none
Windows Server 2008 DC, DNS and DHCP

    Question

  • Hi,

      Ours' is 24/7 running organization. IT is under implementation stage. Over all users will be around 700. I have few doubts to clarify before I done the implementation.

    1. Can Domain Controller, DNS and DHCP run on same physical server? What is the recommended way?

    2. Can I run DC on a separate Physical server and DNS,DHCP on a separate  physical server?What is the recommended way?

    3. Windows 2008 server as a Primary domain controller, What is the best solution for high availability for additional domain controller?  What is the recommended way to have a backup for the primary domain controller?

    4. Is it recommended to have DC, AD, DNS and DHCP on a VMware Environment ( ESXi and Vsphere)? What is the recommended scenario?

    Best suggestion will be appreciated.

     

    Thanks,

    thk

    Monday, July 12, 2010 6:24 AM

Answers

  • Howdie!
     
    On 12.07.2010 08:24, linux07 wrote:
    > 1. Can Domain Controller, DNS and DHCP run on same physical server? What
    > is the recommended way?
    >
    > 2. Can I run DC on a separate Physical server and DNS,DHCP on a separate
    > physical server?What is the recommended way?
     
    Well, you can do that. I'd recommend having DNS installed on the domain
    controller and DHCP on a second machine. Just to seperate the DHCP
    server role in case you need to do maintenance on the DC. Running less
    services on a DC has a security benefit, too.
     
    > 3. Windows 2008 server as a Primary domain controller, What is the best
    > solution for high availability for additional domain controller? What is
    > the recommended way to have a backup for the primary domain controller?
     
    Have at least two Domain controllers per domain - always. Configure DNS
    on clients and the DCs that if either DC fails, services keep running.
    Depending on the infrastructure, if other domains are involved later,
    make both GC.
     
    > 4. Is it recommended to have DC, AD, DNS and DHCP on a VMware
    > Environment ( ESXi and Vsphere)? What is the recommended scenario?
     
    You can do that. Make sure you put the same security and backup/restore
    means for virtual machines in place as you would for physical servers.
    Make sure you understand how time is handled on the virtual machines and
    that time is configured correctly on the DC. There often is a time sync
    option in place for a VM host and a virtual machine that might interfere
    with what you configured on the VM. Check on that.
     
    Cheers,
    Florian
     
     

    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    Monday, July 12, 2010 6:40 AM
  • Hi

    >1. Can Domain Controller, DNS and DHCP run on same physical server? What is the recommended way?

    It is best practise to keep DNS on all your domain controllers so I would not defer from that performance impact should not be heavy

    >2. Can I run DC on a separate Physical server and DNS,DHCP on a separate  physical server? What is the recommended way?

    You can, but as said before keep DNS on he domain controller, rather use the second server a another domain controller with DNS and DHCP also installed.  you may also what to split the FSMO roles as well, refer to http://support.microsoft.com/kb/223346/en-us for best placement

    >3. Windows 2008 server as a Primary domain controller, What is the best solution for high availability for additional domain controller?  What is the recommended way to have a backup for the primary domain controller?

    The best is to have at least more than one domain controller all installed with DNS and DHCP(you can have two server handing out IP address but have the IP address pool split) with FSMO roles split as well.

    >4. Is it recommended to have DC, AD, DNS and DHCP on a VMware Environment ( ESXi and Vsphere)? What is the recommended scenario?

    you can, but as a personal preference, i like to have at least one Physical DC to allow authentication while the VMs start up

     

    Monday, July 12, 2010 7:40 AM
  • Hello,

    1. Yes, this can be done. For DHCP you should use a member server if possible or at least configure an account for the update of DNS records, according to: http://technet.microsoft.com/en-us/library/cc771732.aspx

    2. Yes, you can do. Mostly is used to install DNS also on the DC, as this enables replicaiton from all DNS zones to other DCs whith DNS server role installed for redundancy and failover. (DNS server properties are not replicated and must be set manual on each DNS server with DNS manangement console) For DHCP see 1.

