Solved

AD Queries

Posted on 2014-09-24
4
88 Views
Last Modified: 2014-09-24
What is the recommended size (no. of users) for a site to install local AD server
What is the functions of AD server
What is the pros in having local AD server installed
What is the cons in having local AD server installed
What is the recovery process in event of AD server hard disk crash, etc.
If AD server is down, what is the failover/backup arrangement
0
Comment
Question by:sureshkumarit
  • 2
4 Comments
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 40341056
EE is a great resource for help when you get stuck, but it cannot and should not replace IT training, books, and traditional learning. I encourage you to buy and read this book to answer your questions on active directory:

https://www.microsoft.com/learning/en-us/book.aspx?id=13349
0
 

Author Comment

by:sureshkumarit
ID: 40341163
Can you give some basic idea, where I can start as I need some guidence
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40341180
You asked some incredibly broad questions, so the book I linked to really is a good place to start.
0
 
LVL 16

Accepted Solution

by:
Learnctx earned 250 total points
ID: 40341251
Yes very broad questions. You're basically after for an entire infrastructure design so no one can give you a complete answer though if you need a consultant I'm sure there are plenty who could be available for hire :)

Read the following free bits of info and look at books if you want easier reading as Cliff suggested.

http://technet.microsoft.com/en-us/library/dd448614.aspx
http://technet.microsoft.com/en-us/library/cc770946%28v=ws.10%29.aspx

I can give some basic answers below to get you on your way but really you need to read, read, read :)

What is the recommended size (no. of users) for a site to install local AD server
You have to take many things into consideration.

Network topology. Network bandwidth between sites. Redundant/backup links or single point of failure? How many users will there be? Will your domain controllers be used just domain controllers or will they be running other services? The list goes on. Microsoft have guide lines available around this. Refer to TechNet but there is no right answer and your specific situation will vary to someone else.

What is the functions of AD server?
I'm going to assume you're talking about Domain Controllers (DC's) specifically (putting aside other stuff like CA's, ADFS, etc). They provide authentication services (logon, etc), identity (users, groups, printers, computers, etc), access (ACL's) and management (GPO's) and more. Domain controllers host the AD databases and replicate changes between each other. Simple answer, if you want to know more you will need to start reading some TechNet articles or books.

What is the pros in having local AD server installed.
Faster local access to AD services. Less traffic going across links. Redundancy. This will depend on your specific situation though. If you have high speed redundant links from a site to a hub site you might not want to put a domain controller there.

What is the cons in having local AD server installed
Depends on the link at the site but really cost, making sure that the server is physically secure and patching can be a problem if the server is on a slow link as well. This will all depend on your specific situation.

What is the recovery process in event of AD server hard disk crash, etc.
Turn the box off if its on. Perform a metadata cleanup to remove the server from AD (though I'm always told in 2008 R2/2012 AD is smart enough to do this itself if you delete the DC object from AD...I still prefer a metadata cleanup). Warranty the drives. Rebuild the server and promote as a DC again.

If AD server is down, what is the failover/backup arrangement
AD handles this itself. KCC (knowledge consistency checker -- read about AD replication, topology and bridgeheads if you don't know) will fix up replication. Clients will hit the next closest domain controller available if there is not another DC in that site.
0

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now