Solved

How many Domain Controllers do i Need?

Posted on 2011-03-14
11
1,420 Views
Last Modified: 2012-05-11
I have a network of about 1200 computers. I have two Win 2003 R2 domain controllers running AD, DNS, DHCP and DFS for the redirected start menu folders (low load on DFS)

1. HP DL380 G4, Single Xeon 3.2Ghz, 2GB RAM, Mirrored drive
2. Dell Poweredge 1450, Single Xeon 2.8GHz, 4.5GB RAM

Both are a global catalog
We don't currently use exchange

This is a college environment with 6 lessons changes per day, so at least 6 log ons and log offs per computer. We also have a print system, and intranet which is linked into AD for authentication.

This is a single site environment.

How many DCs should I have? Is 2 sufficient?

Thanks.
0
Comment
Question by:gmbaxter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35132779
Yes.
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35132783
You should minimally have two.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35132793
Yes it is, where it becomes more evident is if you have lots of policies and they are being applied at logon, but single site 2 DC's should be enough.

Personlly, I would want another one in there too ;) but mainly so I can take one down without effecting perfromance too much.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 125 total points
ID: 35132812
You only need one.  Two is much better due to the redundancy.  Depending on how your computers are distributed, you might want additional DCs at remote sites, but presuming your network is essentially flat and all the computers are on the same campus, you can probably get away with just the two.
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35132826
However I would like to upgrade the DCs to Windows Server 2008 R2 to take advantage of additional features : http://technet.microsoft.com/en-au/library/dd378796%28WS.10%29.aspx
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35132908
How big is your ntds.dit?  Just wondering because you will see a good perf gain if you have enough memory to cache ntds.dit.  
I also agree about taking advantage of 2008 R2

There was a similar question at the TechNet forums too http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/0af01850-eccb-488a-9c53-7bda784e96b6

On another note a few weeks ago at the MVP summit we did ask the AD team to update AD Sizer...I don't think that is on the top of their priority list :)

Thanks

Mike
0
 
LVL 13

Expert Comment

by:kdearing
ID: 35133708
Agree with dmazter, I would prefer a third.
Another benefit is that you could go through your upgrade process one server at a time without interrupting production time.
0
 
LVL 11

Author Comment

by:gmbaxter
ID: 35217416
Thanks for the comments. I think i'll deploy a third DC as a virtual guest.

How should I distribute the fsmo roles between the 3 servers?

Also domain functional level is currently 2000 should I upgrade this?
0
 
LVL 11

Assisted Solution

by:RickSheikh
RickSheikh earned 125 total points
ID: 35217553
PDCe and RID Master should be on the same box, and preferrably on a physical box. The rest can be distributed as you see fit. As its a single domain forest, and if all DCs will be GCs then Infrastructure Master and should be insignificant.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 35218070
If the servers are 2003, there's no reason no to elevate the schema to 2003 as well.

Make all the DCs GC servers.  PDC Emluator and RID Master should co-exist.  The rest of the roles you can spread around as you like.
0
 
LVL 11

Author Closing Comment

by:gmbaxter
ID: 35236734
Thanks for the replies
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question