Active directory sites serve two purposes:
- Control AD replication traffic
- Ensure that users logon to a local DC rather than crossing a WAN link during login
As a general rule of thumb, you should install a domain controller in a branch office if there are 50+ users, and you should install a global catalog if there are 100+ users.
There are three reasons to have an OU:
- To delegate administration
- To apply group policies
- To hide resources
