Module 3:

Designing a Site
Infrastructure
Overview
Gathering Data for Site Design
Creating a Site Design
Modifying a Site Design for Replication
Placing Domain Controllers
Placing Global Catalog Servers
Placing Single Operations Masters
Lesson: Gathering Data for Site Design
Existing Network Information
Guidelines for Gathering Data for Site Design
Existing Network Information
The existing network infrastructure influences your
design. Be sure to document
The physical and logical network topology
The available bandwidth for each WAN link
Corporate Headquarters
Web
Server
Router Router
Firewall Firewall
Internet
LAN1
LAN
LAN2
Branch Office1
Branch Office2
LAN
Guidelines for Gathering Data for Site Design
Consult your organizations networking group
about the physical network topology
Document domain names and the number of users
for each domain in each location
Document your geographic locations and the WAN
links that connect them
Document IP subnets in each location
Guidelines for Choosing Sites
Guidelines for Creating a Site Design
Lesson: Creating a Site Design
Guidelines for Choosing Sites


Use the location map to help you determine which
locations to designate as sites:
Create a site for any location that will contain a
domain controller
Create a site for a location that has a server that runs
a site-aware application
Do not create a site for a location that has no domain
controllers or site-aware servers
Specify which IP subnets will be assigned to each site
Guidelines for Creating a Site Design


The name of the site
The geographical location the site represents
A list of IP subnets for the site
The site design plan should include the following:
The WAN links, link types, available bandwidth, and the
sites that the WAN links connect
Dicas


IntraSite (RPC)
Intersite (RPC sobre IP ou SMTP)
Replmon.exe, Repadmin.exe, Dsastat.exe , Event
Viewer , KCC
Tipos de Replicao

O padro o Bridge all site links estar habilitado e
ser TRANSITIVO

To enable clients to locate a domain controller in the next closest site

Click Start, click Administrative Tools, and then click Group Policy Management.
If the User Account Control dialog box appears, confirm that the action it displays is what
you want, and then click Continue.
Double-click Forest:forest_name, double-click Domains, and then double-click
domain_name.
Right-click Default Domain Policy, and then click Edit.
In Group Policy Management Editor, in the console tree, go to Computer
Configuration/Policies/Administrative Templates/System/Netlogon/DC Locator DNS
Records.
In the details pane, double-click Try Next Closest Site, click Enabled, and then click OK.

HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\Try Next Closest Site
If the registry entry DWORD value is 1, DC Locator will try to find the domain controller in
the next closest site if it cannot find a domain controller in the client's site. If the value is 0,
DC Locator will find any domain controller if it cannot find a domain controller in the client's
site


Lesson: Modifying a Site Design for Replication
Strategies for Site Links
Strategies for Site Link Bridges
Guidelines for Modifying a Site Design for Replication
Failover
Controle de replicao
Strategies for Site Links
Paris
Site Link Name: PAR-CLT
Seattle
Charlotte
Los Angeles
Frame Relay
Network
Site Link Name: SEA-LAX-CLT
WAN Link

A site link:
Enables replication traffic
between sites
Represents the physical
connection between two or
more sites
Consists of a site link name,
a list of sites included in the
link, a replication protocol, a
cost, a schedule, and a
replication interval
Strategies for Site Link Bridges
Strategy
Situation
Bridge all site links
Default Use most of the time
Disable bridging of
all site links
Your IP network is not fully routed
You want to control the replication
flow of changes made in Active
Directory
Guidelines for Modifying a Site Design for Replication
Site link design guidelines:

Logically represent
connectivity between sites
Create a single link for group
sites that are connected to a
single WAN provider
Use RPC over IP for all site
links
Use default replication
schedule
Based cost on available
bandwidth, not WAN link
speed
Site link bridge guidelines:

Use the default configuration
for intersite replication
Create a site bridge for a
group of sites when:
Your network is
complex
You want to control
replication between
specific groups of sites
Practice: Creating a Site Design
In this practice, you will create a site
design for Northwind Traders

