MCSE Designing a Microsoft Windows 2000 Directory Services Infrastructure Readiness Review; Exam 70-219 (Pro-Certification)
The second step in creating a site topology plan is to place domain controllers in sites. To place domain controllers, you must assess the organization's need for domain controllers and then determine the location of domain controllers for the organization. This lesson discusses how to place domain controllers in sites.
After this lesson, you will be able to
- Identify the factors in an organization's environment that impact its need for domain controllers
- Analyze an organization's environment to place domain controllers in sites
Estimated lesson time: 30 minutes
Understanding Domain Controller Placement
Recall that a domain controller is a computer running Windows 2000 Server that authenticates user logons and maintains the security policy and the master database for a domain. Because the availability of Active Directory depends on the availability of domain controllers, a domain controller must always be available so that the users can be authenticated. The need to have an available domain controller determines the sites in which domain controllers are placed. By placing domain controllers in sites to provide fault tolerance, you can ensure the availability of required functions.
When you install the first domain in a forest, a default site object named Default-First-Site-Name is created in the Sites container. The first domain controller is automatically installed into this site. You can change the name of the first site object. When you add subsequent domain controllers, the Active Directory Installation Wizard determines the site into which they are installed. The wizard checks existing sites for the subnet of the domain controller you are installing. If the subnet is found in an existing site, the domain controller is installed in that site. If the subnet is not found in an existing site, the wizard installs the new domain controller in the site of the first domain controller. If you need to create a new site for the new domain controller, you can create the site after Active Directory is installed and then move the domain controller from the site of the first domain controller to the new site.
Naming Domain Controllers and Computers
By default, a Windows 2000 domain controller and/or computer that is added to a domain will assign itself a fully qualified DNS name that consists of the computer's host name followed by the DNS name of the domain the computer has joined. For example, in Figure 6.4, the domain controllers DC01 and DC02 are located in the domain uk.microsoft.com, and the domain controller DC01 is located in the domain us.microsoft.com, so the fully qualified DNS names for the domain controllers become DC01.uk.microsoft.com, DC02.uk.microsoft.com, and DC01.us.microsoft.com.
Figure 6.4 Domain controller naming
Design Step: Placing Domain Controllers
To place domain controllers, you must complete the following tasks:
- Assess the organization's need for domain controllers.
- Determine the location of domain controllers for the organization.
Assessing the Need for Domain Controllers
To place domain controllers, you must first consult the
- Site diagram compiled earlier by your design team to view the sites defined for your network and determine the possible locations for domain controllers
- Network Architecture Worksheet, including defined domains, compiled earlier by your design team to find out location of domains for the organization
NOTE
A blank copy of the worksheet is located on the Supplemental Course Materials CD-ROM (\chapt02\worksheets). A completed example of the worksheet is located in Chapter 2, "Introduction to Designing a Directory Services Infrastructure."
In addition to assessing the information in these documents, it is imperative that you assess any changes that may be planned for the sites or domains to address growth, flexibility, and the ideal design specifications of the organization.
Determining the Location of Domain Controllers
For optimum network response time and application availability, place at least
- One domain controller in each site
A domain controller in each site provides users with a local computer that can service query requests for their domain over LAN connections.
- Two domain controllers in each domain
By placing at least two domain controllers in each domain, you provide redundancy and reduce the load on the existing domain controller in a domain. Recall that a domain controller can service only one domain.
NOTE
When a single site includes multiple domains, you cannot place a domain controller in the site and expect it to service more than one domain.
The following are reasons for placing additional domain controllers in a site:
- There are a large number of users in the site, and the link to the site is slow or near capacity.
If a site has slow logon times and slow authentication when attempting to access user resources, capacity may be insufficient. By monitoring domain controller usage you can determine whether there is enough processing power and bandwidth to service requests. If performance is lagging, you should consider adding another domain controller to the site.
- The link to the site is historically unreliable or only intermittently available.
If a single domain controller in a site fails, clients can connect to other domain controllers in other sites in the domain by crossing site links. However, if site links are unreliable, users on that site will not be able to log on to their computers. In this case, you should consider adding another domain controller to the site.
In some situations, it may not be efficient to place a domain controller in a site. These situations include
- Sites with small numbers of users
For sites with a small number of users, using available bandwidth to log on and query the directory may be more economical than adding a domain controller.
- Small sites that have client computers but no servers
For sites with no servers, a domain controller is not necessary. Users will still be able to log on using cached credentials if the site link fails. Because there are no server-based resources at the site, there is no need for further authentication.
Using Active Directory Sizer
To determine the number of domain controllers you need, you may want to use Active Directory Sizer, a tool for estimating the hardware required for deploying Active Directory based on your organization's profile, domain information, and site topology. We will experiment with Active Directory Sizer in Lesson 4, "Placing Global Catalog Servers and Operations Masters." For more information on Active Directory Sizer, visit http://www.microsoft.com/windows2000/library/resources/reskit/tools/new/adsizer-o.asp.
To place domain controllers
- On the site diagram, place a domain controller in each site except for sites with small numbers of users or no servers. Use a rectangle containing the domain controller's host name to represent the domain controller.
- Determine whether you need to place additional domain controllers in any of the sites and indicate them on the site diagram in the same manner.
- Ensure that there are at least two domain controllers in each domain by placing any additional domain controllers needed in the appropriate site.
Design Step Example: Placing Domain Controllers
Review Figure 6.3, which shows the site diagram for Margo Tea Company. Recall from Lesson 1 that Margo Tea Company requires only one domain. Figure 6.5 shows the location of domain controllers for Margo Tea Company. The reasons for locating domain controllers in this manner are
- One domain controller is placed in each site except the Charleston sales office to meet minimum requirements.
- A second domain controller is placed in each of the Cincinnati, Louisville, and Pittsburgh regional offices to handle the relatively large number of users in each of these sites.
- A second domain controller is placed in the Columbus distribution center because it has a periodically unavailable link to the Cincinnati headquarters location.
- A domain controller is not placed in the Charleston location because of the relatively small number of users in this location and because the link is operating well below capacity.
Figure 6.5 Domain controller locations for Margo Tea Company
Lesson Summary
In this lesson you learned how to place domain controllers for an organization by assessing an organization's need for domain controllers and determining where domain controllers should be placed. You learned that for optimum network response time and application availability, you should place at least one domain controller in each site and two domain controllers in each domain. You also learned when to consider placing additional domain controllers in a site, such as when there are a large number of users in the site and the link to the site is slow or near capacity, or when the link to the site is historically unreliable or only intermittently available. Finally, you learned to indicate the placement of domain controllers on the site diagram.