{"id":1583,"date":"2017-12-18T09:00:34","date_gmt":"2017-12-18T09:00:34","guid":{"rendered":"http:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/?p=1583"},"modified":"2017-12-18T09:00:34","modified_gmt":"2017-12-18T09:00:34","slug":"how-many-ad-controllers-do-i-need","status":"publish","type":"post","link":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/2017\/12\/18\/how-many-ad-controllers-do-i-need\/","title":{"rendered":"How many AD Controllers do I need?"},"content":{"rendered":"

\t\t\t\t<![CDATA[Is this a strange question?\u00a0 Some would think so.\u00a0 I have known\u00a0 a local IT shop that had only one.\u00a0 They lost it in a storm, had no backup, and paid $35K to have an IT company make a new one.\u00a0 After that, they still only had one!\u00a0 Later the local IT company was hired to augment the IT shop, and they immediately put in a BDC.\u00a0 Theirs actually became the PDC (yes those term still exist in FSMO) and then it was later removed when their contract ended, leaving not PDC.\u00a0 So, is it a bad question?\u00a0 I think not.
\nNow the most basic answer, for a single location situation, is 2.\u00a0 Just not 1!\u00a0 \u00a0If you have multiple locations I would have 1 at each location.\u00a0 For a school district (or business) with multiple complexes, a Domain Controller at each complex location would be optimal.\u00a0 Each DC should handle DHCP and DNS as well.\u00a0 This allows for local logons to be optimal, with little or no delay.\u00a0 Additionally I would recommend file servers per complex so that the user files are as local as possible.\u00a0 A single VMWare (or Hyper-V) machine can handle these various servers (I still make separate role servers) easily.
\n\"\"<\/a>\"\"
\nServer 2016 lets you split DHCP ranges.\u00a0 As I have different VLANs and ranges per building, I can give the building primary (the close one) most of the range.\u00a0 I do this by making the VLAN on the machine at the location have no delay, and then put in a delay in that VLAN for the other DCs.\u00a0 Even in a single location situation I would recommend a delay on the BDC.\u00a0 This allow one machine to handle normal logons, and allows you a way to gauge your network.\u00a0 I have a 1ms delay on the BDC and it gets about 5% of the logons.\u00a0 This is excellent feedback that the network is running well, and is healthy.\u00a0 If I had a 1ms delay and 40-60% of the logons were on the BDC, I could have an issue.
\nI have a 10G network with all workstations on 1G connections, including the wireless APs.\u00a0 The APs are AC and can handle 200 clients, with an AP in every room.\u00a0 I also have a single location situation with 1200 devices (plus student and staff BYOD connecting as well.)
\nBack to logon delay.\u00a0 I would highly recommend playing with this to find your network sweet spot.\u00a0 Find the __ms setting that results in a 10% or lower fallback to the DC that is secondary (or tertiary).\u00a0 If every DC is primary on a different VLAN (the primary VLAN for the physical location) then you have fallback for heavy logon times while maintaining the fastest speeds.
\nWith network bandwidth becoming more an issue every day, it is our responsibility as IT professionals to make the user experience and fast and flawless as possible.\u00a0 We impact the business at hand, and possible loss of production, more than some realize.\u00a0 Finding the sweet spot for network logons, file access, and internet access, is one the primary ways we can make the things we do in the background obvious to those we support.]]>\t\t<\/p>\n","protected":false},"excerpt":{"rendered":"

<![CDATA[Is this a strange question?\u00a0 Some would think so.\u00a0 I have known\u00a0 a local IT shop that had only one.\u00a0 They lost it in a storm, had no backup, and paid $35K to have an IT company make a new one.\u00a0 After that, they still only had one!\u00a0 Later the local IT company was hired … Continue reading How many AD Controllers do I need?<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-1583","post","type-post","status-publish","format-standard","hentry","category-tech-staff"],"_links":{"self":[{"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/posts\/1583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/comments?post=1583"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/posts\/1583\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/media?parent=1583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/categories?post=1583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/tags?post=1583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}