none
Server 2008 Domain Controller Best Practice

    Question

  • Enviornment:

    Domain Functional Level : Windows Server 2008

    DC1 - Server 2008

    DC2- Server 2008

    DC3- Server 2008 R2

    Single Site topology( replication connection going to every server from every server)

    Schema - DC1

    Naming Maser - DC1

    PDC - DC1

    RID - DC1

    Infrastructure - DC1

     

    What is best practice for role holders and replication topology for this setup?

     

    Thank you...

     

    Friday, August 19, 2011 2:36 PM

Answers

All replies

  • You might want to transfer your FSMO roles to the Windows Server 2008 R2 DC.

    With a single site, there is nothing to configure as far as replication topology is concerned...

    hth
    Marcin

    Friday, August 19, 2011 2:41 PM
  • Marcin,

     

    What is the benefits of having the roles on the 2008 R2 rather than server 2008?  Should I split the roles?

    Thanks....

    Richard

    Friday, August 19, 2011 2:50 PM
  • Richard,

    not relevant in your case, but more of a general practice. Transfer of PDC Emulator to a higher OS version does play a role when moving from 2000 to 2003 and from 2003 to 2008/2008 R2 (details at http://technet.microsoft.com/en-us/library/cc732838(WS.10).aspx )

    With a total of 3 DCs and a single site, I don't see a significant benefit of splitting roles - unless you are seeing the PDC Emulator being heaviliy overloaded...

    hth
    Marcin

    Friday, August 19, 2011 3:05 PM
  • You can keep on same DC or combining SM & DNM on one DC & PDC/RID/IM on another DC. The reason is you don't modify schema or add/remove domain everyday, so keeping them safe on one DC is better(will not make any difference if kept on same DC), since PDC considered to be important role, doesn't show immediate impact & you would just want to keep on other server else there is no reason or argument to keep the FSMO role considering our site & design.

    http://support.microsoft.com/kb/223346

    http://oreilly.com/pub/a/windows/2004/06/15/fsmo.html

    Regards  


    Awinish Vishwakarma

    MVP-Directory Services

    MY BLOG:  awinish.wordpress.com

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Friday, August 19, 2011 3:23 PM
  • Hello,

    it is recommended to have FSMO roles on the DC with the higher OS for performance reson.

    Have a look to this article about Best Practices for assigning FSMO roles: http://windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html

    For topology, how many sites are you using?

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator 

    Friday, August 19, 2011 3:23 PM
  • Are any of the DC virtualized? If so, the PDC Emulator is recommended tobe a physical machine. Also depending on whether it's VMWare or HyperV, there are considerations for the Time Service. We can post more info on this if they are virtualized.

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Friday, August 19, 2011 3:25 PM
  • There is a single site and all servers are physical.  These are all good information.  I thank you all.

    Friday, August 19, 2011 8:11 PM