NIST's guidance for a Zero Trust Architecture

Recent Posts

Active Directory Sites

What makes Active Directory (AD) a very powerful tool is the combination of two distinctly different structures it possesses: a logical structure and a physical structure. The logical structure consists of forests, domains, etc.. On the other hand, the physical structure is represented by the Domain Controllers (DCs), servers, physical subnets, etc. A Site is a logical means to represent the physical aspects of AD.


Active Directory Sites are the best solution for managing organizations that have branches in different geographical locations, but fall under the same domain. Sites are physical groupings of well-connected IP subnets that are used to efficiently replicate information among Domain Controllers (DCs). It can be thought of as a mapping that describes the best routes for carrying out replication in AD, thus making efficient use of the network bandwidth. Sites help to achieve cost-efficiency and speed. It also lets one exercise better control over the replication traffic and the authentication process. When there is more than one DC in the associated site that is capable of handling client logon, services, and directory searches, sites can locate the closest DC to perform these actions. Sites also play a role in the deployment and targeting of Group Policies.

In AD, the information about the topology is stored as site link objects. By default, the Default-First-Site-Name site container is created for the forest. Until another site is created, all DCs are automatically assigned to this site.


Within sites, subnets help in grouping neighboring computers based on their IP address. So every subnet is identified by a range of IP associated addresses, and a site is the aggregate of all well connected  subnets. Subnets could be based on either TCP/IPv4 or TCP/IPv6 addresses.

Site Links

As the name implies, site links are used to establish links between sites, the default site link being called Default-First-Site-Link. They give the flow of the replication that takes place between sites.  By configuring site link properties such as site link schedule, replication cost and interval, intersite replication can be managed.

Sites and Replication

In AD, when a change is applied to a specific DC, all other DCs in the domain are informed about the change and updated. This happens through the process of replication. To learn more about replication based on the site topology, click here.

Active Directory Sites and Services

Active Directory Sites and Services is an administrative tool that is used to manage sites and the related components. It comes with its own MMC snap-in. The following is a partial list of tasks that can be managed:

  • Creating sites
  • Creating subnets, and associating subnets with sites
  • Creating site links
  • Configuring site properties
  • Moving servers between sites

Creating a site

The following steps illustrate how to create an AD site:

  • Go to Start → Administrative Tools → Active Directory Sites and Services. The Active Directory Sites and Services Window opens.
  • In the left pane, right click Sites and click New Site. Give it a suitable name and select DEFAULTIPSITELINK, and click OK. The site has been created.
Creating a site

Creating a subnet

Now that a site other than the default site has been created, a subnet that specifies the site boundaries has to be created. The following steps illustrate how to create a subnet:

  • Go to Start → Administrative Tools → Active Directory Sites and Services. The Active Directory Sites and Services Window opens.
  • In the left pane, right click Subnets and click New Subnet.
  • Enter the address prefix using network prefix notation.
  • Select a site object for this prefix, and click OK. The subnet has been created.
Creating a subnet

Creating site links

  • Go to Start → Administrative Tools → Active Directory Sites and Services. The Active Directory Sites and Services Window opens.
  • In the left pane, expand the Sites container. Under Inter-Site Transports, right click IP and click New Site Link.
  • Enter a suitable name for the site link. Add the required sites, and click OK. The site link has been created.
  • To configure the site link properties, right click and select Properties. Specify the values for cost and the replication interval, and/or change schedule.
  • Finally click OK to apply the changes.
Creating site links
Related posts
Recent Posts

What is Active Directory?

Recent Posts

Security Account Manager

Recent Posts

Local User Management

Recent Posts

Active Directory Rights Management Services (AD RMS)

Leave a Reply

Your email address will not be published. Required fields are marked *