?
Solved

Number of Domain Controllers on Network

Posted on 2007-11-19
12
Medium Priority
?
219 Views
Last Modified: 2010-04-20
We have 20 servers and have 6 domain controllers. Why would you need more then 2 domain controllers?

Thanks,
0
Comment
Question by:mkurtzhals
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +2
12 Comments
 
LVL 6

Accepted Solution

by:
mmcodefive earned 1200 total points
ID: 20315313
Depends on your network setup. I have a domain controller in every remote office. In my main office I have two so if one goes down you have a secondary one to take over. You would not need six in one location unless you had some extremely permissions intensive application or something to that effect.
0
 
LVL 2

Author Comment

by:mkurtzhals
ID: 20315341
Yep we have only one location..
0
 
LVL 6

Expert Comment

by:mmcodefive
ID: 20315370
Unless you have hundreds of users and I mean it takes a lot to slow down an well implemented AD server. Then just two is probably going to work as well or better then six. Remember the more servers you have the sysvol has to replicate amongst all the servers.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 2

Author Comment

by:mkurtzhals
ID: 20315462
That was my reason why I wanted to demote them becuase of replication issues.  We only have 80 users.  I still am not sure on the logic of 6 domain controllers.
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20315503
is a bit much for that amount of users im all for redundany but i would use at least 3 of them for something else
0
 
LVL 2

Author Comment

by:mkurtzhals
ID: 20315512
I am guessing the last admin just promoted every new server to be a domain controller??
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20315544
crazy
0
 
LVL 6

Expert Comment

by:mmcodefive
ID: 20315606
I agree demote 3, 6 is way too many. I have about the same number of users on two and its fine.
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 400 total points
ID: 20315694
To be quite honest, 1 well-implemented DC with the correct hardware running 80 users is nothing, so you could quite safely demote 3 - 4 of your current DCs and provided the ones you leave behind still have the FSMO roles and there is at least one global catalog, you won't have any problems.

20 servers is quite a lot for 80 users, not that I'm straying this question off course but are you running some intensive database package or something?

-tigermatt
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20315732
yes we have 2 dc in one site that got well over 100 users and they work fine both service DNS, DHCP aswell
0
 
LVL 2

Author Comment

by:mkurtzhals
ID: 20315764
We have 10 servers running pretty intensive DBs/applications.  Unfortunantly I have lost the debate on vmware.  I really wish we could consolidate some of our programs but at this point it is not an option.

Thanks
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 400 total points
ID: 20315817
hmm 2 is reccomended, anything more actually decreases performance in some circumstances.....two per site with a single GC is optimal....both DC's should be DNS boxes as well...I have 3 in my central site purely for redundancy as i have a large network....but two is ideal
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month12 days, 21 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question