Windows Server 2003 - Active Directory Deployment

[civic00typer]

I am in the process of planning an AD deployment. This AD will support at most 50 users. How many servers should be dedicated to hosting the AD? I will be creating a new forest...

 

[DeaconFrost]

Depending on your server, one should be able to handle that. I like to have a second server set up to handle AD requests as well, but that is an older single proc server, that also handles network printing as well for five networked printers. This is all for 30 people.

 

[Mister Natural]

A second server is good to have so that you can replicate your active directory. If the primary dies then you still have your active directory intact and don't have to recreate stuff.

 

[urbanriot]

I am in the process of planning an AD deployment. This AD will support at most 50 users. How many servers should be dedicated to hosting the AD? I will be creating a new forest...

Assuming it's a new server with proper redundancy, you definitely only need one.

 

[civic00typer]

Can you setup your 2nd server as a Global Catalog?

 

[civic00typer]

My biggest concern with a single server is the lack of a fail-over. I know I can use the Windows Backup application in conjunction with the Shadow Copy Service to make a backup of the system state... but how do you restore that to another server?

For example, after 2 years of operation my main server has a mainboard failure. I need to get back up and running ASAP, so I would setup some new hardware. However, I can't easily restore the system state to new hardware, correct? I would only be able to extract the AD database and build it again (which is going to extend the downtime). So my thought was to have a backup AD server, where all AD objects are replciated in their entirety... which suggests that I need to make that second server a global catalog as well... but I am not sure if that is permissible.

 

[Azhar]

We currently have 48 internal (employees) and 27 external users (clients) on a single AD server. We even have Exchange and DNS Server on that server as well. It handles very smoothly.

Just remember to run a second server for backup DNS and AD. If that server was to crash, your users would still be able to access other server farms (terminal server, vpn, email, etc) via secondary DNS server and log in via secondary AD service.

Exchange can be backed up on tape.

Oh, and our main AD/DNS/Exchange server is an aging Dell PowerEdge 2800 with an Xeon 3ghz proccy and 4gb registered ECC ram running SBS 2003. You don't really need anything fancy for AD and DNS.

 

[civic00typer]

We currently have 48 internal (employees) and 27 external users (clients) on a single AD server. We even have Exchange and DNS Server on that server as well. It handles very smoothly.

Just remember to run a second server for backup DNS and AD. If that server was to crash, your users would still be able to access other server farms (terminal server, vpn, email, etc) via secondary DNS server and log in via secondary AD service.

Exchange can be backed up on tape.

Oh, and our main AD/DNS/Exchange server is an aging Dell PowerEdge 2800 with an Xeon 3ghz proccy and 4gb registered ECC ram running SBS 2003. You don't really need anything fancy for AD and DNS.

I have a question in regard to your secondary DNS server. I know they have depreciated the names PDC and BDC... so what is your secondary domain controller referred to as? I believe I read somewhere that you can only have a single GC per forest, correct?

 

[dbwillis]

If you can get the money for it, def get a 2nd machine for another domain controller.
You could also use it for hosting maybe a sharepoint site or backup DHCP/DNS services.
Dell outlet has some nice PowerEdge machines with the RD1000 backup for around $1100

 

[urbanriot]

A second machine is *crazy*... this is a small business. You could run a domain, dns, dhcp, exchange, SQL server, and ISA server with SBS 2003 with 75 users on a good quality server, let alone 50 users... serving an AD schema... that doesn't require two freaking servers for 50 users!

Buy better quality hardware if your motherboard's are failing.

 

[Azhar]

A second machine is *crazy*... this is a small business. You could run a domain, dns, dhcp, exchange, SQL server, and ISA server with SBS 2003 with 75 users on a good quality server, let alone 50 users... serving an AD schema... that doesn't require two freaking servers for 50 users!

Buy better quality hardware if your motherboard's are failing.

Ever heard of the saying "putting all your eggs in one basket"? I hope to God you're not an IT professional.

Second server in our example is not for load balancing (ie: 50 users being too much for a single server). Second server would be solely for backup purpose only.

 

[Dan_D]

I am in the process of planning an AD deployment. This AD will support at most 50 users. How many servers should be dedicated to hosting the AD? I will be creating a new forest...

Really it depends on what else your server will be doing besides AD. If it won't be doing very much then handling 50 users on the one server will be no problem. However it is always recommended that you have more than one server if for no other reason than redundancy.

