Are Sites in AD Sites & Services Needed with Gigabit WAN Connectio

I started working for a new company, and they're looking to have their AD
structure reorganized. One item I'm looking at is AD Sites and Services.
Currently they have three locations connected via gigabit fiber across the
WAN. Given this connection speed, is there any purpose to creating separate
Sites in AD Sites and Services? I thought that separate AD Sites were needed
when WAN connections were "slower".

Also, is there any purpose in creating a Site in AD Sites and Services if
that Site won't contain a domain controller?

Thanks.

Hello Marks70,

AD sites and services has nothing to do with network speed, it reflects your
physical topology, so that clients are able to use the nearest DC for login
or that DFS if used choose the nearest server in the site. That's the reason
to configure the sites and add the correct subnet to the site so that the
DC's are have the proper connectivity built.

If you have site aware services running it is also a good idea to have a
site without a DC.

See here about:
http://technet.microsoft.com/en-us/l.../cc755768.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I started working for a new company, and they're looking to have their
> AD structure reorganized. One item I'm looking at is AD Sites and
> Services. Currently they have three locations connected via gigabit
> fiber across the WAN. Given this connection speed, is there any
> purpose to creating separate Sites in AD Sites and Services? I thought
> that separate AD Sites were needed when WAN connections were "slower".
>
> Also, is there any purpose in creating a Site in AD Sites and Services
> if that Site won't contain a domain controller?
>
> Thanks.
>

Howdie!

"Marks70" wrote:
> I started working for a new company, and they're looking to have their AD
> structure reorganized. One item I'm looking at is AD Sites and Services.
> Currently they have three locations connected via gigabit fiber across the
> WAN. Given this connection speed, is there any purpose to creating
> separate
> Sites in AD Sites and Services? I thought that separate AD Sites were
> needed
> when WAN connections were "slower".

It's up to you to create/maintain the sites and services in AD Sites and
Services. There are several services that rely on that model in order to
function properly:
AD Replication
FRS (SYSVOL Replication, DFS rep/"referral")
Client logon "referral"

The KCC creates the AD rep topology based on the data you put into sites and
services (the topology itself as well as the cost and schedule that you
choose). It helps the KCC create different replication routes if one site or
link fails.

Depending on what your network looks and how subnets are connected (100%
reliable? Fast lines?), you may not need the site definition in Active
Directory. It doesn't harm you to have that though.

> Also, is there any purpose in creating a Site in AD Sites and Services if
> that Site won't contain a domain controller?

Yes - clients "notice" they're in a DCless site and get (based on the site
definition - again, cost and schedule are important) what DC to pick from
what site to get the best and fastest answers. The "DC locator" process
completely relies on the "sites and services" model. If you have no sites
and services defined, it'll pick any random DC in the domain - and that
might be the farthest DC on your 64kbit site somewhere in the woods.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

In news:5286FF1F-6BC7-4145-98CB-9B4F80219174@microsoft.com,
Marks70 <Marks70@discussions.microsoft.com>, posted the following:
> I started working for a new company, and they're looking to have
> their AD structure reorganized. One item I'm looking at is AD Sites
> and Services. Currently they have three locations connected via
> gigabit fiber across the WAN. Given this connection speed, is there
> any purpose to creating separate Sites in AD Sites and Services? I
> thought that separate AD Sites were needed when WAN connections were
> "slower".
>
> Also, is there any purpose in creating a Site in AD Sites and
> Services if that Site won't contain a domain controller?
>
> Thanks.

To add to Meinolf's post, it also affects other services that use AD, such
as Exchange. If an Exchange server were to be in say, New York, and you have
one big AD Site encompassing your whole organization, with locations in
Asia, Europe and the US, then the Exchange server's automatic AD discovery
will be using DCs and GCs randomly from all over the org. In addtion,
Exchange 2007 now uses AD Sites as boundaries, rather than the way Exchange
2003 uses Replication groups.

I would recommend it as a good practice to create Sites based on location to
control logon and authentication traffic, as well as other services such as
Exchange, to use local DCs/GCs.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

In news:OzbK$allJHA.5016@TK2MSFTNGP04.phx.gbl,
Ace Fekay [Microsoft Certified Trainer] <firstnamelastname@hotmail.com>,
posted the following:
>>
>> Also, is there any purpose in creating a Site in AD Sites and
>> Services if that Site won't contain a domain controller?
>>

I forgot to add, if you have a location that does not have a DC, you do not
want to create an AD Site for it. However, do create an IP Subnet Object for
it, and associate it with a another Site of your choosing that you want.
This way the DC at the Site you choose will be used for logon and
authentication.

Once again, Sites are used to control replication traffic between DCs, as
well as controlling which DCs and GCs are used for logon, authentication,
and general directory lookup traffic.

Ace

Thanks for everyone's response. It is definitely good information and helps
to clear up some things. However, I'm still not sure I understand why I would
want to connect sites if the connection speed between them is gigabit speed.
Why would it matter which DC services a client if the connection speed
between all the DCs is so fast? Wouldn't replication be essentially as fast
between sites as it is within the same site?

Also, what are the ramifications of creating sites and configuring subnets
and forgetting to add or missing a subnet? How does this affect clients in
the subnet that hasn't been configured?

Thanks again,
Mark

"Marks70" wrote:

> I started working for a new company, and they're looking to have their AD
> structure reorganized. One item I'm looking at is AD Sites and Services.
> Currently they have three locations connected via gigabit fiber across the
> WAN. Given this connection speed, is there any purpose to creating separate
> Sites in AD Sites and Services? I thought that separate AD Sites were needed
> when WAN connections were "slower".
>
> Also, is there any purpose in creating a Site in AD Sites and Services if
> that Site won't contain a domain controller?
>
> Thanks.

Hello Marks70,

Even with fast connections with correct setup of AD sites and services you
have control ov er the netwrok and if you have for whatever reason have to
shutdown a complete site, you can be sure that other machines in different
sites are not effected.

Inter-site replication between sites is by default any 180 minutes, reducable
in AD sites and services to 15 minutes(with more configuration also lower
possible).

Intra-site in windows 2003 is 15 seconds.

If you miss a subnet the client will logon on wherever a DC is answering
during the DCLocator process.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks for everyone's response. It is definitely good information and
> helps to clear up some things. However, I'm still not sure I
> understand why I would want to connect sites if the connection speed
> between them is gigabit speed. Why would it matter which DC services a
> client if the connection speed between all the DCs is so fast?
> Wouldn't replication be essentially as fast between sites as it is
> within the same site?
>
> Also, what are the ramifications of creating sites and configuring
> subnets and forgetting to add or missing a subnet? How does this
> affect clients in the subnet that hasn't been configured?
>
> Thanks again,
> Mark
> "Marks70" wrote:
>
>> I started working for a new company, and they're looking to have
>> their AD structure reorganized. One item I'm looking at is AD Sites
>> and Services. Currently they have three locations connected via
>> gigabit fiber across the WAN. Given this connection speed, is there
>> any purpose to creating separate Sites in AD Sites and Services? I
>> thought that separate AD Sites were needed when WAN connections were
>> "slower".
>>
>> Also, is there any purpose in creating a Site in AD Sites and
>> Services if that Site won't contain a domain controller?
>>
>> Thanks.
>>