locked
New Office Setup, Need some advice! RRS feed

  • Question

  • Hello everyone!

    I've been stalking around these forums for a while without actually posting but here I am.

    A friend has asked me for some help with a office he is going to be opening soon, he'll have around 30 computers and 1 physical server, having setup another office for him before (A very simple Windows Server 2012 Essentials server running 8 computers), he's asked me to help him out again.

    Now from my research and understanding, essentials is out of the question as there will be too many computers on the domain, so we have opted for Server 2012 R2 Standard. However this is where I get a little lost. The server will be used mainly for file storage and as a shared drive, however we hope to set up remote access for users and deploy printers out from the server, also want to use the server to host a basic internal staff website also.

    From what I've found with one physical server I shouldn't have the domain controller and other roles installed on the same server? Therefore I was thinking of installing AD DC on a virtual server and the other roles on the physical server. Can someone confirm if I'm going in completely wrong direction or if I'm actually guessing this right!

    Any help would be much appreciated!
    Saturday, July 4, 2015 2:19 PM

Answers

  • For 38 people and the power of servers today, one AD server in site A and another AD server in site B, both hosting files. DNS, and DHCP should work out great. Both AD servers need to be GC servers.  Choose one server as the PDC as well as all the other FSMO roles and make sure it's time synchronization is set correctly to an external NTP server pool (like 0.pool.ntp.org, 1.pool.ntp.org etc...).  For a small network like this, the certificate server role can be installed on the PDC and the domain policy set to allow certificate requests and renewals.  

    Be careful to setup the sites correctly by specifying the networks in AD sites and services.  You want computers in site A to prefer to authenticate to the AD server in site A and site B to authenticate to the server in site B.  Sites get more complicated when you have 3 or more, with just 2 it should be straightforward.

    Keep in mind that in addition to purchasing 2 copies of Windows 2012 R2 Standard, you'll also need 30 User Cal's for site A and 8 User CAL's for site B (total of 38).

    You'll want another server or PC to backup at least one of those domain controllers and the files on a regular basis.

    Printers will be no problem, just add them to the servers in each site and set them as shareable.

    A web server is a whole other story, make a cheap Ubuntu LTS edition LAMP server and put your intranet website there.  If you really want to use Windows you'll need yet another server and Windows 2012 R2 license (Or Windows 2012 R2 Web edition)..  I don't know if web edition is still something offered.  Larger needs move towards a SharePoint server which eliminates the need to host files on your AD servers but that  would also require an additional server, server license, user CAL's and SharePoint license with SharePoint user CAL's.

    If you want remote access to the desktop of a server (other than just the domain administrator) you'll need yet another server setup in Remote Desktop mode.  It also will need to run Windows 2012 R2 and have a license for remote desktop plus a RDC User CAL for every user that accesses it. 

    Going in the right direction, hope some of this info helps

    Monday, July 6, 2015 8:40 AM
  • "Therefore I was thinking of installing AD DC on a virtual server and the other roles on the physical server."

    A better solution would be to install the Hyper-V role on the physical server and then create two virtual machines - one as a domain controller and the other as your file/web server.  For backup you might want to consider backing up into Azure.

    I'm not sure where gettnmorebetter came up with 38 CALs.  If you have 30 users, you need 30 CALs.  These are not installed anywhere.  They are simply licenses that grant you the right to access the services of computers running Windows Server.  To make sure you license things properly it is always best to talk with a trained Microsoft licensing specialist and not rely on information obtained from a technical forum.


    . : | : . : | : . tim

    Monday, July 6, 2015 1:38 PM

All replies

  • For 38 people and the power of servers today, one AD server in site A and another AD server in site B, both hosting files. DNS, and DHCP should work out great. Both AD servers need to be GC servers.  Choose one server as the PDC as well as all the other FSMO roles and make sure it's time synchronization is set correctly to an external NTP server pool (like 0.pool.ntp.org, 1.pool.ntp.org etc...).  For a small network like this, the certificate server role can be installed on the PDC and the domain policy set to allow certificate requests and renewals.  

    Be careful to setup the sites correctly by specifying the networks in AD sites and services.  You want computers in site A to prefer to authenticate to the AD server in site A and site B to authenticate to the server in site B.  Sites get more complicated when you have 3 or more, with just 2 it should be straightforward.

    Keep in mind that in addition to purchasing 2 copies of Windows 2012 R2 Standard, you'll also need 30 User Cal's for site A and 8 User CAL's for site B (total of 38).

    You'll want another server or PC to backup at least one of those domain controllers and the files on a regular basis.

    Printers will be no problem, just add them to the servers in each site and set them as shareable.

    A web server is a whole other story, make a cheap Ubuntu LTS edition LAMP server and put your intranet website there.  If you really want to use Windows you'll need yet another server and Windows 2012 R2 license (Or Windows 2012 R2 Web edition)..  I don't know if web edition is still something offered.  Larger needs move towards a SharePoint server which eliminates the need to host files on your AD servers but that  would also require an additional server, server license, user CAL's and SharePoint license with SharePoint user CAL's.

    If you want remote access to the desktop of a server (other than just the domain administrator) you'll need yet another server setup in Remote Desktop mode.  It also will need to run Windows 2012 R2 and have a license for remote desktop plus a RDC User CAL for every user that accesses it. 

    Going in the right direction, hope some of this info helps

    Monday, July 6, 2015 8:40 AM
  • "Therefore I was thinking of installing AD DC on a virtual server and the other roles on the physical server."

    A better solution would be to install the Hyper-V role on the physical server and then create two virtual machines - one as a domain controller and the other as your file/web server.  For backup you might want to consider backing up into Azure.

    I'm not sure where gettnmorebetter came up with 38 CALs.  If you have 30 users, you need 30 CALs.  These are not installed anywhere.  They are simply licenses that grant you the right to access the services of computers running Windows Server.  To make sure you license things properly it is always best to talk with a trained Microsoft licensing specialist and not rely on information obtained from a technical forum.


    . : | : . : | : . tim

    Monday, July 6, 2015 1:38 PM
  • You're right on the 30 User CAL's tim.  I read it as site A is 30 site B is 8.   Single 2012 R2 server license would do it with just one VM.

    Monday, July 6, 2015 3:09 PM