Domain Controllers in branches or not?

We have over 30 branches that need local printing and home drive access.  I am curious what would constitute to place DC there or not?  We are on Windows 2008 R2 Domain Functional Level.  I don't know the network links between each site, but would like to see what is best practice?
LVL 1
mystikal1000Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jwasserbergNetwork AdminCommented:
We recently deployed RODC's at all our branch offices and it has greatly reduced login times.
Lee W, MVPTechnology and Business Process AdvisorCommented:
You really need a better understanding of your infrastructure before you go spending thousands on licenses and hardware to run DCs at 30 branch offices.

I would recommend for the larger offices, sure, have a DC there and for them, look at possibly using DFS for those sites for home drives and the like.

You should also explore BranchCache which can also help in file access - https://technet.microsoft.com/en-us/library/dd425028.aspx

Finally, depending on the size of the branch offices, you might want to look into a Terminal Server / Remote Desktop Server for some locations.  

Honestly, it sounds like you don't know what the options are, much about them, and could really use an expert ON SITE to analyze what you have, what you need, and what you can do based on budget.  forums are great... but there's an appropriate time to use them and limits to how effective they can be in certain circumstances.  I think you'd do your company a DISSERVICE by not hiring a consultant to review your site personally and provide options based on that review.
172pilotCommented:
There's not enough info really to know what the "best practice" would be, for your particular situation..  Matter of fact, depending on your requirements to survive outages of different types, you might find that the best practices may drive more than the decision about DCs..  It may drive you to change your WAN topology.

So..  you really need to decide what you're trying to protect from, and whether the DCs are going to help, and then, whether it's worth the added cost, and management hassle.  In some cases, the added complexity could itself cause outages, so there's really a lot to think about.   I currently work where we have great WAN links and have over 800 remote sites all successfully running from about 8 centrally located DCs supporting 12000+ users, and I've been involved with 1000 user networks with 35 DCs that worked equally well..

In the second example, I used to contract for a company that had about 35 separate sites, and each ran as it's own NT 4.0 domain, with trusts back to the central office.  I helped them consolidate into one Win2003 domain (it's been a while - I'm sure they're beyond that now!) but it took a while for them to trust/understand that they didn't need DCs at each site.  When I left, they had dropped it down to 3 or 4 DCs placed in 2 or 3 sites, and they had rebuilt their network from Frame Relay to MPLS, so that it was full mesh layer 3 routing.  What they eventually realized is that while they were protecting their users from not being able to log on in the event of a network outage, once logged on locally, most of the resources they need to use were centralized systems anyway, so it was a pointless expense with a HUGE complexity added.

Even if the file services your users need are all local, you can probably save the complexity of managing all that replication just by relying on cached logins to survive the occasional WAN failure, unless your network security requirements dictate no cached logons.

I would agree with Lee that a consultant with experience with domain design may be a good investment if you're in a hurry and want a tried and true solution, but on the otherhand, since there's no right/wrong answer and there will be tradeoffs between cost, reliability, management , etc.. so there's no harm in trying to learn and do this yourself if you have some time.

Post some details of your network..  speeds, topology, etc..  and give some idea of where your pain points are (ie:  the boss wants reliability at any cost, or the boss would love to save $10000 even if it means an occasional outage) and we can try to help with further design.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.