Welcome to the lecture where we review Active Directory Site Topology. As a point of reference, let's recap Active Directory domain service's logical configuration. We have a forest and in that forest are domains. All the domains hold a partition of the directory and our administrative boundaries. All domains in the forest are connected with transitive trust relationships. This is the logical layout of domains in a forest, but the actual physical layout of domains in the forest could look significantly different. For example, while it may be possible that each domain is associated with a physical location, that is not always the case. It's possible instead to have a forest structure that maps to different business units, all in the same building. 

Or we could have domains that map to multiple locations. These locations could be in the same campus or spread across the globe. When a domain user logs in at a location, the local domain controller is the most efficient option for processing the login request, but without any information about the physical location, a domain controller across the globe may process the login instead. This could lead to delays due to latency and excessive land traffic. To overcome this issue, Active Directory introduced the concept of sites. 

A site represents a well connected physical location. Generally, 10 milliseconds or less of latency is considered well connected. When we deploy the first domain controller in a forest, a default site called Default-First-Site-Name is created and all domain controllers are added to that site. This is fine for a single location, but for a multiple site deployment, additional sites are required. For example, let's say we have one Active Directory domain and the company has three locations. Each location could be a single floor in an office or a campus connected by high speed fiber optic cables. All the locations are connected by a wide area network connection. This layout will use three sites, one for each physical location. 

But that leads us to the question, how do we identify what location the servers and clients are located at? The solution is found with the organization's network. Each site maps to one or more subnets on the organization's internal network. A subnet is a block of IP addresses allocated for computing resources. Subnets and IP addresses are unique to the network. The most common practice is to use private non-routable IP addresses for the internal network. These are blocks of IP addresses that cannot be used on the public Internet. There are three private non-routable IP address spaces. The 10.0.0.0/8 network, the 1/72.16.0.0/12 network, and the 192.168.0.0/16 network. 

These private IP address ranges can be subnetted or split into smaller blocks of IP addresses. Each site has one or more well connected subnet. All servers and clients at that site will get an IP address that's part of one of those subnets. By associating each subject with a site, Active Directory gains awareness of the site clients and servers are on. This awareness and Active Directory provides client affinity. Client affinity provides a way for domain controllers to pass information to clients about the closest domain controllers to the client. For example, let's say a user from site 2 travels to site 3. When they initially log into site 3, the client may try to authenticate to its last known domain controller at site 2. 

The domain controller will see that the client is on site 3 based on their IP address and direct the client to a domain controller at site 3. Sometimes there may be a reason not to put a domain controller at a specific site. Maybe it's a small location with a reliable connection to a domain controller at another location, or there are security reasons not to deploy a domain controller at that location. In this case, it's best to include the subnet with a site that has the best connectivity to the location. 

This will set client affinity to the best connected site. Successfully creating and managing Active Directory sites requires knowledge of the organization's networking topology. It requires an understanding of the Local Area Network or LAN and the Wide Area Network or WAN, including performance characteristics of each. Also, the user must have rights to create sites, add subnets, and move items in Active Directory. Networks don't stay static. An Active Directory site administrator must also monitor and update sites to correspond with network changes. Coming up next, we'll create site objects in a Windows Active Directory Domain.