The second step in creating a site topology plan is to place domain controllers in sites. To place domain controllers, you must assess the organization's need for domain controllers and then determine the location of domain controllers for the organization. This lesson discusses how to place domain controllers in sites.
After this lesson, you will be able to
Estimated lesson time: 30 minutes
Recall that a domain controller is a computer running Windows 2000 Server that authenticates user logons and maintains the security policy and the master database for a domain. Because the availability of Active Directory depends on the availability of domain controllers, a domain controller must always be available so that the users can be authenticated. The need to have an available domain controller determines the sites in which domain controllers are placed. By placing domain controllers in sites to provide fault tolerance, you can ensure the availability of required functions.
When you install the first domain in a forest, a default site object named Default-First-Site-Name is created in the Sites container. The first domain controller is automatically installed into this site. You can change the name of the first site object. When you add subsequent domain controllers, the Active Directory Installation Wizard determines the site into which they are installed. The wizard checks existing sites for the subnet of the domain controller you are installing. If the subnet is found in an existing site, the domain controller is installed in that site. If the subnet is not found in an existing site, the wizard installs the new domain controller in the site of the first domain controller. If you need to create a new site for the new domain controller, you can create the site after Active Directory is installed and then move the domain controller from the site of the first domain controller to the new site.
By default, a Windows 2000 domain controller and/or computer that is added to a domain will assign itself a fully qualified DNS name that consists of the computer's host name followed by the DNS name of the domain the computer has joined. For example, in Figure 6.4, the domain controllers DC01 and DC02 are located in the domain uk.microsoft.com, and the domain controller DC01 is located in the domain us.microsoft.com, so the fully qualified DNS names for the domain controllers become DC01.uk.microsoft.com, DC02.uk.microsoft.com, and DC01.us.microsoft.com.
Figure 6.4 Domain controller naming
To place domain controllers, you must complete the following tasks:
To place domain controllers, you must first consult the
A blank copy of the worksheet is located on the Supplemental Course Materials CD-ROM (\chapt02\worksheets). A completed example of the worksheet is located in Chapter 2, "Introduction to Designing a Directory Services Infrastructure."
In addition to assessing the information in these documents, it is imperative that you assess any changes that may be planned for the sites or domains to address growth, flexibility, and the ideal design specifications of the organization.
For optimum network response time and application availability, place at least
A domain controller in each site provides users with a local computer that can service query requests for their domain over LAN connections.
By placing at least two domain controllers in each domain, you provide redundancy and reduce the load on the existing domain controller in a domain. Recall that a domain controller can service only one domain.
When a single site includes multiple domains, you cannot place a domain controller in the site and expect it to service more than one domain.
The following are reasons for placing additional domain controllers in a site:
If a site has slow logon times and slow authentication when attempting to access user resources, capacity may be insufficient. By monitoring domain controller usage you can determine whether there is enough processing power and bandwidth to service requests. If performance is lagging, you should consider adding another domain controller to the site.
If a single domain controller in a site fails, clients can connect to other domain controllers in other sites in the domain by crossing site links. However, if site links are unreliable, users on that site will not be able to log on to their computers. In this case, you should consider adding another domain controller to the site.
In some situations, it may not be efficient to place a domain controller in a site. These situations include
For sites with a small number of users, using available bandwidth to log on and query the directory may be more economical than adding a domain controller.
For sites with no servers, a domain controller is not necessary. Users will still be able to log on using cached credentials if the site link fails. Because there are no server-based resources at the site, there is no need for further authentication.
Using Active Directory Sizer
To determine the number of domain controllers you need, you may want to use Active Directory Sizer, a tool for estimating the hardware required for deploying Active Directory based on your organization's profile, domain information, and site topology. We will experiment with Active Directory Sizer in Lesson 4, "Placing Global Catalog Servers and Operations Masters." For more information on Active Directory Sizer, visit http://www.microsoft.com/windows2000/library/resources/reskit/tools/new/adsizer-o.asp.
To place domain controllers
Review Figure 6.3, which shows the site diagram for Margo Tea Company. Recall from Lesson 1 that Margo Tea Company requires only one domain. Figure 6.5 shows the location of domain controllers for Margo Tea Company. The reasons for locating domain controllers in this manner are
Figure 6.5 Domain controller locations for Margo Tea Company
In this lesson you learned how to place domain controllers for an organization by assessing an organization's need for domain controllers and determining where domain controllers should be placed. You learned that for optimum network response time and application availability, you should place at least one domain controller in each site and two domain controllers in each domain. You also learned when to consider placing additional domain controllers in a site, such as when there are a large number of users in the site and the link to the site is slow or near capacity, or when the link to the site is historically unreliable or only intermittently available. Finally, you learned to indicate the placement of domain controllers on the site diagram.