Summary: AD Sites and Services maps physical network topology to AD, controlling how clients locate DCs and how replication is scheduled across WAN links.
A site is a logical representation of a physical network segment with good connectivity (typically a LAN). Sites contain subnets; domain controllers are assigned to sites based on their IP addresses.
Sites serve two purposes:
Map IP address ranges to sites. Every computer resolves its site by matching its IP to a configured subnet.
Add subnets in Active Directory Sites and Services MMC: Sites → Subnets → New Subnet
Format: 192.168.10.0/24 → assign to site.
Computers whose IPs don't match any subnet are placed in the default-first-site or log a warning event.
Define the connectivity path between sites for replication. Properties:
| Property | Description |
|---|---|
| Cost | Relative link cost — lower cost = preferred path (default 100) |
| Replication interval | How often replication runs across this link (default 180 minutes; minimum 15) |
| Schedule | Hours during which replication is permitted |
| Transport | RPC (default, synchronous) or SMTP (async, rarely used) |
By default, site links are transitive — AD automatically bridges them. Explicit site link bridges are only needed if Bridge all site links is disabled (rare, advanced topologies only).
The KCC runs on every DC every 15 minutes and automatically calculates the replication topology:
Manual connection objects can be created in ADSI Edit or Sites and Services, but the KCC will work around or modify them over time.
| Intra-Site | Inter-Site | |
|---|---|---|
| Trigger | Change notification (immediate, ~15s) | Polling interval (default 180 min) |
| Compression | No | Yes (reduces WAN bandwidth) |
| Schedule | 24/7 | Configurable per site link |
| Topology | Ring (KCC-managed) | Hub-and-spoke or ring (KCC-managed) |
A bridgehead server is the DC in a site that handles inter-site replication with other sites. The KCC selects one automatically per site per transport.
To designate preferred bridgehead servers:
Sites and Services → site → Servers → DC → NTDS Settings → Properties → Add to preferred bridgehead list
⚠️ Overspecifying Bridgeheads
If all designated preferred bridgehead servers become unavailable, inter-site replication stops entirely. The KCC will not fall back to other DCs if preferred bridgeheads are configured. Use with caution and ensure redundancy.
When a client logs in or needs to contact a DC:
_ldap._tcp.<sitename>._sites.dc._msdcs.<domain>This is why having at least one GC in every site with users matters — cross-site GC queries slow down logon significantly.
# Summary of replication status across all DCs
repadmin /replsummary
# Detailed replication status for all DCs
repadmin /showrepl *
# Check for replication failures only
repadmin /showrepl * /errorsonly
# Force immediate replication from a specific DC
repadmin /replicate DC1 DC2 DC=example,DC=com
# Show which site the local machine belongs to
nltest /dsgetsite
# Show site for a remote machine
nltest /server:computername /dsgetsite
# Find a DC in a specific site
nltest /dsgetdc:domainname /site:sitename