Best practise for DR site AD topology

Farid Ahmadov 81 Reputation points
2024-06-12T20:26:25.17+00:00

Hello every one, I created new AD in DR "Site B", it will use if main Active Directory located in "Site A" fail, Our workstations and Servers have secondary "Site B" ip in DNS setting, is it nessesary to create new site in Active Directory site and servers and set subnets? I have checked disastery and it work normally, speed between sites is 1gbit/s and distance about 300 km, AS I understood site creation and subnets need for schedule replication, but we do not have any issue now because data is several kbts.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,149 questions
0 comments
Accepted answer
  1. Marcin Policht 16,730 Reputation points MVP
    2024-06-12T20:36:39.2166667+00:00

    You should create a separate site. This would localize the authentication traffic. Even with high bandwidth and low latency, there is no reason to have users/devices in the production site authenticate randomly against domain controllers residing in the DR site

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daisy Zhou 20,791 Reputation points Microsoft Vendor
    2024-06-13T09:45:21.4733333+00:00

    Hello Farid Ahmadov,

    Thank you for posting in Q&A forum.

    Yes, it is recommended to create a new site in Active Directory and configure the appropriate subnets for the new DR site. This will ensure that replication traffic is properly managed and optimized between the two sites.

    While you may not be experiencing any issues currently due to the small amount of data being replicated, it is important to properly configure your Active Directory environment to ensure optimal performance and reliability in the event of a failover.

    Additionally, configuring sites and subnets will allow you to properly manage group policies, authentication, and other Active Directory features across both sites.

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

  2. Farid Ahmadov 81 Reputation points
    2024-06-16T21:01:08.9733333+00:00

    additional question if I create subnets for first site(it will include servers, workstations) if my first site fail, my second site will not prevent authentifications?