Part III Security and Active Directory Active Directory Site Design and Configuration The first thing that you find out after you start Active Directory intersite and intrasite design is how well or how poorly your TCP/IP network has been designed, but before you start configur- ing anything in Active Directory, first make sure the physical network is optimized in terms of addressing, subnetting, and topology. Confirm that the computers on the network that are attaching to Active Directory are obtaining the correct IP addresses. They should not be sitting on a different subnet from the one you are installing or getting the wrong dynamic IP addresses from a DHCP server. If the IP design is not sensible, location services are not going to resolve DCs as quickly as they should, and the logon experience becomes disappointingly slow for the user. Topology A good place to start when designing the physical structure is network topology. Begin by drawing a topology diagram of each site and then diagrams showing the links between each site. After you have the site topology sketched out, you can create a network diagram showing the links between the different sites and how everything feeds back to corporate or enterprise HQ. Show the speed between the links and the different IP subnets that are in place. Also list the names of the routers on the links, the quality and transports being used, and so on. For example, in the WAN network in Figure 20-12, we indicate the IP addresses of the routers, the DHCP scope being used on that segment, the brand and model of the router, whether the site is Token Ring or Ethernet, and so on. Also specify on the diagram or in supporting documentation the following: Indicate the speed of the link and the traffic. Your service provider can give you a breakdown of the bandwidth you are using, spikes in traffic, and your busiest times. Describe the cost of each link in as much detail as possible. Especially important to note is whether a link is pay-by-usage. This enables you to determine replication strategy to such a site. Describe the quality and reliability of the link. Define your site links by using the actual network topology that is already in place as a starting point. After all, if you have a network that is already down, no matter how bad it is, you have to start somewhere. If the links between the sites are reliable, you should map your Active Directory structure to this network as a foundation. Changes can be made later. 720