In this tutorial, we will approach the notions of Active Directory sites as well as subnets.
Active Directory sites can optimize management in multi-site / network infrastructures by:
- Management of replication between domain controllers.
- Authentication of users on the local controller (s).
- GPO by sites
There are two types of replication links:
- Intra-site : replication link between domain controllers in the same site
- Inter-site : Replication link between Active Directory sites, which is configured in the Inter-Site Transport node.
Configuring sites and networks
Ideally, it is best to declare the Active Directory site before promoting to the server’s domain controller, which allows you to place it directly in the right place. It is quite possible to move the DC a posteriori.
In order for the domain controller to be placed directly in the correct site, it must have its final IP address linked to the site.
We can see that on the console, several nodes are available:
- Inter-Site Transports : contains the various inter-site links as well as the protocol used for replication.
- Subnets : contains the different networks that are declared and then assigned to the site.
- Les sites : The nodes in blue (one per site) contain the parameters of the sites with the different servers (domain controller, transport edge …).
When creating the Active Directory domain, a default site is created (Default-First-Site-Name), the first step when implementing a multi-site architecture and renaming the site. To do this right click on the site 1 and click on Rename 2 .
Now that the site is named correctly, we can declare it an IP network.
Add an IP network
The network declaration automatically places the servers in the correct site according to its IP.
If you want to add an IP network, for another site than this one by default, it is necessary to add the site.
Add a site
Configure a bridgehead server
A bridgehead server is a preferred domain controller for cross-site replication. It is useful to define a bridgehead server on the site that has multiple domain controllers to support replication from and to the domain controller and then replicate to its site controllers.
Because the LAB-AD1 server is a bridgehead for SiteA, there is no link from LAB-AD2 (SiteB) to LAB-AD3 (SiteA). If you still want to add a link manually this is possible.
Frequency and replication planning
The replication frequency is configured according to the type of link (Inter or Intra site).
The configuration of the frequency and the planning is done from the General tab.
- Cost 1 : If multiple links are configured, it is possible to prioritize a link by changing the cost. The number to do the most is priority.
- Replication every XXX minutes 2 : corresponds to the replication frequency.
- The Change Schedule button 3 allows you to configure the hours when this one is active.
If we change the frequency in the link configuration in Inter-Site Transports to 60 minutes and we go back to see the link at the controller, we can see the replication schedule has been changed automatically.
The change is not instantaneous, it is possible to force it with the command
Use Group Policies by Sites
Move a domain controller
Check the status of replication
On a domain controller, open a command prompt and enter the command below to view the status of the controller replication.
It is also possible to check the replication of a remote controller by specifying it from the command:
repadmin /showrepl <Remote_DC>
Enter the following command to force Intra-site replication:
Enter the following command to force Intra-site and Inter-site replication:
repadmin /syncall /e
Enter the following command to force Intra-site and Inter-site replication on a remote controller:
repadmin /syncall /e <Remote_DC>
Open a command prompt on the domain controller and enter the command below:
Depending on the topology and the number of domain controllers, link generation may take several minutes.
This command is normally run every 15 minutes to check the replication topology.
Repadmin : https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc770963(v=ws.11)
Design of the site topology : https://docs.microsoft.com/fr-fr/windows-server/identity/ad-ds/plan/designing-the-site-topology