A second machine is *crazy*... this is a small business. You could run a domain, dns, dhcp, exchange, SQL server, and ISA server with SBS 2003 with 75 users on a good quality server, let alone 50 users... serving an AD schema... that doesn't require two freaking servers for 50 users!

Buy better quality hardware if your motherboard's are failing.

Unless we are talking about a box that is seriously powerful I wouldn't put all that on one box regardless of how many users are on it. Again redundancy is necessary for any business small or not. Any company that doesn't understand that will find it a hard lesson to learn if you have a failure. Again you can buy the best server on the market and still have a failure within any given time period under warranty or outside of it.

 

[civic00typer]

Yeah, I know a single server (8-core) would be more than enough to run everything. I am just concerned about failover. Even high-end servers have a failure rate. Sometimes things go wrong.... maybe a bad day in China (no offense to anyone).

 

[ND40oz]

Ever heard of the saying "putting all your eggs in one basket"? I hope to God you're not an IT professional.

Second server in our example is not for load balancing (ie: 50 users being too much for a single server). Second server would be solely for backup purpose only.

Exactly. The only way I would go with a single server AD domain would be if I were running SBS. You should always have a second DC in case the first one fails. You need a secondary box to handle logins, DNS requests, printing and all your other services that you have that single server running if it goes down. Even if you have 4 hour response on that single box, you're screwed for that 4 hours.

 

[Dan_D]

Yeah, I know a single server (8-core) would be more than enough to run everything. I am just concerned about failover. Even high-end servers have a failure rate. Sometimes things go wrong.... maybe a bad day in China (no offense to anyone).

Agreed. Many times it isn't about power but redundancy. You also have to think about maintenence and other factors. For example if you have Exchange and everything else on one box and you've got a minor problem that can be solved by a reboot, the company and its' employees won't appreciate a reboot of the entire system to fix a simple glitch with SQL. However a seperate SQL server could be rebooted with no loss of uptime for other services.

Ever heard of the saying "putting all your eggs in one basket"? I hope to God you're not an IT professional.

Second server in our example is not for load balancing (ie: 50 users being too much for a single server). Second server would be solely for backup purpose only.

Exactly.

 

[maw]

A second machine is *crazy*... this is a small business. You could run a domain, dns, dhcp, exchange, SQL server, and ISA server with SBS 2003 with 75 users on a good quality server, let alone 50 users... serving an AD schema... that doesn't require two freaking servers for 50 users!

Buy better quality hardware if your motherboard's are failing.

I guess you're saying "quality" hardware never fails? And all those stupid IT departments investing in RAID arrays, redundant power supplies, server clusters, and backup DCs just never thought of your brilliant solution?

 

[urbanriot]

Ever heard of the saying "putting all your eggs in one basket"? I hope to God you're not an IT professional.

When I was a kid I was. Now I train and manage their managers.

Since we're getting personal, what do you do for a living?

I guess you're saying "quality" hardware never fails? And all those stupid IT departments investing in RAID arrays, redundant power supplies, server clusters, and backup DCs just never thought of your brilliant solution?

Uh, yea, those are IT departments... is everyone missing the fact that this is a terribly small business server of only 50 users!? My God.

Well, whatever, my brilliant solutions have record levels of uptime across a large number of corporations and I'm not losing any work. I suppose we all have our own experiences, and disasters. Fortunately, my implementations haven't required useless redundancy or have low disaster recovery times.

Addendum: Sorry, maybe my years of working with financial directors has jaded me so much that I don't expect extra redundancy to pass through a proposal. These days I have a hard enough time pushing through things that users need, let alone things that I want.

I retract my original comments... if your company has money to blow, by all means buy lots of servers. Redundant redundancy is never a bad thing from an IT standpoint. I suppose I should shift my POV a little.

 

[maw]

... is everyone missing the fact that this is a terribly small business server of only 50 users!? My God.

even a small company of 50 employees could have millions of dollars worth of business data on that server. Everything from salary schedules, client contracts, inventory tracking, banking information, legal documents, accounts payable/receivable, etc..etc...

The extra money spent on a proper redundant system will pay for itself several times over when your business doesn't screech to a standstill because of a server crash.

 

[urbanriot]

even a small company of 50 employees could have millions of dollars worth of business data on that server. Everything from salary schedules, client contracts, inventory tracking, banking information, legal documents, accounts payable/receivable, etc..etc...

The extra money spent on a proper redundant system will pay for itself several times over when your business doesn't screech to a standstill because of a server crash.

