Design of the Active Directory topology needs to consider the location of domain controllers,how data should be replicated between those domain controllers, and any additional links to sites.
When considering proximity of domain controllers, you need to examine four types of servers or roles:
- Forest root domain controller
- Regional domain controller
- Global catalog server
- Operations master role
The forest root domain controller, a term usually used in a multi-domain environment, enables access to resources between domains by creating trust paths between those domains.It's recommended that you place a forest root domain controller or create a shortcut trust in locations that have unreliable network connectivity.
Regional domain controllers provide local domain controller functionality at remote sites. You should place as few regional domain controllers on the network as possible. Regional domain controllers should be used at hub locations; Read-Only Domain Controllers (RODCs) are recommended in locations where physical security can’t be guaranteed.
Global catalog servers and operations master roles are discussed further in Objective 5.2,"Design a domain controller strategy." In general, global catalog servers are required only when more than one forest is available.
Active Directory uses multimaster, store-and-forward replication. Replication of data between sites is configured through a replication process built by the Active Directory Knowledge Consistency Checker (KCC). The KCC uses a least-cost spanning tree to optimize replication for bandwidth usage. Replication can be managed to further customize and configure its behavior, such as the schedule for replication.
Replication occurs differently depending on whether the traffic is passing within a site or between sites. Replication occurs on data updates within a site so that the change can become known within the site as quickly as possible. Replication between sites goes to a single domain controller in the remote site, which then further replicates the information to other domain controllers at that site.
Optimizing replication means analyzing the number of physical sites and comparing that against the available bandwidth between sites. Low speed (less than 10 Mbits) between sites calls for the establishment of multiple sites with domain controllers placed at those sites. You can configure various factors about replication such as the site link cost and frequency, which can further optimize replication based on the organization’s needs and topology. You can adjust three primary factors to optimize replication configuration:
- Site cost
- Schedule
- Interval (180 minutes, by default)
It's recommended that you create sites for locations in which a domain controller is placed or in locations where the application requires a site to be created. An example of such an application is Distributed File System Namespaces (DFSN). Sites aren’t necessarily tied to physical or geographical locations. Assuming that the available bandwidth and network latency is adequate (less than 10ms latency between locations is recommended), a single site can be used.
When sites are created, they are connected via a site link. Site links provide intersite connectivity for replication. Creating site links means creating a link in the Inter-Site Transports container and ensuring that every site is connected to each other. The same site link can be used for sites with the same connectivity and availability.
