Link to home
Start Free TrialLog in
Avatar of syseng007
syseng007

asked on

Active Directory Physical Server DCs

Hello experts, I just want to scope everyone's opinion on this matter. We have over 650 DCs all over the world and they are all physical servers (2003 and 2008 servers)- combo of HP and IBM (predominantly IBM though) and we always have issues with hardware - battery, array controller failed..etc. Is there a better way or technology out there to limit these kind of issues? Any input would be greatly appreciated.
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Mahesh
Mahesh
Flag of India image
When you say 600 physical servers, obviously you must be having hardware issues

Now 650 is not a small quantity

Also these are domain controllers and not an app servers so you cannot place all location domain controllers in one place
What I mean to say, you can consider one physical server at least at all locations where you want to put DC (no matter if its virtual \ physical because you must need server hardware to build DCs)
In virtualized DCs probability of hardware failure is minimized and you can move virtual DC on another physical server in case of failures if you have proper backup of VM etc
But there also you are exposed to issues of hypervisors, that you cannot ignore because after all it is physical server
Also while allocating hardware resources to virtualized DC ensure that you will allocate sufficient hardware to all DCs as I have seen many times that organizations do not care about DC configuration and never provide sufficient \ adequate resources to virtualized DCs causing performance issues
Now in case of 2012 virtual DC, MS has developed some more so that you can clone that DC etc which facility is not available with previous versions

The best way is to minimize Dc count \ foot print as far as possible.
This is possible in case of below
You have hub and spoke network topology
All of your AD integrated applications are deployed at few Hub locations
You have good network bandwidth between sites (Hubs and spoke)
You have single domain single forest or if not you can initiate that project to minimize DC count
In above situation you can uninstall DCs from branches where user count is up to 50 users and you have 1 to 2 Mbps bandwidth between branch and main location since you don't have any application that required GC in local site etc (Ex: Microsoft exchange)
because if link goes down there applications stop working, they can logon to workstations with cached credentials
Also if they have local file servers, you can enable offline files there so that they can access file shares offline
In short do not deploy \ remove domain controllers at branches unless you required it genuinely
For Ex: you have a application at branch that requires local GC etc

Mahesh