domain contorllers

Posted on 2007-08-08
Last Modified: 2013-11-05
I know you only need 1 DC to run AD, and 2 if you want redundancy, but I thought FSMO roles need to be seperated like schema master, naming master, PDC-RID Infastructor master, and GC should be on seperate boxes, and for growth if you want to expqand the domain or forest later what is the optimal setup to start with, also with W8K server coming I want to be prepared.

Question by:mamidei
    LVL 10

    Accepted Solution

    You only need to separate the Global catalog and Infrastructure master roles....  unless all your DCs (could be just the one or lots) are global catalog servers.

    Author Comment

    So on a single domain you really need 2 DC, not one like it has een recommanded?
    LVL 30

    Expert Comment

    I recommend a minimum of 2 DCs in any AD environment, no matter how small.  Darylx has already explained the best practices for when you need to separate the Infrastructure Master FSMO from the Global Catalog role.
    LVL 13

    Expert Comment

    Best practice is to have 2 DC's for redundancy, but this is not a requirement and all FSMO roles can exist on a single DC with a Global Catalog.  In a single domain the infrastructure master and global catalog can reside on the same DC.  This is due to the Infrastructure Master not having "anything to do" (MS parlance).  

    Take a look at
    LVL 70

    Expert Comment

    2 DCs on each site is really recommended to provide within-site redundancy bioth the Global catalog, more can be added for futher load balancing and redundancy. Most people leave the FSMO roles where they are and this works well.

    For optimal FSMO placement see
    LVL 10

    Expert Comment

    As everyone else has said, you need two DCs for redundancy.  You can have a domain with just one domain controller but if that server fails, you're screwed.  You couldn't just install a new domain controller to replace the failed server; you'd have to restore it from backup which is a real pain in practice.


    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now