Best Layout of Domain Controllers for Multiple Subnets
Hi folks!
In our building, we have two separate subnets of private IP's. The first and second floors of our building use IP addresses in the 192.168.1.0/24 range and the third floor uses IP's in the 192.168.3.0/24 range.
Our network is an Active Directory network using a combination of Windows Server 2008 R2 and Windows Server 2012 R2 servers. All clients are Windows 7 Enterprise x64 clients. We currently have DHCP and DNS servers on each subnet, but our two domain controllers are both on the 1.0 subnet.
My question: Is it good practice to have a domain controller one each of the two subnets to minimize the amount of traffic that is having to be routed between them as people log in? Are there any potential drawbacks to placing a domain controller on each subnet? Is there really going to be a performance benefit to having one on each network?
Thanks,
Ithizar
In our building, we have two separate subnets of private IP's. The first and second floors of our building use IP addresses in the 192.168.1.0/24 range and the third floor uses IP's in the 192.168.3.0/24 range.
Our network is an Active Directory network using a combination of Windows Server 2008 R2 and Windows Server 2012 R2 servers. All clients are Windows 7 Enterprise x64 clients. We currently have DHCP and DNS servers on each subnet, but our two domain controllers are both on the 1.0 subnet.
My question: Is it good practice to have a domain controller one each of the two subnets to minimize the amount of traffic that is having to be routed between them as people log in? Are there any potential drawbacks to placing a domain controller on each subnet? Is there really going to be a performance benefit to having one on each network?
Thanks,
Ithizar
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Svet Paperov
The router between both subnets is a single point of failure. If it fails any of your users on 3.0 won’t be able to log on. By placing one DC on each subnet, you will reduce the chance of having unhappy users because of failed router.
Both answers given above are true. The router is a single point of failure, that could cause problems should it fail. Of course, if it's also your Internet router, you're going to have problems if it fails anyway. But I would give some consideration to that issue, and possibly consider adding a second router into the system, for redundancy. But that depends on a lot of other considerations, like how big of a deal would it be if your network went down? We can't answer that - it's a business question. And AD is pretty resilient.
But I think that your question was really, "Do I need to put a DC on the 3rd floor network for performance reasons?" The answer to that really comes down to the amount of traffic involved. How many devices are actually involved? How many are on the 3rd floor? How many on the other two floors? What router is it? How badly is that router being taxed? What sorts of applications are your users typically using?
But I think that your question was really, "Do I need to put a DC on the 3rd floor network for performance reasons?" The answer to that really comes down to the amount of traffic involved. How many devices are actually involved? How many are on the 3rd floor? How many on the other two floors? What router is it? How badly is that router being taxed? What sorts of applications are your users typically using?
I like to have a domain controller in each subnet but for availability concerns more than anything else. You're not going to run into any sort of load issues in either of your subnets from authentication with such a small address space.
The upside to doing so is that if you were to have some sort of backbone failure. the domain would be available to each network. I can't think of a downside.
The upside to doing so is that if you were to have some sort of backbone failure. the domain would be available to each network. I can't think of a downside.