[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Active Directory Physical Server DCs

Posted on 2014-03-24
2
Medium Priority
?
348 Views
Last Modified: 2014-05-14
Hello experts, I just want to scope everyone's opinion on this matter. We have over 650 DCs all over the world and they are all physical servers (2003 and 2008 servers)- combo of HP and IBM (predominantly IBM though) and we always have issues with hardware - battery, array controller failed..etc. Is there a better way or technology out there to limit these kind of issues? Any input would be greatly appreciated.
0
Comment
Question by:syseng007
2 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 39951479
how mature is your virtualization platform and what are you using.  When do you plan to start migrating to 2012 DCs.  As you start migrating to 2012 you may want to make many of them virtual if your virtualization platform is stable and doesn't cause you the same headaches.

Note you can also virtualize earlier OS (2008 for example) but there are safeguards in place for 2012 and virtual DCs.

Thanks

Mike
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39951645
When you say 600 physical servers, obviously you must be having hardware issues

Now 650 is not a small quantity

Also these are domain controllers and not an app servers so you cannot place all location domain controllers in one place
What I mean to say, you can consider one physical server at least at all locations where you want to put DC (no matter if its virtual \ physical because you must need server hardware to build DCs)
In virtualized DCs probability of hardware failure is minimized and you can move virtual DC on another physical server in case of failures if you have proper backup of VM etc
But there also you are exposed to issues of hypervisors, that you cannot ignore because after all it is physical server
Also while allocating hardware resources to virtualized DC ensure that you will allocate sufficient hardware to all DCs as I have seen many times that organizations do not care about DC configuration and never provide sufficient \ adequate resources to virtualized DCs causing performance issues
Now in case of 2012 virtual DC, MS has developed some more so that you can clone that DC etc which facility is not available with previous versions

The best way is to minimize Dc count \ foot print as far as possible.
This is possible in case of below
You have hub and spoke network topology
All of your AD integrated applications are deployed at few Hub locations
You have good network bandwidth between sites (Hubs and spoke)
You have single domain single forest or if not you can initiate that project to minimize DC count
In above situation you can uninstall DCs from branches where user count is up to 50 users and you have 1 to 2 Mbps bandwidth between branch and main location since you don't have any application that required GC in local site etc (Ex: Microsoft exchange)
because if link goes down there applications stop working, they can logon to workstations with cached credentials
Also if they have local file servers, you can enable offline files there so that they can access file shares offline
In short do not deploy \ remove domain controllers at branches unless you required it genuinely
For Ex: you have a application at branch that requires local GC etc

Mahesh
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question