How to setup Sites and Subnets in Active Directory: Step-by-step guide

How to setup Sites and Subnets in Active Directory: Step-by-step guide

Introduction to Active Directory Physical Topology

Active Directory is composed of two different types of network structures or topologies, namely the logical topology and the physical topology. The logical topology is made up of components such as forests, trees, domains and organizational units. It is used to organize the resources within a network. Whereas, the physical topology is made up of sites, subnets, site links, domain controllers and other similar components and is mainly concerned with managing replication and regulating network traffic. The site topology is usually configured in a way such that it mirrors the physical network topology of the organization. The two main functions of using sites are service localization and managed replication.

Sites

In Active Directory, a site is defined as a collection of one or more subnets that are connected together by means of high-speed or high-bandwidth links. Thus a single site may contain IP addresses belonging to different areas. Every domain controller in the network belongs to a specific site and this site location plays an important role in functions such as replication topology, logon authentication, directory queries, requests, etc. This means that every site is capable of containing domain controllers belonging to different domains. The network is generally divided into sites, so as to reduce the amount of replicated data to be sent over slow WAN links. This in turn helps minimize the network traffic. Simply put, a site can be used to represent a physical location such as a building, a separate branch, city or even a country.

Subnets

An Active Directory subnet is composed of neighbouring computers that are grouped together based on their IP address, which can be either IPv4 or IPv6 addresses. Subnets are connected by means of routers and every device on the network should belong to a subnet. Subnets are linked to a site, which in turn helps in defining the site boundary.
Site links in Active Directory are used to connect different sites. It can be used to link two or more sites to mirror the physical connection topology between sites. Site links also define the way in which the replication and logon authentication traffic flows between sites. Site links may be defined in terms of three attributes namely cost, frequency and schedule.
The site topology can be explained using the following scenario. Consider an organization with offices in Delhi, London and New York with its headquarters in London. However, all the offices belong to the same domain.  In the absence of sites, replication between the domain controllers in different locations will be slow and would use up a major portion of the link bandwidth. In addition to this, if a user from the New York office needs to be authenticated, they need to send out a request to all the available domain controllers and wait for one of them to respond. In case a domain controller from Delhi is the first to respond, it leads to an increase in network traffic and issues related to speed and bandwidth. However, with the implementation of sites, replication between domain controllers is managed so as to make the best use out of slow links. Similarly, authentication and services are localized. So a user from the London office will be authenticated only by a local domain controller. This improves the speed and reduces the traffic. 

Creating and Configuring Active Directory Sites and Subnets

Active Directory Sites and Services

Active Directory Sites and Services is an administrative tool that is used to create and manage sites and other components of the physical topology. It is also used for administering the replication of directory data. It is included as part of Active Directory Management Tools.

When Active Directory is first installed, all the domain controllers are located within a single site which has a default name of Default-First-Site-Name. However, this can be renamed and more sites can be added according to the requirements of the organization. The following sections contain instructions to create and configure new sites, subnets and site links using the Active Directory Sites and Services MMC snap-in.

Creating a New Site

The prerequisite for the following procedure is a membership in either the Enterprise Admins or Domain Admins group. Additionally, this can be performed using Run as Administrator to ensure security. A new site can be created by following the steps given below.

Open the Start menu and click on Administrative Tools and select Active Directory Sites and Services. (For Windows Server 2012, click on Start and type dssite.msc).
Right click on the Sites folder from the console tree and select the New Site option.
In the New Object-Site dialog box, type the name of the site in the respective field.
Select a site link object from the given list and click OK.
If prompted to perform a list of other tasks, click OK.
Thus a new site is created and can be seen in the Active Directory Sites and Services console tree.
Creating a New Subnet
The prerequisites are the same as those mentioned for creating a new site. A new subnet can be creating by following the steps given below.
Open the Start menu and click on Administrative Tools and select Active Directory Sites and Services. (For Windows Server 2012, click on Start and type dssite.msc).
Double click on Sites from the console tree and right click on Subnets.
Click on the New Subnet option.
Enter the IPv4 or IPv6 subnet prefix accordingly, in the Prefix field.
In the Select a site object for this prefix field, click on the desired site to be associated with the subnet and click OK.
Creating a Site Link
Open the Start menu and click on Administrative Tools and select Active Directory Sites and Services. (For Windows Server 2012, click on Start and type dssite.msc).
In the console tree, expand the Inter-Site Transports folder which reveals the IP and SMTP sub-folders.
Right click on the desired folder and select the New Site Link option.
Enter the name of the site link, add the required sites and click OK to create the site link.
Other properties of the site link can be configured under the Properties option. Click OK to finalize the process.
Configuring Sites and Subnets
Once new sites and subnets have been created several other tasks such as adding domain controllers, specifying licensing servers, configuring site boundaries and configuring subnet properties have to be performed. These tasks are discussed as follows.

Adding Domain Controllers to a Site

After creating a site, domain controllers can be added to it by following the instructions given below.
Open Active Directory Sites and Services. Locate the site containing the domain controller to be moved and expand it to reveal a Servers folder.
Click on the Servers folder. A list of domain controllers within the site is displayed.
Right click on the domain controller to be moved and select the Move option.
In the Move Server dialog box, select the site to which the domain controller has to be moved and click OK.
The domain controller appears under the new site to which it was moved.
Selecting a Licensing Server
A licensing server is a computer that collects information from within the site for administration purposes. A licensing server can be selected for a specific site by using the following steps.
Open Active Directory Sites and Services. Select the site for which a licensing server needs to be assigned and click on it.
The Licensing Site Settings container is displayed. Right click on this container and select Properties.
In the Licensing Site Settings dialog box, click on Change.
Select the desired server in the Select Computer dialog box and click OK.
Click OK to complete the process.

Configuring Site Boundaries

The site boundaries can be configured by assigning specific subnets to a site. The objective of this is to configure the site topology in such a way that it mirrors the physical network topology of the organization. This also helps in replication. For instance, an organization having offices in different geographic locations can configure the site boundaries to control replication and traffic. A specific subnet can be assigned to a site by following the steps for creating a new subnet.

Configuring Subnet Properties          

Once a new subnet has been created, it can be configured with a set of properties. This can be done using the following steps.
Open Active Directory Sites and Services.
Double click on Sites from the console tree and right click on Subnets.
Select the Properties option.
In the Properties dialog box, enter a description for the subnet in appropriate field under the General tab.
Using the Site drop down list box, the subnet can be moved to another site.
Similarly, other properties can be specified from the Location, Object and Security tabs.

Thus, components of the Active Directory physical topology such as sites, subnets and site links can be created and configured easily using the Active Directory Sites and Services MMC snap-in. These operations can also be performed using PowerShell commands.