The first component of the Active Directory, the logical structure, was discussed in the first article of this series. The second component of the Active Directory is the physical structure, which holds the mechanisms for data communication and replication. This article covers two physical structure topics: the definition of the IP subnet network structural component that constitutes Active Directory sites, and the physical server that stores and replicates Active Directory data known as the domain controller and the related Global Catalog.
In an ideal world, network communication would always be rapid and reliable. Unfortunately, geographic and other limitations result in the need to create smaller networks, known as subnets, to facilitate communication within and between locations. Although rapid and reliable network communication can be achieved within the larger unit, it can vary radically between subnets. Therefore, to ensure the most effective network communication by Windows 2000, the Active Directory offers methods of regulating intersubnet traffic.
The physical network structure of the Active Directory is based on a unit known as a site. The role of the administrator is to design sites that ensure the greatest network performance. A site comprises one or more Internet Protocol (IP) subnets that are tied together by high-speed, reliable connections. What speed is considered sufficient is really arbitrary. For example, in small networks, a 128KBps connection could be sufficient, whereas the bandwidth for a large network might need 3MBps or more. The administrator must determine what speed best accomplishes the goal of minimum performance loss due to network traffic, and establish sites accordingly. Although many subnets can belong to a single site, a single subnet cannot span multiple sites.
The primary goal of a site is rapid and economical data transmission. An important part of that is efficient directory services replication. The Active Directory physical structure governs when and how replication takes place. This is true of both intersite and intrasite replication. Network site performance also impacts the location of objects and logon authentication. As users log on to the network, they are able to reach the closest domain controller site through the previous assignment of subnet information. The system administrator uses the Active Directory Sites and Services snap-in to manage the topology of replication services. With intrasite replication, the defined high-speed connection normally ensures rapid deployment. With intersite replication, the WAN bandwidth may be considerably slower. The site structure permits the management of Active Directory replication scheduling between sites.
Administrative granularity is significantly enhanced through the concept of the site and its relationship to domain and organizational units. In many cases, sites have the same boundaries as a domain or an organizational unit; thus, delegation of site responsibility might be mirrored in OU or domain administration.