Active Directory setup - Best Location for DB, Log and SYSVOL

Hi,
I'm setting up a Windows 2008 server. Not much experience and someone else will be checking what I do, but I wanted to try and get it right before.

I'm setting up AD DS, and I'm on the screen where it asks for "Location for Database, Log Files and SYSVOL".

I have read the guide but I just wanted the direct opinion for my circumstance.

This will be the only server in the network.

C Drive- RAID1 300GB total
D Drive = RAID 5 = 5 1.6TB total available.

Server has defaulted the following locations:

Database Folder:
C:\Windows\NTDS

Log Files Folder:
C:\Windows\NTDS

SYSVOL folder:
C:\Windows\SYSVOL

But also recommends that the database and log files are on separate volumes. I've been reading the help guide but am a bit confused as to what I should do.

In my scenario, what is recommended.

Many thanks in advance
afflik1923Asked:
Who is Participating?
 
JRasterConnect With a Mentor Commented:
In a single server environment, personally I would just leave the defaults.  
Make sure you do good backups.  

0
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
In small environments (any environment where you're in a position to ask this question) I strongly recommend leaving the AD databases on the C: drive.
0
 
Mike KlineConnect With a Mentor Commented:
I'd probably put them on the D drive just in case space somehow fills up on C but either way should be fine

Good post about this from the Microsoft AD team    http://blogs.technet.com/b/askds/archive/2010/10/29/friday-mail-sack-not-particularly-terrifying-edition.aspx#adperf

...also read the comments.

Thanks

Mike
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
afflik1923Author Commented:
OK Thanks for input. If I wanted to change them after install, is this easy? Where do I look to change this - in the registry or via gui?
0
 
Mike KlineCommented:
Yes you just use ntdsutil to move them   http://support.microsoft.com/kb/816120

Thanks

Mike
0
 
afflik1923Author Commented:
Thanks. That posting you post from technet

http://blogs.technet.com/b/askds/archive/2010/10/29/friday-mail-sack-not-particularly-terrifying-edition.aspx#adperf

Is that therefore someone from MS who made this blog. IT seems funny that they give advice on the install (splite the locations to different volumes) however common practise and advice even from MS staff is to ignore.
Strange logic.
Thanks all for input.
0
 
Neil RussellTechnical Development LeadCommented:
WOW!!
Thats some drive space! For an AD server?

What else are you intending to run on this server? Be carfull before you plan on installing anything else... Like exchange!!
0
 
afflik1923Author Commented:
It will be a file and application server as well. IT wont be running exchange. But it will be the only server available and they ran out of space on their old one, so wanted plenty of space available for this one.
0
 
Neil RussellTechnical Development LeadCommented:
From a security point of view you are breaking lots and lots of rules adding those roles to an ADDS server!!

Is the server not powerful enough to use VMWare/Hyper-V on and virtulise the environment?
0
 
Neil RussellTechnical Development LeadCommented:
Not to mention the Risk of loss!
0
 
afflik1923Author Commented:
Yes, but the impression I got from previous research is that many companies with a single server end up doing this.
Why is it such a risk and does not they Hyper-V option introduce extra costs?
0
 
afflik1923Author Commented:
Also why is there an increased risk of loss.
0
 
JRasterCommented:
I would assume Risk of Loss in this situation is refering to putting all your eggs in one basket.  

The more services you put on one server, the more that is loss when there is downtime.  
I understand you have a RAID setup, but even those can fail sometimes.  

I like the free ESXI for server virutalization.  You can even get online training course from VMWare that will get you started on all the in's and outs of setup and running a virutal server for not much money.  (I think it was $50 when I did it).  
This still puts all your eggs in one basket based on your hardware, but you can easily seperate OS's going virtual.  Even have two DC's and Exhange server on one server.  
0
 
afflik1923Author Commented:
Note there will be no Exchange server in this network.
0
 
kevinhsiehConnect With a Mentor Commented:
Leave the files for AD in the default locations. If you had 20,000 or more computers and users moving the file might be useful, but not for a small environment such as yours, and it would complicate things without having any upside benefits. I wouldn't worry about making it a file server too. You should have a good recovery plan in place should something happen to the server. It is generally preferred to have a second domain controller, but if your recovery plan is good enough, and you don't have a complicated AD in terms of a large number of users, groups, and computers, you can recreate your domain from scratch if necessary.  
0
 
afflik1923Author Commented:
OK sounds good. WE have no more then 15 users. So should be straight forward.
0
 
Mike KlineCommented:
Yeah 15 users either way is good.  Even with 15 users I'd try to put two DCs up.  The second DC doesn't have to be anything fancy....just there in case the first box has some hardware issue.  Second box is for DR/CYA purposes.

Thanks

Mike
0
 
afflik1923Author Commented:
But that means I would need another box with a Windows server licence right?
0
 
Mike KlineCommented:
Yes, it is a difficult thing but think with one DC and that has a catostrophic hardware failure,  it means definite downtime for users.

A second one and users should not even notice.  Think of it as an insurance policy.

Thanks

Mike
0
 
kevinhsiehCommented:
How usefull is a second DC if the file server isn't available?
0
 
JRasterCommented:
The second DC will still allow them to authenticate incase username and passwords are not cached.
If they never move workstations, the second DC would not do much other than have a copy of the Domain settings.  This would save rebuild time.  
Also, the second DC could be a place to restore files too incase of file server failure.  
0
 
Mike KlineCommented:
Also if DNS is being used on the DCs then the second box is also a DNS server.  Could also look into DFS replication.
0
 
afflik1923Author Commented:
Thanks for all the input
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.