• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 581
  • Last Modified:

Domain Controller Server 2012

Hi Guys,
Please can you experts advise of below, my environment is below with around 150 users:
Server 2012 standard- Domain Controller  (AD/DNS/DHCP/Remote Access) (old tower server)
Server 2012 standard- Exchange 2013 cu5– no DAG – one database
Server 2012 standard- File Server
Server 2012 standard- Sage Server

Im looking to install another new powerful server for my Domain Controller – would you suggest to have a 2nd DC for redundancy? And move the role Remote Access to this server.
Or totally remove the old server and have only one DC on a newer server with AD/DNS/DHCP/Remote Access??
0
jag b
Asked:
jag b
  • 6
  • 4
  • 2
  • +2
3 Solutions
 
ChrisCommented:
I would, wherever possible, always have more than a single DC in your organisation. If a server goes pop, it's significantly easier to reload windows and DCPROMO it back up than to start playing with backups. Especially when Exchange is involved, as all Exchange config is stored in AD.
0
 
Andy MInternal Systems ManagerCommented:
As Chris has noted having a second DC is always better than having a single one. It provides resilience and also distributes load across both servers as well for logins (which can help if the one server is busy). You could also split DHCP between the two as well so if one server goes down there should be no outage for users at all.

You noted about remote access - what sort of remote access do you mean? VPN? Remote Web Workplace, Terminal Server?
0
 
MikeIT ManagerCommented:
IMO there is no downside to having a second domain controller in an environment.

As far as remote access, if you are talking about Remote Desktop Services I would strongly advise against installing that on a domain controller.  You are entitled to 1 Virtual Machine license of Windows 2012 Standard under the license for your physical server.  I would setup a VM on one of your machines and use that for RDS.  If you are talking about VPN using RRAS, you can install that role on the new server.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
jag bAuthor Commented:
Hi guys, thanks for your response... so Im guessing go for the option of having a 2nd DC... the Remote Access I have is the Direct Access & VPN role within Server 2012...  ive currently got this role on my DC...will this be ok on the 2nd dc?
0
 
jag bAuthor Commented:
also guys can the fsmo roles stay on the 1st DC (GC enabled)- the 2nd DC will be DNS & Global Catalog
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
In a single domain environment, FSMO placement really isn't important.  They can live on whatever DC you want them to live on.

I would CAUTION before adding the second DC - do you understand AD and the backup and restoration process - and the consequences of restoring a failed DC?  If not, LEARN THEM before you add a second DC.  Or don't - but if you don't, DON'T ADD A SECOND DC.  Just make sure you are doing what you should be doing anyway - having GOOD, WORKING, CONSISTENT backups.
0
 
MikeIT ManagerCommented:
You can run the VPN on a DC.
0
 
jag bAuthor Commented:
Can the fsmo roles stay on DC 1 ? Or shall I split them on both DCs?
0
 
ChrisCommented:
Microsoft recommends that all FMSO roles are held on a single server. I would recommend that you move them to the newer server.
0
 
jag bAuthor Commented:
Chris- Both servers will have the same OS of server 2012... Would this still apply of the fsmo roles? I was thinking just leaving them as they are on current server unless I split them.
0
 
ChrisCommented:
To be honest, it doesn't make a lot of difference. I would always keep the roles on one server and personally I would put them on the newest server. This is simply because I'd think the newer server would be less likely to fail.

As I said though, it makes little difference. If the server holding the roles was to fail, you can simply seize the roles on the remaining server. This process takes seconds and has no negative ramifications.
0
 
jag bAuthor Commented:
Chris - Basically in worst case scenario if DC1 fails which has all fsmo roles I could easily seize all the fsmo roles onto DC2 in other words?
0
 
jag bAuthor Commented:
cheers guys for all your help - conclusion is to add another 2nd DC in my current network and possibly move all fsmo roles to newer server.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 6
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now