Yep, I realized that after I posted the first half of my post, before I updated it. I wish I had the pleasure of working with corporations whose accounting departments okay'd purchases that was more than the bare minimum of what was needed to get through. And now that I'm higher up the chain these days, I'm starting to lose the perspective that I used to have, whereby if an accounting director asks me, "do we absolutely need this?" I might be more inclined to say, "no." That coupled with yearly budgetary constraints, it's tough to squeeze those extra items through. Sadly, most of my contracts are corporate and not .gov or .edu so there's no room for waste.

 

[marley1]

it depends if the client could live without hte server for a day or so if something was to fail. if the answer is no, then you should get a secondary server.

primary server may be SBS2003? secondary server do Server 2003, running secondary DNS, AD, and DFS-R. Should be fine, no?

 

[Azhar]

When I was a kid I was. Now I train and manage their managers.

Since we're getting personal, what do you do for a living?

I'm an IT manager for a project management company. We're heavily invested in SQL database for multiple purposes: Sharepoint, Primavera Project Management, Exchange, Project and Quickbook being the most important as well as other minor database roles (ADP Payroll, etc). We have 2 AD/DNS servers (one being SBS 2003) and 3 terminal servers (2 RDP and 1 ICA Citrix), and I manage 37 laptops and 17 desktops as well as other technology equipments (cellphones, broadband cards, printers, company network, etc).

In short, I'm a certified IT Professional of many years (I'm 35) with intention of going back to school in the fall (Ivy Tech) to work on 2 certifications I've been putting off forever, MCSA and MCSE.. lol

 

[oakfan52]

it depends if the client could live without hte server for a day or so if something was to fail. if the answer is no, then you should get a secondary server.

primary server may be SBS2003? secondary server do Server 2003, running secondary DNS, AD, and DFS-R. Should be fine, no?

One thing that most people miss is true HA costs a lot of money. Most small-med bsuioness simple are not willing to shell out the money to get that type of redudancy. If you have a 2nd DC when the first one fails the users can still log in. Now what ? guess what they can't access file, print, get e-mail......they can't do anything.

SBS is designed to run on a single server. With solid hardware and good backups you will limit your down time while keeping hardware costs down.

 

[civic00typer]

... I wish I had the pleasure of working with corporations whose accounting departments okay'd purchases that was more than the bare minimum of what was needed to get through. And now that I'm higher up the chain these days, I'm starting to lose the perspective that I used to have, whereby if an accounting director asks me, "do we absolutely need this?" I might be more inclined to say, "no." That coupled with yearly budgetary constraints, it's tough to squeeze those extra items through. Sadly, most of my contracts are corporate and not .gov or .edu so there's no room for waste.

Most of my work-life has been spent at a University... I guess I don't understand budgetary restraints. If budgets are depleted by the end of year, the the next budget will be reduced. Maybe I should think.... blade cluster?

 

[civic00typer]

it depends if the client could live without hte server for a day or so if something was to fail. if the answer is no, then you should get a secondary server.

primary server may be SBS2003? secondary server do Server 2003, running secondary DNS, AD, and DFS-R. Should be fine, no?

Well... the client can probably live without its server for a day. I am just concerned that restoring an AD from backup won't go over too well if you are using different hardware. Why do I need DFS-R?

 

[civic00typer]

I'm an IT manager for a project management company. We're heavily invested in SQL database for multiple purposes: Sharepoint, Primavera Project Management, Exchange, Project and Quickbook being the most important as well as other minor database roles (ADP Payroll, etc). We have 2 AD/DNS servers (one being SBS 2003) and 3 terminal servers (2 RDP and 1 ICA Citrix), and I manage 37 laptops and 17 desktops as well as other technology equipments (cellphones, broadband cards, printers, company network, etc).

In short, I'm a certified IT Professional of many years (I'm 35) with intention of going back to school in the fall (Ivy Tech) to work on 2 certifications I've been putting off forever, MCSA and MCSE.. lol

Do you run the SQL DB on the AD servers? I have a heavy IO DB that I will be running for 35 simultaneous users... I purchased a Dell 2950 with 8x 146GB 2.5 SAS drives. I was thinking about running Exchange and SQL on this server. I was going to create a RAID 1 array for the system, RAID 5 array for the Exchange log files, and another RAID 5 array for the Exchange DB. I don't have very much experience with SQL... does it also have a "transaction" log?

 

[ND40oz]

Well... the client can probably live without its server for a day. I am just concerned that restoring an AD from backup won't go over too well if you are using different hardware. Why do I need DFS-R?

You can back up AD with a simple NT Backup and restore it to other hardware fairly easily. It's definitely the cheapest solution (free), just used a scheduled task and back it up nightly and then restore in directory services restore mode if you ever need to.

