New 2008 Server Environment

Posted on 2009-02-09
Last Modified: 2012-05-06
Hi All,
We have in place a 2003 Server environment, which consists of the following,
"      3 separate physical sites connected with T1s
"      1 forest, 3 separate Domains,,, (disjointed domains)
"      2  Domain controllers at each site (2003 Server) (AD,DHCP, DNS, WINS)for a total of 6 DCs
"      Each site has approximately 250-300 Users.
"      Each Site it IT staffed

The Plan
"      Move to MPLS between the 3 sites
"      Upgrade our environment from 2003 Server to 2008
"      Combine 1 forest/3 domains to 1 forest/ 1 domain (Starting  fresh)

With the advances that are included with 2008 Server I'm not 100% clear on the best path for this migration. Would there be any use for Read-Only Servers in this solution or would each site continue to maintain 2 Domain Controllers?  What would be the best viable solution for the scenario also taking into consideration for fail over between sites.
Question by:chadeaux
    LVL 57

    Expert Comment

    by:Mike Kline
    How secure are your locations, for instance how likely would it be that someone steals a DC.   What is physical security like?
    I support a federal organization and our server rooms our very secure so I'm not really worried about RODCs in my current environment.  I do see the need in some places but if someone gets access to our computer rooms then there are more issues than just DC's (because at that point they have breached very secure areas)
    You could get away with 1 DC for 250-300 users if you had to at each site but since you have the two boxes already I'd just stick with that.
    One big thing here is down the road what do you do with the domain admins.  Are the 3 domains now run by separate DA's?  

    Author Comment

    Hey Mike,

    The Server Rooms at each site are Secure(PCI Compliant) Camera and Bio Locks. I was thinking an RODC for redundancy mostly, if the primary would fail then users could still authenticate. Currently there is IT staff at each site,but we all manage each others domain from time to time anyways. The single domain move would streamline a few thing, one being cross domain permissions, and consistency across the sites.

    So you think the best solution would be have 2 Domain controllers at each site just as we are operation now?
    LVL 57

    Accepted Solution

    Yeah the second DC in each site would give you the extra redudancy and if both DC's (worst case) went down clients could still use the the DC's in the hub.
    I'd make all the DC's global catalogs
    Sounds like you are very secure so the RODC doesn't do much for you all.
    LVL 58

    Assisted Solution


    I'd pretty much agree with what Mike has mentioned above. The need for RODCs only starts to come when you have many, many sites in which you cannot maintain physical security on your DCs.

    For three sites, you would make much better use of having 2 DCs in each site. This provides redundancy in each site, and having local DCs means the network can run on its own with resilience from a single site without a replication link - if the site links fail for any reason.


    Author Closing Comment

    Thanks, Mike and Matt

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now