Windows Active Directory Domain Services (AD DS) is a leading identity management solution for organizations of all sizes. An AD DS deployment can be as simple as a single domain controller or as complex as a multi-domain forest spread across the globe. Managing sites, domains, and forests in an AD DS environment is critical to a healthy and reliable Active Directory infrastructure. This course is intended to provide the information needed to successfully manage Windows AD sites, domains, forests, trust relationships, and replication.
In this course, we start by reviewing AD DS forest and domain trusts. Then we examine forest design considerations to create a scalable environment that can meet future demands. Next, we investigate Active Directory sites, site links, and how they relate to the organization's network configuration. Finally, we evaluate AD DS replication and how site links can optimize replication in an AD DS environment.
Learning Objectives
- Windows AD domains, forests, and trust relationships
- Windows AD forests and domain design considerations
- Creating a two-way forest trust
- Active Directory sites and site topology
- Creating an Active Directory site
- Windows AD sites and replication
- Creating Active Directory site links
Intended Audience
- System administrators with responsibilities for managing hybrid identities
- Subject matter experts in configuring and managing Active Directory workload on-premises and in Azure
- Anyone preparing for the Azure AZ-800: Administering Windows Server Hybrid Core Infrastructure exam
Prerequisites
- A basic understanding of deploying and managing Microsoft Windows servers
- Windows Server installation media and an environment to run Windows Server (trial available at https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2022)
In this demonstration, we create new sites in Active Directory. Before we get started creating the sites, let's review the current configuration. The Demo Environment has three subnets. The 230 subnet, the 231 subnet, and the 232 subnet. Each represents a different location. For the purpose of this demonstration, we'll treat these as locations connected by a WAN. In reality, they're all on the same hypervisor. There are three domain controllers in the Demo Environment; WINDOWSDC1, WINDOWSDC2, and WINDOWSDC3. Each one is connected to one of the three subnets. The default configuration place the domain controllers in a site named Default-First-Site-Name.
The demo will start by creating three sites: Site-1, Site-2, and Site-3. After that, the subnets are added and associated with each site. Finally, we'll move the domain controllers into the corresponding site. This is required because the servers were added before the sites were created. There is an option to select an existing site when deploying a new domain controller. That option will be available for new domain controllers. We can add new domain controllers to the correct site at the time of deployment. To follow along, you'll need at least one domain controller. It is possible to create sites and subnets without a domain controller at that site, they will just remain empty until a domain resource is added.
Also required is enterprise admin or domain admin rights in the forest root domain. Let's get started in the domain controller. We'll start in one of the domain controllers logged in as the domain admin. Let's open Active Directory Sites and Services. If we go to the Default-First-Site-Name site, Servers, we can see a list of all three domain controllers in the environment. Right click on 'Sites' and go to a New Site. From here, we'll add our first site. Give it a name and select the DEFAULTIPSITELINK, and click 'Okay.' Click 'Okay' at the information screen. Repeat these steps for the other two sites. So, we'll go to a new site, add the site name, select the link, and click 'Okay.' We'll add the last one, New Site, Site-3, and 'Okay'.
Once finished, go to Subnets. There are no subnets added, right click on 'Subnets' and go to New Subnet. Add the prefix of the subnet. This is the subnet ID with a slash followed by the subnet mask. The first one is the 230 network. And then we select the site to associate the subnet 2. In this case, we're associating the 230 network with Site-1. Click 'Okay', and we'll repeat these steps for the other two sites and subnets. New Subnet, this is the 231 subnet, and we'll select Site-2. Now for the third subnet, this is the 232 subnet.
This subnet is associated with Site-3. Next, we'll go back to servers under Default-First-Site-Name and move them to the correct site. Right click on the 'Server' and select Move. WINDOWSDC1 goes to Site-1. We'll select the site and click 'Okay.' And we'll repeat this step for the other two domain controllers. Right click and 'Move.' WINDOWSDC2 goes to Site-2, and the same with WINDOWSDC3 that goes to Site-3. Once finished, we can see each server in the correct site. That is how to create Active Directory sites and subnets, associate subnets with sites, and move domain controllers to a site.
Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.