what is the best practices for the number of DC our enviroment

Hi all

we have around 800 users and 4 VMs act as  exchange servers 2010 sp3

so we have 4 physical servers run as active directory domain controller 2008 R2 plus DNS  and the same number as VMs that mean we have 8 DCs

i want to reduce the number of DCs  but my colleague said NO it is important to have many DCs to serve the users and exchange activity   .

is this true and why and what the best practices in such case

please if you can provide an article or doc talk about such case


thanks in advance
sword
LVL 1
sword12Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Amit KumarCommented:
For 800 users, 8 DC WOW...

Actually there is no harm to keep multiple DCs but keeping such numbers of DC does not make sense even.

You can keep only 2 DCs if you have single site only, and best practice is always keep atleast 2 DCs on each site.  In case one is down for maintenance or failure so at least you have one in backup.

You can remove remaining servers, be careful while removing them as it is very critical and always demote DC with appropriate steps. Also keep FSMO roles on live server which you won't remove ever.

If you need a guide to understand and calculate your requirement please go through with this article.

Capacity Planning for Active Directory Domain Services
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Well , you should refer the IPD - Active Directory Domain Services from Microsoft, to understand the number of DCs require. I have attached the files for you. Refer them to clarify your doubts.

As stated by @Amit, keep at least 2DCs in each site provided they should be powerful enough. I do keep 3 in each site, since I have a lots of  AD integrated applications running in the net work + all of them are GCs too.



Zac.
IPD---Active-Directory-Domain-Services-v
IPD---Active-Directory-Domain-Services-v
sword12Author Commented:
thanks for advice

we have 2 new physical servers act as DC i will connect to one of them and change the operation master . i will change the  RID - PDC - infrastructure to one of them and this server will the primary one .  then i can remove the rest normal using dcprmo right ?

then i will get no effect ?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Get Your eBook
Amit KumarCommented:
That is fine if you keep Domain Name master and Schema master on one server and rest FSMO role son another server.

you can remove using DCpromo without any issue, just keep checking replication time to time and I would suggest demote one DC only within 24-48 hours to see if there is any impact.
Zacharia KurianAdministrator- Data Center & NetworkCommented:
And make sure to update the DNS entries in your member servers,, clients etc..

Zac.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sword12Author Commented:
thanks again

for example i want to  dc1 and dc2  as physical DC servers

i want dc1 to have all roles  plus DNS master and DHCP master

so i found out how to move

from dc3 to dc1 these roles  

1- RID Master FSMO Role
2- PDC Emulator FSMO Role
3- Infrastructure FSMO Role

but i dont know how to move these roles to DC1

1- Schema Master FSMO Role
2- Domain Naming Master FSMO Role

because as i said i want DC1 to be everything plus DNS master and DHCP master

so please tell how step by step or provide some links for me  


thanks
sword
Zacharia KurianAdministrator- Data Center & NetworkCommented:
I would recommend to consult an expert to do all these, if you are not familiar with these procedures or you could setup a virtual lab and test things yourself. Though the steps are pretty straightforward, there might be issues.

The below link will help you to move the FSMO (5) roles.
http://www.techunboxed.com/2012/07/how-to-transfer-fsmo-roles-in-windows.html

Once transferred make sure to  change the Alternate or Preferred DNS Server on the NICs to the new DC. Also make sure to set  up NTP on PDC to take over from old DC. Check your group policies too , to make sure no policies/setup are pointed to the old DC.

For the transferring the DHCP;

https://technet.microsoft.com/en-us/library/dd183705%28v=ws.10%29.aspx

Make sure to authorize the new DHCP server

Zac.
sword12Author Commented:
once i tried to move Schema Master FSMO Role i got this message

please check the attached file
7-27-2015-2-34-09-PM.png
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Hope you are running the procedures on the DC, which you want to hold the FSMO Roles.

Have carefully read the article? Have you run regsvr32 schmmgmt.dll in the desired DC? It seems that you are not selecting the correct DC to transfer.

Zac.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.