Domain Controller Server 2012

Hi Guys,
Please can you experts advise of below, my environment is below with around 150 users:
Server 2012 standard- Domain Controller  (AD/DNS/DHCP/Remote Access) (old tower server)
Server 2012 standard- Exchange 2013 cu5– no DAG – one database
Server 2012 standard- File Server
Server 2012 standard- Sage Server

Im looking to install another new powerful server for my Domain Controller – would you suggest to have a 2nd DC for redundancy? And move the role Remote Access to this server.
Or totally remove the old server and have only one DC on a newer server with AD/DNS/DHCP/Remote Access??
jag bAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ChrisCommented:
I would, wherever possible, always have more than a single DC in your organisation. If a server goes pop, it's significantly easier to reload windows and DCPROMO it back up than to start playing with backups. Especially when Exchange is involved, as all Exchange config is stored in AD.
0
Andy MIT Systems ManagerCommented:
As Chris has noted having a second DC is always better than having a single one. It provides resilience and also distributes load across both servers as well for logins (which can help if the one server is busy). You could also split DHCP between the two as well so if one server goes down there should be no outage for users at all.

You noted about remote access - what sort of remote access do you mean? VPN? Remote Web Workplace, Terminal Server?
0
MikeIT ManagerCommented:
IMO there is no downside to having a second domain controller in an environment.

As far as remote access, if you are talking about Remote Desktop Services I would strongly advise against installing that on a domain controller.  You are entitled to 1 Virtual Machine license of Windows 2012 Standard under the license for your physical server.  I would setup a VM on one of your machines and use that for RDS.  If you are talking about VPN using RRAS, you can install that role on the new server.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

jag bAuthor Commented:
Hi guys, thanks for your response... so Im guessing go for the option of having a 2nd DC... the Remote Access I have is the Direct Access & VPN role within Server 2012...  ive currently got this role on my DC...will this be ok on the 2nd dc?
0
jag bAuthor Commented:
also guys can the fsmo roles stay on the 1st DC (GC enabled)- the 2nd DC will be DNS & Global Catalog
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
In a single domain environment, FSMO placement really isn't important.  They can live on whatever DC you want them to live on.

I would CAUTION before adding the second DC - do you understand AD and the backup and restoration process - and the consequences of restoring a failed DC?  If not, LEARN THEM before you add a second DC.  Or don't - but if you don't, DON'T ADD A SECOND DC.  Just make sure you are doing what you should be doing anyway - having GOOD, WORKING, CONSISTENT backups.
0
MikeIT ManagerCommented:
You can run the VPN on a DC.
0
jag bAuthor Commented:
Can the fsmo roles stay on DC 1 ? Or shall I split them on both DCs?
0
ChrisCommented:
Microsoft recommends that all FMSO roles are held on a single server. I would recommend that you move them to the newer server.
0
jag bAuthor Commented:
Chris- Both servers will have the same OS of server 2012... Would this still apply of the fsmo roles? I was thinking just leaving them as they are on current server unless I split them.
0
ChrisCommented:
To be honest, it doesn't make a lot of difference. I would always keep the roles on one server and personally I would put them on the newest server. This is simply because I'd think the newer server would be less likely to fail.

As I said though, it makes little difference. If the server holding the roles was to fail, you can simply seize the roles on the remaining server. This process takes seconds and has no negative ramifications.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jag bAuthor Commented:
Chris - Basically in worst case scenario if DC1 fails which has all fsmo roles I could easily seize all the fsmo roles onto DC2 in other words?
0
jag bAuthor Commented:
cheers guys for all your help - conclusion is to add another 2nd DC in my current network and possibly move all fsmo roles to newer server.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.