    3. It is recommended to have a t least 2 DC/DNS/GC per domain and also configure the clients to use both as DNS server on the NIC, either fixed or with DHCP scope settings.

    4. It is supported to have DCs in Virtual machines and common practise to use it. One Microsoft recommendation is to have at least one physical machine holding the PDCEmulator role

    http://support.microsoft.com/kb/888794  http://technet.microsoft.com/en-us/library/dd348449(WS.10).aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, July 12, 2010 7:47 AM

All replies

  • Howdie!
     
    On 12.07.2010 08:24, linux07 wrote:
    > 1. Can Domain Controller, DNS and DHCP run on same physical server? What
    > is the recommended way?
    >
    > 2. Can I run DC on a separate Physical server and DNS,DHCP on a separate
    > physical server?What is the recommended way?
     
    Well, you can do that. I'd recommend having DNS installed on the domain
    controller and DHCP on a second machine. Just to seperate the DHCP
    server role in case you need to do maintenance on the DC. Running less
    services on a DC has a security benefit, too.
     
    > 3. Windows 2008 server as a Primary domain controller, What is the best
    > solution for high availability for additional domain controller? What is
    > the recommended way to have a backup for the primary domain controller?
     
    Have at least two Domain controllers per domain - always. Configure DNS
    on clients and the DCs that if either DC fails, services keep running.
    Depending on the infrastructure, if other domains are involved later,
    make both GC.
     
    > 4. Is it recommended to have DC, AD, DNS and DHCP on a VMware
    > Environment ( ESXi and Vsphere)? What is the recommended scenario?
     
    You can do that. Make sure you put the same security and backup/restore
    means for virtual machines in place as you would for physical servers.
    Make sure you understand how time is handled on the virtual machines and
    that time is configured correctly on the DC. There often is a time sync
    option in place for a VM host and a virtual machine that might interfere
    with what you configured on the VM. Check on that.
     
    Cheers,
    Florian
     
     

    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    Monday, July 12, 2010 6:40 AM
  • Hi

    >1. Can Domain Controller, DNS and DHCP run on same physical server? What is the recommended way?

    It is best practise to keep DNS on all your domain controllers so I would not defer from that performance impact should not be heavy

    >2. Can I run DC on a separate Physical server and DNS,DHCP on a separate  physical server? What is the recommended way?

    You can, but as said before keep DNS on he domain controller, rather use the second server a another domain controller with DNS and DHCP also installed.  you may also what to split the FSMO roles as well, refer to http://support.microsoft.com/kb/223346/en-us for best placement

    >3. Windows 2008 server as a Primary domain controller, What is the best solution for high availability for additional domain controller?  What is the recommended way to have a backup for the primary domain controller?

    The best is to have at least more than one domain controller all installed with DNS and DHCP(you can have two server handing out IP address but have the IP address pool split) with FSMO roles split as well.

    >4. Is it recommended to have DC, AD, DNS and DHCP on a VMware Environment ( ESXi and Vsphere)? What is the recommended scenario?

    you can, but as a personal preference, i like to have at least one Physical DC to allow authentication while the VMs start up

     

    Monday, July 12, 2010 7:40 AM
  • Hello,

    1. Yes, this can be done. For DHCP you should use a member server if possible or at least configure an account for the update of DNS records, according to: http://technet.microsoft.com/en-us/library/cc771732.aspx

    2. Yes, you can do. Mostly is used to install DNS also on the DC, as this enables replicaiton from all DNS zones to other DCs whith DNS server role installed for redundancy and failover. (DNS server properties are not replicated and must be set manual on each DNS server with DNS manangement console) For DHCP see 1.

    3. It is recommended to have a t least 2 DC/DNS/GC per domain and also configure the clients to use both as DNS server on the NIC, either fixed or with DHCP scope settings.

    4. It is supported to have DCs in Virtual machines and common practise to use it. One Microsoft recommendation is to have at least one physical machine holding the PDCEmulator role

    http://support.microsoft.com/kb/888794  http://technet.microsoft.com/en-us/library/dd348449(WS.10).aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, July 12, 2010 7:47 AM