 

[Azhar]

Do you run the SQL DB on the AD servers? I have a heavy IO DB that I will be running for 35 simultaneous users... I purchased a Dell 2950 with 8x 146GB 2.5 SAS drives. I was thinking about running Exchange and SQL on this server. I was going to create a RAID 1 array for the system, RAID 5 array for the Exchange log files, and another RAID 5 array for the Exchange DB. I don't have very much experience with SQL... does it also have a "transaction" log?

I run the Exchange server on the AD/DNS server. Also Sharepoint. Exchange has it's own built-in database service. Sharepoint is using MSDE database server.

But I run MS SQL 2000 and 2005 on a seperate server for Veritas Backup Exec, Primavera Project Manager and other programs that use SQL.

 

[Dan_D]

You can back up AD with a simple NT Backup and restore it to other hardware fairly easily. It's definitely the cheapest solution (free), just used a scheduled task and back it up nightly and then restore in directory services restore mode if you ever need to.

NT Backup has many limitations though. Personally I can't stand it.

 

[civic00typer]

You can back up AD with a simple NT Backup and restore it to other hardware fairly easily. It's definitely the cheapest solution (free), just used a scheduled task and back it up nightly and then restore in directory services restore mode if you ever need to.

If I had to setup a new machine to take over the AD role, how would I restore the AD from the backup? Directory services restore mode will allow me to restore on the same domain controller, correct?

 

[civic00typer]

NT Backup has many limitations though. Personally I can't stand it.

I am with you. NT Backup is not an ideal solution. I have access to a Tivoli tape backup silo (TSM)... works nicely. However, the live system state backup doesn't work.

 

[Dan_D]

I am with you. NT Backup is not an ideal solution. I have access to a Tivoli tape backup silo (TSM)... works nicely. However, the live system state backup doesn't work.

I've never messed with the Tivoli Tape Backup Silo. I've just Arcserve and Veritas Backupexec. While both of them have their faults they get the job done and they aren't nearly as limited as NT Backup is.

 

[number69]

I've had good luck with:

http://www.symantec.com/business/products/overview.jsp?pcid=2244&pvid=57_1


http://www.symantec.com/business/products/newfeatures.jsp?pcid=2244&pvid=1602_1

 

[ND40oz]

NT Backup has many limitations though. Personally I can't stand it.

Yeah, I was just pointing out a free solution for a single server backup of AD, other then that it sucks, gotta love doing a mailbox restore on an Exchange 5.5 box with it...

 

[oakfan52]

Do you run the SQL DB on the AD servers? I have a heavy IO DB that I will be running for 35 simultaneous users... I purchased a Dell 2950 with 8x 146GB 2.5 SAS drives. I was thinking about running Exchange and SQL on this server. I was going to create a RAID 1 array for the system, RAID 5 array for the Exchange log files, and another RAID 5 array for the Exchange DB. I don't have very much experience with SQL... does it also have a "transaction" log?

Do not run RAID 5 for databases. Microsoft reccomends running RAID 10(or 1+0) for all exchange DB arrays. RAID 5 has a much higher IOPS cost than RAID10.

 

[jonw757]

Buy two midrange servers, make both DNS, GC whatever else you want. You can have multiple GC's. If they dont mind being down for a day or two then buy just one.

 

[Dan_D]

Do not run RAID 5 for databases. Microsoft reccomends running RAID 10(or 1+0) for all exchange DB arrays. RAID 5 has a much higher IOPS cost than RAID10.

Indeed it does but a good controller can eliminate the problem. The only issue there becomes cost. Either way it's going to cost you. RAID 5 has a lower disk cost in regard to redundancy but RAID 1+0 or RAID 10 will cost you more in disks.

 

[jonw757]

Indeed it does but a good controller can eliminate the problem. The only issue there becomes cost. Either way it's going to cost you. RAID 5 has a lower disk cost in regard to redundancy but RAID 1+0 or RAID 10 will cost you more in disks.

If your worrying about the performance impact of RAID 5 vs 10 then your probably going to have a busy enough database that money shouldn't be significant enough to need to use RAID5.

 

[Dan_D]

If your worrying about the performance impact of RAID 5 vs 10 then your probably going to have a busy enough database that money shouldn't be significant enough to need to use RAID5.

You'd be surprised. I've run into far more RAID5 setups in businesses of varying sizes than I have RAID 10 setups. Not saying it's right or wrong but I've seen it a lot.