General discussion

Locked

Active Directory Design

By tech_know ·
I am seeking advice on setting up a W2K AD design. The home office currently does not have a Microsoft domain so this is starting from scratch(we are currently Novell). We are a smallish company with 300 users at the home office with a number of smaller remote sites

I had a quote from a vendor with the following specs:

Single AD forest
2 AD Domains (Root and User Domain)

3 servers in each domain
2 Global Catalog Servers
1 DC to run Infrastructure Master FSMO

Total of 6 servers for 2 domains

Is this reasonable? It seems like a lot of servers just to get W2K up and running. This design does not include any application servers such as Exchange.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Active Directory Design

by Rabbit_Runner In reply to Active Directory Design

A couple of other questions, will this domain be connected to the internet? and will they be hosting any WWW or FTP sites?

The above information given by the vendor follows the specs which Microsoft would likely recommend. This will allow all services, FSMO's, duplicate DC's, and provide protection for security. However, from a practical perspective, it will probably be overkill. For the size of operation you are describing, a single domain will likely be addequate. If you will be hosting WWW and FTP sites, then you may want to consider two domains, but not linked together. For example, MYCOMPANY.LOCAL and MYCOMPANY.COM The .LOCAL domain would be for users, resources, etc. The .COM domain would be for their internet presence.

For the size of operation you are describing, here are my recommendations (to help with the financial aspect)
1 AD domain

2 DC servers DNS, WINS, Backup's (to handle all user accounts, permissions, and security settings)
(You MUST have 2 DC's, 3 would be better. More? probably not recommended.

The Global Catalog FSMO can run on the DC's. When you get into a really large domain structure, then the suggestion the vendor gave, would be excellent. But for your size, to me is is overkill.

2 (or more) member servers, for DHCP, file and printing, Database, Exchange, plus whatever else you may have in mind (do not put DHCP on a Domain Controler) The number of member servers will be determined by how much data and other services you want to provide.

If you would like futher specs, feel free to email me directly. Hope this helps.

Collapse -

Active Directory Design

by tech_know In reply to Active Directory Design

Poster rated this answer

Collapse -

Active Directory Design

by Greybeard770 In reply to Active Directory Design

In a small shop, 2 domains is probably more trouble than it's worth. The thing everybody notices about going from Novell to Windows is that you need lots more servers so get ready for that. And as you mentioned, these servers are just to set up the W2K infrastructure - DNS, FMSO, Global Catalog, Domain Controllers for authentication and you should have a backup for each service. If you want to do real work beyond that, make room for more servers. The User domain off the Root makes more sense if you have multiple domains under Root. Unless you have too much money, I would make it single domain, especially if everybody is in the same building. Take it slow and good luck.

Collapse -

Active Directory Design

by tech_know In reply to Active Directory Design

Poster rated this answer

Collapse -

Active Directory Design

by mbailey In reply to Active Directory Design

This, for the most part seems reasonable. You want to at least have two DC's in each domain. You want to have 2 domains to create a security boundry between your domain admins and schema admins security group. 2 global catalog servers is a must since you have two domains, one in the top level and one in the bottom. You can't get around this. You also wan't to separate your Global Catalog and Infastructure master FSMO role between two servers. This seems like a fairly solid plan judge fromthe little amount of info that you have given us....

Collapse -

Active Directory Design

by tech_know In reply to Active Directory Design

Poster rated this answer

Collapse -

Active Directory Design

by tech_know In reply to Active Directory Design

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums