thinking of re-designing existing domain structure...recommendations?
-
Wednesday, February 22, 2012 8:34 PM
Here is my current setup.
Site0-DC1 is virtual and is first DC in the forest. Also holds all FSMO roles. Primary DNS for Site0. DHCP Server for Site0.
Site0-DC2 is virtual. Secondary DNS for Site0. Print Server for Site0.
Site0-DC3 is physical. (serves only to function as the first DC to bring back online in a disaster scenario due to all other DC's in the forest being virtualized)
(There are 5 auxiliary sites)
SiteX-DC1 is virtual. Primary DNS for SiteX. DHCP Server for SiteX.
SiteX-DC2 is virtual. Secondary DNS for SiteX. Printer Server for SiteX.
What I would like to do is demote all my inter-site DC's and bring everything back to our central office. We have a VERY reliable WAN connection which is a Metro Optical Ethernet Layer 2 network. 200Mbps fiber connection between all 6 sites. All 6 sites are within just a few miles of each other. Nothing inter-state or inter-national. Everything is in the same city right next to each other.
New topology would look like this.
Site0-DC1 is virtual. Primary DNS for entire forest. Cluster DHCP server. Cluster Print server.
Site0-DC2 is virtual. Secondary DNS for entire forest. Cluster DHCP server. Cluster Print server.
Site0-DC3 is physical. FSMO role holder.
Our environment has about 2000 machines with about 3000 users. (Only about 400-500 users at any given time)
- Edited by cyr0nk0r Wednesday, February 22, 2012 8:37 PM
All Replies
-
Wednesday, February 22, 2012 8:52 PM
>>> Site0-DC1 is virtual. Primary DNS for entire forest. Cluster DHCP server. Cluster Print server.
Assuming this is DC. Is it a Windows Cluster? - http://msmvps.com/blogs/clusterhelp/archive/2008/02/12/domain-controllers-as-cluster-nodes-bad-idea.aspx
If you have reliable and high speed connection between locations, you can keep all DCs in a single location.
Santhosh Sivarajan | Houston, TX
http://www.sivarajan.com/
This posting is provided AS IS with no warranties,and confers no rights.- Proposed As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Thursday, February 23, 2012 1:54 AM
- Marked As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Wednesday, February 29, 2012 1:52 PM
-
Wednesday, February 22, 2012 9:04 PM
The plan is not to make the entire DC a cluster, just the DHCP and Printer services.
As it was explained to me by a friend I can setup a cluster service on the DC's, then add the DHCP and Printer services to the cluster. The DC's would function as normal DC's independent of the cluster.
EDIT: I suppsoe I could always make the DHCP and Printer cluster services on member servers instead of domain controllers.- Edited by cyr0nk0r Wednesday, February 22, 2012 9:14 PM
-
Wednesday, February 22, 2012 9:22 PM
Hello,
installing the cluster role will make cluster node from the machine, doesn't matter which role is/will be installed. So also the DC becomes a cluster node which is not recommended.
So how should it work what your friend has explained? Can you ask him about links and TechNet sites? Does he refer to "Configure a Service or Application for High Availability" http://technet.microsoft.com/en-us/library/dd197590(v=ws.10).aspx which requires still the cluster node to be running?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
-
Wednesday, February 22, 2012 11:44 PM
I agree with Meinolf. Refer to http://support.microsoft.com/kb/281662 for info regarding issues involved in having DCs as cluster nodes.
Reconsider your design. Using a DC in this manner is not a good idea. Install highly available services on clustered domain member computers - which btw. you can also use to host VMs running DCs - as long as you have other, non-virtualized DCs in the same location
hth
Marcin- Proposed As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Thursday, February 23, 2012 1:55 AM
- Marked As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Wednesday, February 29, 2012 1:52 PM
-
Thursday, February 23, 2012 12:35 AM
DC on a cluster is not recommended. Why can’t you dedicate servers for file and print?
Santhosh Sivarajan | Houston, TX
http://www.sivarajan.com/
This posting is provided AS IS with no warranties,and confers no rights.- Edited by Santhosh Sivarajan-MVP Thursday, February 23, 2012 12:40 AM
-
Thursday, February 23, 2012 2:06 AMModerator
Hi,
As mentioned above, DC is not recommended to be a part of Windows Cluster.
In addition, I also would like to share you the following Microsoft TechNet articles which should be useful for you.
AD DS Design Guide
http://technet.microsoft.com/en-us/library/cc754678(v=WS.10).aspx
Designing the Logical Structure for Windows Server 2008 AD DS
http://technet.microsoft.com/en-us/library/cc770806(v=WS.10).aspx
Domain Isolation Policy Design
http://technet.microsoft.com/en-us/library/cc725818(v=WS.10).aspx
Creating a DNS Infrastructure Design
http://technet.microsoft.com/en-us/library/cc725625(v=WS.10).aspx
Creating a Domain Design
http://technet.microsoft.com/en-us/library/cc754645(v=WS.10).aspx
Arthur Li
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Arthur Li
TechNet Community Support
- Marked As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Wednesday, February 29, 2012 1:52 PM
-
Monday, February 27, 2012 4:27 AMModerator
Hi,
I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.
Arthur Li
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Arthur Li
TechNet Community Support
.png)
