1

Hi,

So I have 2 domain controllers at each site, both are connected over MPLS, so thats 4 domain controllers in total. One domain controller at one of the sites is the PDC with the FSMO roles. All DCs are Windows 2003 on physical servers.

So I will be upgrading these to Windows 2012 in a virtualised environment. I am just wondering why it was setup in this way? Do I really need 4 for 2 sites?

Any recommendations on options based on that I will be moving DCs to Windows 2012?

Site 1 where the PDC is only has 30 users
Site 2 has 120 Users.

thanks.

3 Spice ups
2

sounds a little overkill. somebody was really worried about a local DC going down.

we have 4 sites with 1 DC at each site. all works well. (knocking on wood as i type)

3

One at each site would be sufficient.

At site 1, have the DNS configured for your clients so that they use site 1 as primary and site 2 for secondary and vice-versa for site 2. It’ll stop unnecessary traffic on the link and provide a backup should a DC go down.

4 Spice ups
4

Thought it was overkill myself. My only thought is they were protecting against the mpls going down so they would still have 2 dcs at each site. Come to think of it i dont think they would have had mpls back when they deployed the 2003 servers - maybe thats why. Im wondering if i should make one read only?

2 Spice ups
5

Sounds like redundant redundancy. One at each site is plenty. They can act as secondaries for each other. Remember that the idea of a PDC no longer exists, so they are all just DC’s with certain roles. You can duplicate the roles to save on bandwidth if you like, and even use them as backup file locations for each other. Just remember to set up the “Sites” in AD with DNS and DHCP allocations per site.

6

You CANNOT duplicate the fsmo roles in a single domain

7

we have 11 locations with 2 dc’s at our main office and a single dc in each other location all connected via mpls. I agree that whoever put 2 at EACH site must have worked for the department of redundancy department… (or got something from the backend on sales?)

an argument can be made for 2 at the primary location esp if one is hardware.

2 Spice ups
8

I use the solution of rockman too, 2 DC at HQ site and 1 at each branch office.

9

@Gary where were you when I needed you, I hope you doing well sir. long time no see.

long live the Symbs

10

Just checked where the FSMO roles were assigned to. I noticed the Schema role was at one DC in Site 1 and all other 4 roles were on a DC at Site 2.

Why would anyone do that?

11

I seem to recall that M$ recommended splitting up FSMO roles when Server 2003 dropped. As others have stated, they are all DCs now and a single DC can safely hold all FSMO roles. I will say that when I work with M$ PFEs, they do still refer to the FSMO role holder as the PDC.

Gary D Williams recommendation for splitting up DNS so that you have the remote site as your secondary is solid. You could also employ DHCP split scopes across the sites so that users are able to obtain DHCP leases should the local DC go down (*you will need to add the dhcp helper address to your local switches for the remote sites).

Also, you mentioned ‘upgrading’ the DCs. I would just deploy the new Server 2012 boxes (or VMs) and prep the domain for the introduction of a 2012 DC. Then let them replicate with the current DCs, transfer roles, then go through the process of demoting the current DCs. Once that is complete you can look to raise your domain functional level, provided there are no dependencies in your environment that would prevent this action.

Regards,
Brian

12

Oh so I can transfer all the roles to 2012 and demote and decomission 2003, while still keeping Exchange 2003 working? So 2012 DC will functional level will be 2003 until I raise it? Effectively I can go ahead and decomission the 2003 DCs and only when Exchange 2003 is out of the way, I can raise the functional level for 2012?

13

Hello Keg,

I believe that you have just changed the entire scope of your original question that will effectively nullify all of the advice you have received to this point. A friendly recommendation would be to include as much information as possible up front so that you receive the best possible advice.

If you have an active Exchange 2003 environment, then you cannot introduce Server 2012 Domain Controllers, this is not supported by M$. The highest you can go is to Server 2008 R2. It does not matter what the Domain Functional Level is, Server 2012 DCs are not supported.

If you have plans to upgrade to a later version of Exchange, or migrate to O365, then you will have to do that project first. Then completely remove Exchange 2003 from the environment. If not, and you still want to retire the Server 2003 DCs, then you can only migrate to Server 2008 R2.

Here are a couple of articles on removing Exchange 2003 from the environment once your migration to a new mail platform is complete.

http://technet.microsoft.com/en-us/library/bb288905(v=exchg.80).aspx
http://www.msexchange.org/articles-tutorials/exchange-server-2003/migration-deployment/Remove-Exchange-server-entire-Exchange-organization.html

HTH

Regards,
Brian