Until the last time, I was able to build a basic environment of Active Directory.However, special precautions are required for multiple bases.This time, I will introduce the configuration of the domain environment including the low -speed line.
Separate the site by site
Building an Active Directory environment will cause a lot of communication between domain controllers, or between domain controllers and clients.This communication is not a problem in an environment built with high -speed LAN, such as one building.However, if you are connecting the Tokyo headquarters and the Osaka branch, it is not desirable that a large amount of traffic flows into the low -speed WAN line.This can take time to authenticate and hinder other communications.
In order to solve these problems, the "site" introduced in the sixth series is equipped with Active Directory.The area where high -speed communication is possible is a single site, and communication is controlled between the site and the site.It is defined as a TCP/IP subnet with a good connection to the site, that is, a highly reliable and high -speed communication.Although the definition of high -speed is not always strict, the area connected by LAN is generally regarded as high speed.
However, as in a wide area Ethernet, opinions are divided when "speed is LAN but operational form is WAN".In principle, if you want to strictly control the network traffic, you can use the same site if you want to make it easier to manage.
The purpose of the site is mainly two points: "duplicate traffic control" and "authentication traffic control".Duplicate traffic control compresses the duplicate data of the Active Directory directory datata base and controls the duplicate time.The control of the authentication traffic is limited to the domain controller that performs logon authentication.
The site is independent of the domain.In addition to configuring multiple domains on one site, a domain that straddles multiple sites can be configured.For this reason, managing the site requires the authority of "Enterprise Admins", which has the administrative authority of the entire domain (forest) instead of "Domain Admins", a domain manager.
Figure 1 ● Relationship between site and domain
The work of using the site is
It will be.Let's explain in order.
Even if the administrator does not create a site, Active Directory has a site named "Default-First-Site-name", and all domain controllers are automatically assigned.If there is only one site, you may not care about "default-forst-scite-name" or change it so that it is easy to understand.The site is an object that represents the area, and its names are often named the region or building.
On the other hand, if there are two or more sites, add and change the site by the following procedure.Here, a TOKYO site and OSAKA site are created as an example.
If you open the property of the created site, you can change the settings such as the site link described later.
(Next page, following "Creating a subnet object")
