Networks are made up of well-connected segments that are connected through other less-reliable or slow links. For a domain controller to be considered "well connected" to another domain controller, the connection type will usually be 100 Mbps or greater. Of course, that is a generalization. Some segments on your network may have 100 Mbps or higher links between systems, but if the links are saturated you may not have enough available bandwidth to support replication. The inverse is also true: you may have network connections that are less than 100 Mbps that have enough available bandwidth to handle the replication and authentication traffic.
Look over the existing network and draw up a network map that defines the subnets that are well connected. Some organizations have a networking group that is responsible for the network infrastructure and a directory services group that is responsible for the AD DS infrastructure. If this is the case, you have to make sure that the two groups work closely. From the group responsible for maintaining the network infrastructure, find out the current physical topology of the network. Gather information about the location of routers, the speed of the segments, and the IP address ranges used on each of the segments. Also note how many users are in each of the network segments and the types of WAN links that connect the locations. This information will prove useful as you design the site topology.
As an example, consider a company that has a campus in Newark with four buildings and two remote locations: Albuquerque and New Haven. All of the buildings in Newark are connected via a fiber distributed data interface (FDDI) ring. The two remote locations are connected to Newark via T1 connections. Figure 4.3 shows the network map, which also lists the user population at each location.
For organizations that have more than one domain, you will need to determine where the user accounts reside. A site can support users from multiple domains as long as those domains are members of the same forest. On your network map, if you have more than one domain, designate the number of users from each domain. In our previous example, if the Research and Development department has its own domain for security purposes, the network map may look like Figure 4.4.
Don't confuse the logical representation of your network with the actual physical entities. You could still have domain controllers from multiple forests within the same physical subnet, but the AD DS objects that define the resource can exist only within one forest.
understanding the current network infrastructure 83
Multiple-domain network map
Was this article helpful?