutes. Schedules are significant within a site to force periodic notification to in-bound partners in the event that a partner has a damaged connection object. This type of notification typically occurs every six hours. In addition, schedules are very significant in controlling pull replication between sites. (There is no automatic five-minute replication between sites.)

Display transports and links between sites. Transports represent the protocols used to communicate between chosen sites (for example, IP).

Display subnets. Subnets allow the administrator to associate ranges of IP addresses with sites.


Part 1: Installing Windows Server 2003 as a Domain Controller

Step by Step Guide to Setting Up Additional Domain Controllers

Step-by-Step Guide to Building a Site-to-Site Virtual Private Network Connection

Using the Sites and Services Tool

To start the Active Directory Sites and Services tool


On HQ-CON-DC-01, click the Start button, point to All Programs, point to Administrative Tools, and then clickActive Directory Sites and Services. A console appears as shown in Figure 1.


Figure 1.  The Active Directory Sites and Services Snap-In

Changing Site Properties

To change the Default-First-Site-Name


Click the plus sign (+) to expand the Sites tree.


Right-click Default-First-Site-Name in the left pane of the console, and then click Rename.


Type Seattle-WA, and then press Enter.

Creating a New Site

Sites in Active Directory represent the physical structure, or topology, of your network. Active Directory uses topology information, stored as site and site-link objects in the directory, to build the most efficient replication topology. You use Active Directory Sites and Services to define sites and site links. A site is a set of well-connected subnets. Sites differ from domains; sites represent the physical structure of your network, while domains represent the logical structure of your organization.

To add a new site


Right-click Sites in the left pane of the console, and then click New Site.


In the New Object–Site dialog box, type Vancouver-BC for the new site name.


Click to highlight DEFAULTIPSITELINK, and then click OK.
(Note:  Site Links are explained later in this document.)


Review the Active Directory message box information, and then click OK.

Moving Computers within Sites

You can now move computers from other sites into this site from within the Servers container of each site.

Note:  Computers are assigned to sites based on their IP address and subnet mask. Site assignment is handled differently for clients and member servers than for domain controllers. For a client, site assignment is dynamically determined by its IP address and subnet mask during logon. For a domain controller, site membership is determined by the location of its associated server object in Active Directory.

To move computers into a site


In the Active Directory Sites and Services snap-in, click the plus sign (+) next to Seattle-WA, and then clickServers.


In the results pane, right-click HQ-CON-DC-02, and then click Move.


In the Move Server dialog box, click Vancouver-BC as shown in Figure 2, and then click OK.


Figure 2.  Moving a Computer Between Sites


Repeat steps 2 and 3 to move HQ-CON-DC-03 to the Vancouver-BC site.


In the left pane, click the plus sign (+) next to Vancouver-BC, click Servers, and verify that both servers are now assigned to the site.

Working with Subnets

As detailed previously, a site is a set of computers well-connected by a high-speed network, such as a LAN. All computers within the same site typically reside in the same building or on the same campus network. A single site consists of one or more IP subnets. Subnets are subdivisions of an IP network, with each subnet possessing its own unique network address. A subnet address groups neighboring computers in much the same way that postal codes group neighboring postal addresses. Each site is associated with one or more subnets.

To add a subnet for a particular site


In the left pane of the console, click Subnets, right-click Subnets, and then click New Subnet.


In the New Object–Subnet box, type the Address and Mask numbers as shown in Figure 3, click to highlight Vancouver-BC, and then click OK.


Figure 3.  Adding a Subnet

Once a subnet has been properly created, it will appear under the Subnets folder. Although the subnet was associated with the Vancouver-BC site during its creation, it may be modified to point to an alternate site.

To associate the subnet with a particular site


Under the Subnets folder, right-click the subnet, and then click Properties.


In the Properties dialog box, select the site to associate with this subnet from the list box as shown in Figure 4, and then click OK.


Figure 4.  Associating a Subnet with a Site


Click the Location tab, and then provide a description for the site’s location. For this example, type Vancouver, and then click OK.

Site Links

Creating a site link between two or more sites is a way to influence replication topology. By creating a site link, you provide Active Directory with information about what connections are available, which ones are preferred, and how much bandwidth is available. Active Directory uses this information to choose times and connections for replication that will afford the best performance.

