Specing new domain controllers

glenimp617

glenimp617

glenimp617

Soldato
Joined
30 Sep 2005
Posts
16,735
Hi all,

I'm working for a new company and just started my second project.

Doing a complete domain refresh from 2003 to 2008 R2, then eventually to 2012. Current servers are 9 years old so much needed love and attention.

The issue I'm having is that everything needs proving. Management want a report detailing what we need and WHY we need it.

30,000 active users in AD

Locations:

Main site with the majority of users (70%), this also has another building close by connected to 100mb eLAN.

5 remote sites: 1 connected via gig link, the others are 100mb


They already have 5 dell r310 servers with xeon cpu, 8gb ram, 2 x 15k sas disks. They are still sat in their box. Thinking I could use those to keep costs down. Would have 3 at the main site, buy a new one for the eLAN building and 1 server at each of the remote sites.

My report goes over the general stuff like fsmo roles, site replication, topology, dns, dhcp redundancy etc etc

The thing I'm struggling with is the what we need and why we need it. They are asking questions like, how many users does it need to reach at the remote sites before a server is required. Or, how much bandwidth do we need at the sites. They are after hard numbers.

It's things like, why do we need three servers are the main site. Why 8gb ram.

I've ran performance counters on hardware and ntds but I can't find any hard and fast rules for specing domain controllers.

Appreciate your help

Thanks!!
 
Last edited:
Yeah, you and I know that but management want it all spelling out bit by bit.

That hardware looks a little overkill to be honest but I'm sure it's nice and fast :D How did you come up with knowing how many DCs and hardware specs for your environment?
 
Thanks Dusty,

That's pretty much what my research has shown

One DC at every site to offload the main site and give peace of mind if the WAN link fails. This will also provide DHCP for its own sites subnet.

Quad Xeon with 8gb ram, raid-1 SAS 15k disks. The AD database is 660mb so I think this will be enough to be honest

3 servers at the main site, with one at the other building should be plenty IMHO. That said, I really welcome everyones comments.

I'm really struggling with the question 'how many users at a remote site warrants its own server' and 'how much bandwidth do they need'

It's kind of like how long is a piece of string. Let's say each user needs 1mb of data when logging in. If the site has 100 users it doesn't mean you need 100mb wan link. Grrrr

I just want to get on with the project
 
Last edited:
Does a single user warrant a DC though?

If the link is down, they will still be able to login through cached credentials. Email and Internet won't work anyway leaving just their own personal data. 'if' that is stored centrally they are stuffed unless they have offline files or branch cache.

unless I'm missing something (probably lol)

I like the idea of an RODC, but what about in a DR situation. If the main site goes down, how will the admins gain access to the network if all that's left are RODCs (then again, to be honest in that situation I think that's the leave of peoples worries haha)
 
DustyMiller said:
Its all about how much the business can afford to loose in lost productivity.

Also the main site should have more than one writable DC, so the loss of one DC is not an issue, the loss of them all temporarily is not an issue.

The total loss of all of the writable DC's is sackable
Click to expand...

agree, but if all writable DCs are in the main site, and only RODC are remote sites. If we lost the main site we'd be screwed wouldn't we.

I think I will end up only having RODCs at very small sites
 
Totally agree ^ I'm using the 2008 IPC white paper but yours look equally as good with the graphs.

I think every business is different which makes it hard to find hard and fast numbers. Should be ok.

Documents looking pretty good :D
 
You must log in or register to reply here.
Back
Top Bottom