Domain Controller - DR design best practices

Hello there;

OK So we are setting up a new environment for a Client and we want to make the best design plan possible.

Site 1 (left):  Production environment   (2 DC )

AD1: DHCP, DNS, CG & Holds all 5 FSMO Roles


Site 2 (right): DR Site (1 DC)



Best design plan for DHCP,DNS,CG,FSMO, domain design "i.e child domain"

After hours of reading I reached a conclusion that we don't really need to make any changes to  FSMO Roles & we don't need to have a child domain on the DR site.

- Both sites "Production and DR" can be on the same domain in one single forest.
- First domain controller will be hosting all Five FSMO roles and there is no need to transfer or  or seize it.

If AD one goes offline and no hope of getting it back online:

-  seize FSMO roles to AD2

If the hole production site goes offline and there is no hope of getting it back online:

-  seize FSMO roles to DR AD

- Split the DHCP pool between 3 servers

- Make DNS available on 1st DC and DR DC

My question is: what do you think about this setup ?

Who is Participating?
dhruvarajpConnect With a Mentor Commented:
i would say GOOD design .. let us have the different Active directory sites for both physical sites
configure replication interval as less as 15 minutes

and have then different subnets and configure DHCP servers for 80-20 rule 

atigrisAuthor Commented:
OK very good, How about DNS ? what is your though on that ? Thanks
TristanConnect With a Mentor IT ManagerCommented:
I use the same setup betwen our core prod site and our remote DR site.
I'm assuming you have two different subnets with associated AD sites.
Tested successfully including Exchange failover using Doubletake.
Straight forward and simple to support.
AD replication is pretty good for what it does.
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to and use offer code ‘EXPERTS’ to get 10% off your first purchase.

perplexdConnect With a Mentor Commented:
Child domains just add extra complexity. If you need different domain password policies, or you want completely separate administrators to be delegated control of a child company, then that might be of value, but otherwise it is complexity that doesn't buy any value.

I think your design looks good - KISS.
atigrisAuthor Commented:
- I could create 2 sites this way the  replication dose not have to be over the hole domain.
- each site on it's own subnet.
- NO need to use child domains.
- DHCP use 80-20 rule & use SuperScope to simplify DHCP administration.
- Primary and Secondary DNS server on the production site and one DNS on the DR site.
- NO need to change  FSMO roles - all roles can be on first created machine.
- All machines can be Global Catalog server.

atigrisAuthor Commented:
no complete answer was provided.
about dns
you already have inclused a that in the ADC on the DR site
You only need superscopes if you have a multi-net.

Otherwise your plan looks good to me.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.