Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
One big main server 1
- Thread starter iolair
- Start date
- Thread starter
- #3
Yea they need to be split, although with your small environment, a single machine could handle all the functions, but maybe some of the below info will help you to see why thats not a good idea:
DNS & AD/DC--needs to be on the same server, but separated from all other functions (also should have at least 2 DCs as mentioned before if you want your domain to have 99.9% uptime)
ant-virus--this is just software and should be on all systems. On DCs, there are specific folders you MUST exclude from being scanned...otherwise you will break replication, cause excessive invalid replication attempts, etc. etc.
backup--if you are talking some kind of master server software that would back up multiple machines, then this needs to NOT be on the DC. If you are talking simply an agent such as veritas backup exec agent, or even ntbackup, then by all means, have this on each server you have that needs to be backed up (for instance, you do not necessarily need to backup something like a front end exchange server that cna be easily rebuilt).
file and printer sharing--I'm not a fan of having these things on a DC...but, with so few users, this is likely going to be ok to do.
DHCP--if it can be helped at all, DHCP should NOT be placed on a DC, as resource contention for the jet database engine can cause issues not only with the DHCP service, but also with file replication service. IF you only have 1 server period with no option to get another or make VMs, then file replication would not be a worry, and therefore DHCP on a DC should not be a worry. Since you need to have 2 DCs, obviously FRS will function between them, so DHCP should not be on those DCs.
- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
DNS & AD/DC--needs to be on the same server, but separated from all other functions (also should have at least 2 DCs as mentioned before if you want your domain to have 99.9% uptime)
ant-virus--this is just software and should be on all systems. On DCs, there are specific folders you MUST exclude from being scanned...otherwise you will break replication, cause excessive invalid replication attempts, etc. etc.
backup--if you are talking some kind of master server software that would back up multiple machines, then this needs to NOT be on the DC. If you are talking simply an agent such as veritas backup exec agent, or even ntbackup, then by all means, have this on each server you have that needs to be backed up (for instance, you do not necessarily need to backup something like a front end exchange server that cna be easily rebuilt).
file and printer sharing--I'm not a fan of having these things on a DC...but, with so few users, this is likely going to be ok to do.
DHCP--if it can be helped at all, DHCP should NOT be placed on a DC, as resource contention for the jet database engine can cause issues not only with the DHCP service, but also with file replication service. IF you only have 1 server period with no option to get another or make VMs, then file replication would not be a worry, and therefore DHCP on a DC should not be a worry. Since you need to have 2 DCs, obviously FRS will function between them, so DHCP should not be on those DCs.
- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
- Thread starter
- #7
That's probably OK. I want to stress again the importance of a second DC/DNS. Not just for uptime, but if you were to lose your first DC/DNS, you would have to re-add every computer account to the domain as well as recreate all of your users, groups, GPOs, etc.
Thanks,
Andrew
![[medal]](/data/assets/smilies/medal.gif "[medal] [medal]")
Hard work often pays off over time, but procrastination pays off right now!
Thanks,
Andrew
Hard work often pays off over time, but procrastination pays off right now!
well to be fair, you could recover fomr only having 1 DC in that situation easily as long as proper backups are taken, eliminating the worry of adding all suers and computers back...BUT, the realy problem is that your downtime would be extensive 
And yes, the other functions are ok on one server. Just be sure to time your backup jobs at night when the servers are bing accessed less, and ensure your antivirus scans against the server itself also occur during off hours, but not at the same time as the backup jobs if at all possible....
- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
And yes, the other functions are ok on one server. Just be sure to time your backup jobs at night when the servers are bing accessed less, and ensure your antivirus scans against the server itself also occur during off hours, but not at the same time as the backup jobs if at all possible....
- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
Somewhat true, but there would certainly be downtime. With a 2nd DC, and file & print on a separate box, there wouldn't be any real downtime.
Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
58sniper...you excluded the end of my sentence: BUT, the real problem is that your downtime would be extensive I have already reiterated many times a 2nd DC is necessary though...the statement was meant to convey that if he did lose his one and only DC, all is most certainly not lost if the DC has had normal backups...
acl03-my guess is second hardware is not an option here, otherwise, why would the question be asked about running all of this on one system. I am saying what I said in the context of the thinking the hardware issue on the same server will be corrected (replace failed HDD or what have you) before the restore takes place. I have alot of experience with DC restores though, so I do not find restores to dissimilar hardware that difficult. As long as the kb is followed step by step, he should be fine.
- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
I have already reiterated many times a 2nd DC is necessary though...the statement was meant to convey that if he did lose his one and only DC, all is most certainly not lost if the DC has had normal backups...acl03-my guess is second hardware is not an option here, otherwise, why would the question be asked about running all of this on one system. I am saying what I said in the context of the thinking the hardware issue on the same server will be corrected (replace failed HDD or what have you) before the restore takes place. I have alot of experience with DC restores though, so I do not find restores to dissimilar hardware that difficult. As long as the kb is followed step by step, he should be fine.
- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
- Thread starter
- #13
Thanks again. It sounds like restoring the DC happens often. Is that true? We never had to restore eDirectory or NIS, they never needed it.
Yes, for now, hardware is not an option due to budget constraints. However, in the future, it might be possible to have two identical sets of hardware...........
Yes, for now, hardware is not an option due to budget constraints. However, in the future, it might be possible to have two identical sets of hardware...........
iolair, not sure if you have an old PC laying around....but that is more than enough to handle a domain controller.
In either case, make SURE you are taking system state backups on a regular basis...and storing them on a location other than your DC. (preferably stored in another building)
Thanks,
Andrew
Hard work often pays off over time, but procrastination pays off right now!
In either case, make SURE you are taking system state backups on a regular basis...and storing them on a location other than your DC. (preferably stored in another building)
Thanks,
Andrew
Hard work often pays off over time, but procrastination pays off right now!
no a DC restore is not a very common thing...but if it does happen, you dont want stuck with your hands in your pants
- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
- Thread starter
- #16
That's good. Do you test them? Most people (myself included most of the time) assume the backups are working and never actually restore.
Once, for the heck of it, I decided to try restoring my active directory from a system state backup to different hardware from where it came. It was a few years ago, but took a lot of messing with to get working (but it did, eventually).
See this article:
Thanks,
Andrew
Hard work often pays off over time, but procrastination pays off right now!
Once, for the heck of it, I decided to try restoring my active directory from a system state backup to different hardware from where it came. It was a few years ago, but took a lot of messing with to get working (but it did, eventually).
See this article:
Thanks,
Andrew
Hard work often pays off over time, but procrastination pays off right now!- Thread starter
- #18
I test the restore about once a month. Maybe not enough, once a month. When we were running Netware, we didn't worry so much because we knew salvage would usually work on single files. I am doing a system state backup, but haven't tested it. I will now that you've given me that link. Thanks.
Iolair MacWalter
Network Engineer
Iolair MacWalter
Network Engineer
-
1
- #19
FYI - Shadow copies is sort of the Windows version of Netware's salvage
Introduction to Shadow Copies of Shared Folders
Paul
MCSA:2003
MCSE:2003
MCITP:Enterprise Administrator
If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
Introduction to Shadow Copies of Shared Folders
Paul
MCSA:2003
MCSE:2003
MCITP:Enterprise Administrator
If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
- Status
Similar threads
- Locked
- Question
- Locked
- Question