Best practise for DR site AD topology

Farid Ahmadov 81 Reputation points

Hello every one, I created new AD in DR "Site B", it will use if main Active Directory located in "Site A" fail, Our workstations and Servers have secondary "Site B" ip in DNS setting, is it nessesary to create new site in Active Directory site and servers and set subnets? I have checked disastery and it work normally, speed between sites is 1gbit/s and distance about 300 km, AS I understood site creation and subnets need for schedule replication, but we do not have any issue now because data is several kbts.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,223 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marcin Policht 18,090 Reputation points MVP

    You should create a separate site. This would localize the authentication traffic. Even with high bandwidth and low latency, there is no reason to have users/devices in the production site authenticate randomly against domain controllers residing in the DR site

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.



2 additional answers

Sort by: Most helpful
  1. Daisy Zhou 21,121 Reputation points Microsoft Vendor

    Hello Farid Ahmadov,

    Thank you for posting in Q&A forum.

    Yes, it is recommended to create a new site in Active Directory and configure the appropriate subnets for the new DR site. This will ensure that replication traffic is properly managed and optimized between the two sites.

    While you may not be experiencing any issues currently due to the small amount of data being replicated, it is important to properly configure your Active Directory environment to ensure optimal performance and reliability in the event of a failover.

    Additionally, configuring sites and subnets will allow you to properly manage group policies, authentication, and other Active Directory features across both sites.

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou


    If the Answer is helpful, please click "Accept Answer" and upvote it.

  2. Farid Ahmadov 81 Reputation points

    additional question if I create subnets for first site(it will include servers, workstations) if my first site fail, my second site will not prevent authentifications?