Using Sites in Windows 2000

When dealing with a large enterprise-level Active Directory structure, one of the more important concepts is replication. Replication is the process of sharing Active Directory updates between domain controllers. Many challenges are involved in replicating database changes across a large enterprise. To make this process easier, Windows 2000 uses an organizational structure called a site. In this article, I'll discuss the ways that sites are used within Windows 2000.

What's a Site?

If you're familiar with Exchange 5.5, then you're probably already familiar with the idea of sites. The main difference between Exchange and Windows sites is that whereas an Exchange site consists of a group of mail servers, a Windows 2000 site is made up of a group of domain controllers. Unlike Windows NT version 4.0, Windows 2000 uses what's known as a multimaster domain model. This means that rather than making all administrative changes directly to a primary domain controller and replicating them out, administrative changes can be made to any domain controller. These changes are then replicated to each domain controller.

The Site Model

The multimaster domain model can be a bit chaotic. Imagine a large network with dozens of domain controllers that are constantly trying to replicate changes to each other, and you'll understand how quickly the network could be flooded with replication traffic. To help reduce this constant bombardment, Microsoft implemented the site model. The site model groups domain controllers that are members of the same domain and that are connected by high-speed, low-cost links. Dividing the domain controllers in this way eases the strain caused by replication.

For example, suppose that your domain consists of three domain controllers. Now, imagine that an Ethernet segment connects two of those domain controllers to each other, and the third connects via a dedicated ISDN line. Needless to say, Ethernet offers a speed that's more than sufficient to sustain replication. Therefore, you'd probably want to form a site that contains the two domain controllers connected by the Ethernet segment. Doing so would allow the two domain controllers to replicate freely between each other as needed. And it makes sense because you usually don't have to worry about bogging down an Ethernet segment with replication traffic. If your network is too congested with traffic already, you can install a second network card into each server and form a dedicated segment between the servers that's used solely as a backbone for replication traffic.

Once you've established your initial site, you'll probably want to create a second site to contain the server on the other end of the dedicated ISDN line. The reason for doing so is that ISDN is a slow, and potentially expensive, medium, and you don't want to risk congesting your ISDN link with constant replication traffic. You can solve this problem with the two-site model. Servers within each site will replicate Active Directory changes with each other freely, but servers in different sites will only replicate directory information at scheduled times. You can set the replication schedule to replicate across the slow link at a time when network traffic will be minimal. In the future, as you add servers to the network, you can place them in the site to which they have the most efficient link. If a new server is connected to the rest of the domain only by slow links, you can always create another site.