For scheduled replication to occur between multiple sites, both sites must agree on a transport to communicate. Typically, Site Links will be based on IP.

To create a Site Link


Click the plus sign (+) next to Inter-Site Transports, right-click IP, and then click New Site Link.


In the New Object – Site Link dialog box, type PNW-Slow Connection for Name as shown in Figure 5, and then click OK.


Figure 5.  Creating a Site Link


In the right-side results pane for IP Site Links, double-click the newly created PNW-Slow Connection link.


In the PNW-Slow Connection Properties dialog box, type Replication Every 24 Hours for the Description, change the Replicate every setting to 1440, and then click OK.

Note:  If you delete the DEFAULTIPSITELINK, replication between Seattle and Vancouver will occur every 24 hours over IP via the PNW-Slow Connection site link.

Site Link Bridges

By default, all site links are bridged, or transitive. This allows any two sites that are not connected by an explicit site link to communicate directly through a chain of intermediary site links and sites. One advantage to bridging all site links is that your network is easier to maintain because you do not need to create a site link to describe every possible path between pairs of sites.

Generally, you can leave automatic site link bridging enabled. However, you might want to disable automatic site link bridging and create site link bridges manually just for specific site links, in the following cases.

Your network is not fully routed (not every domain controller can directly communicate with every other domain controller).

You have a network routing or security policy in place that prevents every domain controller from being able to directly communicate with every other domain controller.

Your Active Directory design includes a large number of sites.

Appendix: Replication Topology Concepts

Replication Overview

Except for very small networks, directory data must reside in more than one place on the network to be equally useful to all users. Through replication, Active Directory maintains replicas of directory data on multiple domain controllers, ensuring directory availability and performance for all users. Active Directory uses a multimaster replication model, allowing you to make directory changes at any domain controller, not just at a designated primary domain controller. Active Directory relies on the concept of sites to help keep replication efficient, and on the KCC to automatically determine the best replication topology for the network.

Organizing Data for Replication

Data is stored on each domain controller in the directory store, which is divided logically into specific directory partitions. Each partition stores a different type of directory data; domain data, forest schema data, forest configuration data, or application data. All domain controllers within a forest hold a replica of the schema and configuration partitions for that forest and all domain controllers within a particular domain hold a replica of the domain partition for their domain. Application directory partitions hold directory data specific to a particular application and can be stored by domain controllers belonging to different domains. Changes to each directory partition are replicated to all other domain controllers that hold a copy of that partition.

Replication also ensures the availability of the global catalog throughout the entire forest. The global catalog is a searchable directory store containing data about every object in all domains. The global catalog is stored by domain controllers for which the global catalog has been enabled.

Improving Replication Efficiency with Sites

To help make replication more efficient, Active Directory relies on sites. Sites, defined as groups of well-connected computers, determine how directory data is replicated. Active Directory replicates directory information within a site more frequently than among sites. This way, the best connected domain controllers, those most likely to need particular directory information, receive replicated updates first. The domain controllers in other sites also receive the changes, but less frequently, reducing network bandwidth consumption.

Determining the Replication Topology

The KCC, a process running on each domain controller, automatically identifies the most efficient replication topology for your network, based on information you provide about your network in Active Directory Sites and Services. The KCC regularly recalculates the replication topology to adjust for any network changes that have occurred. The KCC of one domain controller within each site (the intersite topology generator) determines the intersite replication topology.

Additional Resources

For more information, see the following resources.

Active Directory Replication at 

For the latest information about Windows Server 2003, see the Windows Server 2003 Web site at





Shortcut to open this snap-in:

Start > Run > dssites.msc


No TrackBacks

TrackBack URL: http://www.skar.us/site/mt-tb.cgi/2908

Leave a comment


Author Bio          ★★★★★

Author Name:         administrator
Author Location:    India
Author Rank:          Writer
Author Status:        
The Green leave stands!!



  • eBooks
  • Games
  • Softwares
  • Tools
  • Tweaks
  • Wallpapers
  • Warez
  • Games
  • Tools
  • Wallpapers
    System Administration
  • dll Center
  • Scripts
  • Tools
  • .extensions database
  • Write-up
  • Download Database
  • Jobs
  • Lists
  • Polls
  • Glossary

01000011 01110010 01100001 01100011 01101011 01111010 01101000 01100001 01100011 01101011