Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

How many DC's needed for my domain.

I've started with a company who has about 60 users, and are setup with two domains in their forrest (Parent and Child).  They run 5 DC's total 2 in the parent and 3 in the child.  I'm hoping to lessen the amount of servers they use here however I'm being told that it is essential to the stability of the network that we reamain using 5 dc's according to my predecessor.   What I believe he may have been reffering to was in regards to the FSMO roles and not having the infastructure master on the same dc as a global catalog server which wouldn't be the case.  Are their any other reasons why this would be?  If more info is needed please let me know.

Thanks,
0
rkroger
Asked:
rkroger
  • 3
  • 2
2 Solutions
 
tigermattCommented:
If they've got so few users, then there is no gain by separating any resources into their own child domain. I would first start by transitioning from the child domain back to the parent domain, then completely removing the child domain from the network. That will give you 1 single Active Directory domain to play with - much better for a small 60 user environment. I've worked on domains of 2000+ users where they only have one Active Directory domain - the use of subdomains is really only good in very large corporate environments with thousands of users and computers.

In a single-domain environment, you can place all the FSMO roles on the same server as the Global Catalog role. Even in a multiple domain environment, you would only need a second server to move the Infrastructure role to - I guess the third in the parent domain is simply so you can have two Global Catalogs for resilience but still have somewhere to run the Infrastructure Master Operations role from. If you rid yourself of the child domain though, I would say two DCs would probably be enough for that amount of users. 5 DCs in that environment, while it adds lots of resilience, it's probably too much maintenance for you particularly looking at the size of the network. They could easily be put to use as Exchange, SQL servers or file and print servers, without running the DC roles and therefore much more effectively.

I've got clients with 800 user networks who only have 2 - 3 DCs -- it's a good idea for any more than a few users to have more than one DC for resilience, but five for 60 users is overkill.
0
 
rkrogerAuthor Commented:
Thanks for the quick response.

Totally agree with you, I've already made mention that  the current setup is overkill and want to move to a single domain enviroment.  Unfortunately it's not in their plans for this year.  I thought I could lighten my load a bit by reducing it to four servers but they are convinced their is a need for 5.  The only thing I could really find was that you can't have your GC and Infastructure on the same dc.  Also I should mention we use a data center and 2 of the dc's of the child domain sit over here in our office.  Could that have anything to do with needing the 5 dc's?

(Sorry I'm new to multiple domain infastructure)
0
 
tigermattCommented:
I think there are 5 DCs for the following reasons:

a) You cannot place the Infrastructure Master FSMO operations role on the same server as a Global Catalog server, when there is more than one domain (it's fine in a single-domain environment);
b) It is nice to have resilience.

As a result, the parent domain has 3 DCs - 2 of them probably act as Global Catalog servers, giving resilience. There must therefore be another non-GC DC which is acting as the Infrastructure Master role holder. The child domain then again has 2 DCs for resilience.

I've no idea why they've used a child domain for the office and made it a child of the domain on DCs in the data centre. The correct way to do it would be to just add another site into Active Directory Sites and Services on the parent domain, configure the IP subnet correctly, and then perhaps bring up a DC in the office which is just an additional domain controller for the *parent* domain. There's no need to use a child domain for a branch office - that's just complicating matters beyond what is necessary!

If you still want total resilience and they aren't going to migrate away from the parent/child domain environment, then I think looking at this 5 DCs are going to be required. I guess one of the DCs in the parent domain which is acting as a Global Catalog is unnecessary - but demoting it would only leave one Global Catalog server in that domain.

Once you migrate away from the child domain scenario you should get away with 2 DCs, though. As you can see, this is just one of the many reasons why child domains are not feasible for small businesses and small networks - they just require too many servers to function correctly.

-tigermatt
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Multiple domains makes little sense for most offices.

As for multiple Domain Controllers, I recommend TWO DCs per site.  Any more is excessive.  If the predecessor says you need 5, then ask him WHY?  What's his logic?  Maybe there's something we're not aware of that is unique to your environment.  
0
 
rkrogerAuthor Commented:
Maybe it doesn't matter but it's only 2 dc's in the parent and 3 in the child.  See I thought that if in the child domain i had on dc1 RID and PDC and have it be a Global Catalog.  On dc2 have it be the Infastructure Master and then eliminate the 3rd DC.  I understand some resiliance will be lost but we wouldn't loose functionality on our network.
0
 
tigermattCommented:
Yes that would certainly work. Don't forget the other roles you need though - they are the PDCe, RID Naming Master, Infrastructure Master, Schema Master and Domain Naming master. It's just the Infrastructure master role which shouldn't be on a GC - other than that it's really up to you. You could in theory have one DC acting as a GC in the child, then have all the FSMO roles on the other DC which isn't a GC. Alternatively, you could have all 4 FSMO roles on the GC DC and just the infrastructure master on the non-GC DC.

Both of these would work.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now