Sydney
Los Angeles
Internet
Paris
Glasgow
Atlanta
T1
Broadband
E1 Dual E3
Fractional E1
Lesson: Placing Domain Controllers
Domain Controller Hardware Requirements
Guidelines for Placing Forest Root Domain Controllers
Guidelines for Placing Domain Controllers
Guidelines for Determining the Number of Domain
Controllers
Domain Controller Hardware Requirements
Before determining the placement of domain controllers in a
site design consider:

The capacity of domain controllers
The number of domain controllers you will require
Guidelines for Placing Forest Root Domain Controllers
If users in a site need to access
resources from another domain in
the same site, either:
Place a forest root domain
controller in the site, or
Create a shortcut trust between
the two domains
If a site hosts a data center or
is a hub, place a forest root
domain controller in that site
Guidelines for Placing Domain Controllers
Place domain controller in a site based on:

Number of users from the domain in the site
Site-aware applications that are used in the site
Local server-based shared resources in the site
Hub sites that will authenticate users over the WAN
Place an additional domain controller in a location if fault
tolerance is required
Do not place a domain controller in a location that has:
Inadequate physical security
Poor computer maintenance
Guidelines for Determining the Number of Domain
Controllers
Criteria Number of domain controllers
> 1,000 users
One
1,000 to 10,000 users
Two
< 10,000 users
One for every 5,000 users
To provide fault
tolerance
Add an additional one
To support replication
between sites
Add one for every 15 replication
connections
Lesson: Placing Global Catalog Servers
Considerations for Placing Global Catalog Servers
Guidelines for Placing Global Catalog Servers
Considerations for Placing Global Catalog Servers
For a user to log on successfully,
enumeration of the users universal group
membership is required
The domain controller accomplishes user
authentication by:
Using universal group membership
caching, or
Contacting a global catalog server
Guidelines for Placing Global Catalog Servers


If a site has fewer than 100 users, enable universal
group membership caching for the site
If your site has multiple domain controllers, designate
at least two as global catalog servers
If the site contains a directory-aware application,
designate at least one domain controller as a global
catalog server
In a single-domain forest, designate all domain
controllers as global catalog servers
If a large number of roaming users visit a site, place
global catalog servers in that site
Practice: Designing the Placement of Domain Controllers
and Global Catalog Servers
In this practice, you will design the
placement of domain controllers and global
catalog servers for Northwind Traders
Lesson: Placing Single Operations Masters
Operations Master Roles
Guidelines for Placing Forest-Level Single Operations
Masters
Guidelines for Placing Domain-Level Single Operations
Masters
Operations Master Roles
Level Role Service


Domain
level
PDC emulator
Acts as the PDC for Windows NT 4.0 BDCs in the domain
Processes all password updates for clients not running
Active Directory client software
Receives immediate updates from other domain
controllers when a users password is changed
RID master
Allocates relative IDs (RIDs) to all domain controllers
Ensures that all security principals have a unique
identifier
Infrastructure
master
Maintains a list of security principals from other domains
that are members of groups in its domain




Forest level
Schema
master
Controls changes to the schema
Domain
naming master
Controls the Addition and removal of domains to and from
the forest
If all domain controllers in the forest root domain are also
global catalog servers:
Guidelines for Placing Forest-Level Single Operations
Masters
Leave all operations master roles on the first domain
controller
Designate the second domain controller as the standby
operations master
If one or more domain controllers in the forest root domain do
not host global catalog servers:
Move all operations master roles to a domain controller that
is not configured as a global catalog server
Designate a third domain controller that is not configured
as a global catalog server as the standby operations master
Guidelines for Placing Domain-Level Single Operations
Masters


Leave the three domain-level operations master roles on the first
domain controller and ensure that it is never configured as a
global catalog server if any domain controllers in the regional
domains do not host the global catalog
Place the domain-level roles in a site that contains a large number
of users from that domain and is well connected to other locations
Always designate a standby operations master
Place all three domain-level roles on a single domain controller
Leave the three domain-level roles on the first domain controller in
the domain if all domain controllers in the domain will host the
global catalog
Lab A: Designing a Site Infrastructure