Need some help and explanation in creating AD Sites and Links ?


Can anyone please help to explains to me which one to use between the two types of Inter-Site Transports below:
Site Link or Site Link Bridge

What is the benefits of creating the Sites and Subnets for newly deployed site office without Domain Controller ?
because everything is seems to be working fine without the Subnet or Site object created in the AD Sites and Services console.
LVL 11
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Senior IT System EngineerIT ProfessionalAuthor Commented:
So is there any benefits in creating the site apart from getting rid of the below error:

PS C:\> nltest /dsgetsite
Getting DC name failed: Status = 1919 0x77f ERROR_NO_SITENAME

Open in new window

David Johnson, CD, MVPOwnerCommented:
no domain controller so how are you accessing sites and services console? it needs to point to a domain controller!
Senior IT System EngineerIT ProfessionalAuthor Commented:
The domain controllers is on the Data Center AD site.

So is there any benefits in doing so ?
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

PberSolutions ArchitectCommented:
By default site links provide transitivity.  Meaning resources in sites with traverse the site links to get to resources in other sites (i.e. replication).   This default behavior can be turned off.  If you do this, replication between sites will not occur.  You can create a site link bridge to connect two sites.  This will restore the connectivity.  

In the past typically different physical sites were poorly connected network wise.  AD adopted sites and services to deal with this.  You could define the different subnets for each site then assign the subnets to sites to match the physical topology of your network.  This AD would use the site topology to control how AD replication.  If would also use this information to control how user authenticate (users would first attempt to contact DCs in their local site).

These days with high speed and highly available links, the need to configure different sites is not really required.  Former AD design engagement we had with Microsoft Engineers had us create sites, these days they've recommended we collapse our sites into just one as we have highly available high speed links.
PberSolutions ArchitectCommented:
Also regarding the lack of DC at the new site...

If you create a site in AD for a site the does not have a DC, it doesn't affect the way people logon or access the DC.  They will be all sent to the site that has a DC.  

If you had DFSR Namespace or Replication to a server in your new site, by properly configuring site and services you can have benefits.  Users within your site, will be directed to the local DFSR copy within that site.  So if you had a file server in your man Data Center AD site with a DFSR replicated share to a file server in your new remote site.  When users access the namespace in the Main site, they would connect to the local server in the main site, whereas the users in the new remote site, would connect to the server within their remote site automatically.  If either of the servers went down, users would be automatically directed to the remaining online server at the other site.
Here's a good explaination:
Senior IT System EngineerIT ProfessionalAuthor Commented:
Ah I see,

I guess there is no real benefits then since I do not use DFS and there is no Domain Controllers in each of the Site Office building.

"these days they've recommended we collapse our sites into just one as we have highly available high speed links."

I have a 10 MBps MPLS link between the site offices and the data centre and some Site offices still got old 2003 domain controller, based on your suggestion above, I'm thinking to demote all of those AD Domain Controller in the old site offices and then delete all of the AD Sites and then just retain the Domain Controller in the data centre AD site,

is that correct ?
PberSolutions ArchitectCommented:
It may still be of benefit to have DCs at the remote site offices and still collapse the AD sites does to one.  The reason to keep the DCs at the site offices is to help with a link failure.   How many users do you have at your remote site offices.  What kind of services are required there?  What services would you loose if you loose the site link?
Senior IT System EngineerIT ProfessionalAuthor Commented:
Here it is the brief details:

Site Offices:
Connected using 10 MB WAN link to the Data Center
50 users in the site office
File Server
Print Server

That's about it.

What services would you loose if you loose the site link?
Hm.. not that I know of, what's the purpose of Site Link if there is no DC/GC in the site office.
PberSolutions ArchitectCommented:
Sorry I think I'm confusing you with two things.  The "AD Site Link" and the "Physical link".  The AD site link doesn't really effect you.  It just help control your client communications in the background.  And as I mentioned earlier, these days, not as important as it was when AD first came out when there was actual slow links.

If you loose your "Physical Link" for a short amount of time, you'll probably be OK without a local DC   Users should be able to logon with cached credentials (usually enabled by default).  Once the user's cached token expires (when their password expires), you may have issues.  They will not be able to access the file or print server.  

Also by default the computers also update their trust relationship with the domain once a month.  If they can't connect to the DC to update their trust token, you will run into issues.

Physical link outages of a few hours, you'll be fine and probably have no or very minimal problems.  An outage of a few days without a local DC, you will likely see some issues.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerIT ProfessionalAuthor Commented:
THanks !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.