Best Practices

• Replication within a single site happens automatically and quickly and rarely fails. If all of your company’s domain controllers are connected by fast network connections, you should implement a single site.
  
  
• On the other hand, if your company has multiple locations where you install domain controllers, creating additional sites is the easiest and best way to manage AD DS–related traffic across WAN links with limited available bandwidth. Not only do multiple sites limit replication traffic, but they also keep client authentication traffic local.
  
  
• Develop a regular practice of monitoring AD DS replication. Consider using a tool such as the Active Directory Management Pack with System Center Operations Manager to monitor replication on all domain controllers in your site. If you do not have a tool like this, regularly monitor the Directory Service event log and either the DFS Replication event log (if your AD DS forest is at the Windows Server 2008 functional level) or the File Replication Service event log.
  
  
• In most organizations, the most important cause of AD DS replication errors is DNS lookup errors. By integrating DNS with AD DS and taking advantage of the DNS directory partitions, you can minimize the chances of DNS errors.