• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 28
  • Last Modified:

Domain Controllers Placement

Hi,
we have single domain with 5 sites connected through VSAT link.
Our Headoffice is having 2 domain controllers and 1 DC in each Site.
We just want to remove all Servers from site and consolidate in Headoffice.

Can any one here share the drawback of moving out DCs from site, appreciate if any link / document could be shared.
0
isnaa
Asked:
isnaa
  • 2
  • 2
  • 2
  • +1
1 Solution
 
jmcgOwnerCommented:
Satellite DCs like these provide a number of services to their local client population, including authentication, DNS, DHCP. Technically, the clients could obtain these services over the long-distance links, but -- since these links are more expensive and lower performance (in terms of bandwidth, latency, and reliability) than LAN connections -- it's pretty common to deploy a DC at those sites that hold a sufficient number of clients to make it worthwhile.
0
 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
What is the reason for the removal of DCs at sites?  If it is due to security then I suggest you deploy read-only DCs (RODC).  Another question would be how will these sites get their IP address assignments as I am assuming DCs are used for DHCP.  You could use DHCP relay and all sites obtain their IPs from the head office.  How do these sites access the Internet (do they have their own or do they use head-office).  If sites have their own Internet connection then my suggestion would be to either leave DCs at the sites or replace them with RODCs.  Just remember that if there are no DCs (again I am assuming DCs also provide DNS and DHCP), your users will not be able to authenticate or get an IP.  Also remember that these links should be used for business applications and it is wise to keep authentication, DNS and other non-business functions off the link.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
You haven't really explained what the servers are used for beyond DCs.  If nothing, fine, but remote satellite offices usually use a DC as a file and print server as well, often one and the same.  You also haven't explained the connections between the sites or what resources the sites need.

In most scenarios I would setup a DC at a site, I would also have more reasons to have it than simply DNS, DHCP, and authentication.  Can you elaborate more on the DCs usage.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
isnaaAuthor Commented:
Well DCs in Sites are also using as DHCP and DNS,   We need to move out all servers from Sites and consolidate all services from HeadOffice.

For DHCP, we will configure the Switches.
For DNS yes they will use from HeadOffice

Please comment, appreciate for any link / documents ....
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
If all the servers are used for are DHCP, DNS, and Authentication, reconfigure DNS and DHCP and Turn off the DCs now. This simulates removing them and allows you to restore services nearly immediately in the event you have issues.

I assume you have very good, reliable links to your remote HQ.  Without a DNS server on site, if your HQ goes out, users can still logon, but they CANNOT access the internet because all your DNS servers are in a single site that is now down.

I assume your HQ site is on backup generators and in an area with solid power.  Of course, I live in NYC which generally has VERY solid power... but... You may remember the blackout that hit the ENTIRE northeast back in 2003 or so?  For a day, EVERYONE was done.  If your locations are all centrally located in the same city or region, then all the sites would be down in a similar blackout.  But if they are spread out across the country or, for example, over 1000 miles/1500 KM range, then when HQ goes down, you're shutting down ALL your remote sites since they no longer have DNS access.

Even if all your offices are fairly close together, if the right kind of disaster hit the HQ - fire, flood, tornado, etc, you could shutdown your entire business by removing the DCs from all other sites.

In my opinion, the wise thing to do, if you really MUST cut back on server resources, would be to leave at least ONE DC in your most remote site and create a mesh VPN between all sites.  If the HQ ever goes down, your other site's DC can handle DNS and authentication for everyone.  And if the HQ has a true disaster, you could preserve AT LEAST your AD.

You could also look into using DFSR or other file replication technologies to ensure you have redundant copies of critical data in two locations.

At the end of the day, unless you want to FULLY DETAIL what your business does, all the applications it uses, and what kind of resources you have and are able/willing to maintain (And your few sentences don't come close), then your best option is to hire a professional consultant who can sign an NDA for you (since I assume you're concerned about revealing details about your company in a public forum) and subsequently and APPROPRIATELY help analyze what you have, what you need, and what you can do.
0
 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
At the of the day, mesh VPN might require more work and still not have full redundancy.  It might be worth it to keep DC, DNS, DHCP and file & print local at each site.
0
 
isnaaAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now