I have a really stupid question for you all. I have 4 DCs in a 400 workstations 3 of my domains are server 2003 and one is 2008 R2. So I’m not really to sure how the DC work and I Recently took over doing the System Admin job here. Well we are running AD 2003 still. I am looking to upgrade to 2008 in the near future.<\/p>\n

Advertisement

Close

The question I have is do I really need 4 DCs for a domain that has only 400 Workstations.<\/p>\n

Advertisement

Close

the second part of this question is How can I tell what roles each DC have.<\/p>\n

the reason I ask this is because here comes the 3rd Question I have is I have notice that all my Workstation connect to different DCs and the understanding that I have always had was everyone Connects to the PDC and the Secondaries are only for fail over support such as if the PDC fails.<\/p>\n

So I guess this is the 4th question I have for you. Am I right in my thinking about the Users authenticating with the PDC and should only connect to another DC if the PDC fails?<\/p>\n

I found all this out in the Last few days when I discover that I have have replication issues and Some workstations weren’t able to get GPOs.<\/p>\n

I thank you in advance for helping me with this I’m still learning the whole AD world One step at a time.<\/p>","upvoteCount":4,"answerCount":13,"datePublished":"2013-01-10T12:01:51.000Z","author":{"@type":"Person","name":"johnhamilton","url":"https://community.spiceworks.com/u/johnhamilton"},"acceptedAnswer":{"@type":"Answer","text":"

To determine FSMO roles do the following:<\/p>\n

How to Determine the RID, PDC, and Infrastructure FSMO Holders of a Selected Domain<\/p>\n

\n
1. Click Start, click Run, type dsa.msc, and then click OK.<\/li>\n
2. Right-click the selected Domain Object in the top left pane, and then click Operations Masters.<\/li>\n
3. Click the PDC tab to view the server holding the PDC master role.<\/li>\n
4. Click the Infrastructure tab to view the server holding the Infrastructure master role.<\/li>\n
5. Click the RID Pool tab to view the server holding the RID master role.<\/li>\n<\/ol>\n

   How to Determine the Schema FSMO Holder in a Forest<\/p>\n

   \n
   1. Click Start, click Run, type mmc, and then click OK.<\/li>\n
   2. On the Console menu, click Add/Remove Snap-in, click Add, double-click Active Directory Schema, click Close, and then click OK.<\/li>\n
   3. Right-click Active Directory Schema in the top left pane, and then click Operations Masters to view the server holding the schema master role.
      \nNOTE: For the Active Directory Schema snap-in to be available, you may have to register the Schmmgmt.dll file. To do this, click Start, click Run, type regsvr32 schmmgmt.dll in the Open box, and then click OK. A message is displayed that states the registration was successful.<\/li>\n<\/ol>\n

      How to Determine the Domain Naming FSMO Holder in a Forest<\/p>\n

      \n
      1. Click Start, click Run, type mmc, and then click OK.<\/li>\n
      2. On the Console menu, click Add/Remove Snap-in, click Add, double-click Active Directory Domains and Trusts, click Close, and then click OK.<\/li>\n
      3. In the left pane, click Active Directory Domains and Trusts.<\/li>\n
      4. Right-click Active Directory Domains and Trust, and then click Operations Master to view the server holding the domain naming master role in the Forest.<\/li>\n<\/ol>\n

         As far as redundancy, it is always best to have at least two DC’s. I have four running in my network and there are never any problems. You can also use dcdiag /test:replications to test AD replication as well.<\/p>","upvoteCount":1,"datePublished":"2013-01-10T12:50:57.000Z","url":"https://community.spiceworks.com/t/question-about-domain-controllers/186265/4","author":{"@type":"Person","name":"mikeward5221","url":"https://community.spiceworks.com/u/mikeward5221"}},"suggestedAnswer":[{"@type":"Answer","text":"

         I have a really stupid question for you all. I have 4 DCs in a 400 workstations 3 of my domains are server 2003 and one is 2008 R2. So I’m not really to sure how the DC work and I Recently took over doing the System Admin job here. Well we are running AD 2003 still. I am looking to upgrade to 2008 in the near future.<\/p>\n

         The question I have is do I really need 4 DCs for a domain that has only 400 Workstations.<\/p>\n

         the second part of this question is How can I tell what roles each DC have.<\/p>\n

         the reason I ask this is because here comes the 3rd Question I have is I have notice that all my Workstation connect to different DCs and the understanding that I have always had was everyone Connects to the PDC and the Secondaries are only for fail over support such as if the PDC fails.<\/p>\n

         So I guess this is the 4th question I have for you. Am I right in my thinking about the Users authenticating with the PDC and should only connect to another DC if the PDC fails?<\/p>\n

         I found all this out in the Last few days when I discover that I have have replication issues and Some workstations weren’t able to get GPOs.<\/p>\n

         I thank you in advance for helping me with this I’m still learning the whole AD world One step at a time.<\/p>","upvoteCount":4,"datePublished":"2013-01-10T12:01:51.000Z","url":"https://community.spiceworks.com/t/question-about-domain-controllers/186265/1","author":{"@type":"Person","name":"johnhamilton","url":"https://community.spiceworks.com/u/johnhamilton"}},{"@type":"Answer","text":"

         In 2000 and later all DCs are peers, so users will authenticate to any DC which is close to them and online. Are all your systems at one site or are they multiple places? You should have at least 2 DCs for redundancy, but 4 on a single site may be overkill.<\/p>","upvoteCount":0,"datePublished":"2013-01-10T12:05:38.000Z","url":"https://community.spiceworks.com/t/question-about-domain-controllers/186265/2","author":{"@type":"Person","name":"justin.davison","url":"https://community.spiceworks.com/u/justin.davison"}},{"@type":"Answer","text":"