Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 214
  • Last Modified:

New 2008 Server Environment

Hi All,
We have in place a 2003 Server environment, which consists of the following,
"      3 separate physical sites connected with T1s
"      1 forest, 3 separate Domains, abc.com, def.com, xyz.com (disjointed domains)
"      2  Domain controllers at each site (2003 Server) (AD,DHCP, DNS, WINS)for a total of 6 DCs
"      Each site has approximately 250-300 Users.
"      Each Site it IT staffed

The Plan
"      Move to MPLS between the 3 sites
"      Upgrade our environment from 2003 Server to 2008
"      Combine 1 forest/3 domains to 1 forest/ 1 domain (Starting  fresh)

With the advances that are included with 2008 Server I'm not 100% clear on the best path for this migration. Would there be any use for Read-Only Servers in this solution or would each site continue to maintain 2 Domain Controllers?  What would be the best viable solution for the scenario also taking into consideration for fail over between sites.
  • 2
  • 2
2 Solutions
Mike KlineCommented:
How secure are your locations, for instance how likely would it be that someone steals a DC.   What is physical security like?
I support a federal organization and our server rooms our very secure so I'm not really worried about RODCs in my current environment.  I do see the need in some places but if someone gets access to our computer rooms then there are more issues than just DC's (because at that point they have breached very secure areas)
You could get away with 1 DC for 250-300 users if you had to at each site but since you have the two boxes already I'd just stick with that.
One big thing here is down the road what do you do with the domain admins.  Are the 3 domains now run by separate DA's?  
chadeauxAuthor Commented:
Hey Mike,

The Server Rooms at each site are Secure(PCI Compliant) Camera and Bio Locks. I was thinking an RODC for redundancy mostly, if the primary would fail then users could still authenticate. Currently there is IT staff at each site,but we all manage each others domain from time to time anyways. The single domain move would streamline a few thing, one being cross domain permissions, and consistency across the sites.

So you think the best solution would be have 2 Domain controllers at each site just as we are operation now?
Mike KlineCommented:
Yeah the second DC in each site would give you the extra redudancy and if both DC's (worst case) went down clients could still use the the DC's in the hub.
I'd make all the DC's global catalogs
Sounds like you are very secure so the RODC doesn't do much for you all.

I'd pretty much agree with what Mike has mentioned above. The need for RODCs only starts to come when you have many, many sites in which you cannot maintain physical security on your DCs.

For three sites, you would make much better use of having 2 DCs in each site. This provides redundancy in each site, and having local DCs means the network can run on its own with resilience from a single site without a replication link - if the site links fail for any reason.

chadeauxAuthor Commented:
Thanks, Mike and Matt

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now