Jump to content

Active directy advise

agatong55
By agatong55
in Servers, NAS, and Home Lab
 Share
Posted

With current laws that are about to take place for my work, we now need an active directy so I am looking at what is the best way to go about doing this.

We have about 500 employees with about 400 computers ( a lot of people share ) but spread out with 7 different locations. 

Would it just be easier to have 1 server and 1 backup located at 1 location or 1 server at each location?

I will be building over kill servers just as a ease of mind so thats not an issue for the config. but it just comes down to for those who have more experience with this what the best solution would be.

 

Link to comment
https://linustechtips.com/topic/1461015-active-directy-advise/
Share on other sites
Link to post
Share on other sites
Posted
11 minutes ago, agatong55 said:

With current laws that are about to take place for my work, we now need an active directy so I am looking at what is the best way to go about doing this.

We have about 500 employees with about 400 computers ( a lot of people share ) but spread out with 7 different locations. 

Would it just be easier to have 1 server and 1 backup located at 1 location or 1 server at each location?

I will be building over kill servers just as a ease of mind so thats not an issue for the config. but it just comes down to for those who have more experience with this what the best solution would be.

 

It's recommended to have two DCs at the main site, and at the other sites you can get away with one, but again having 2 is ideal. Also I would make the DCs are in each site, read only as you don't want to have writable domain controllers, this helps with security.

 

Do forget to set up replication on each of the site DCs. 

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 32 GB (4x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitor: 24" Acer S240HLBID | OS: Win 11 Pro.

 

Home Lab:  Lenovo ThinkCenter M82 Hyper-V Server 2022 | Dell OptiPlex 9020 Hyper-V Server 2022 | TP-LINK TL-SG108E | Cisco Catalyst C2960CG 8 Port Switch | HP MicroServer G8 SCCM Server | 2x Dell PowerEdge R630 Hyper-V Server 2022

 

 

Link to comment
https://linustechtips.com/topic/1461015-active-directy-advise/#findComment-15606105
Share on other sites
Link to post
Share on other sites
Posted

I'm surprised you didn't have AD already with that amount of employees and computers.

 

In general you want a Domain Controller at each site you have, they do not need to be powerful but it's generally not a good idea to make AD joined computers talk to AD across WAN links and other similar slower/high latency links, it gives a poor user experience among other issues.

 

Smaller sites with only a few computers it can be fine but honestly this is where an Intel NUC fits in well, low cost and will run Domain Controller role no trouble at all.

 

Your other option is actually Azure AD and Intune and no onsite/local Domain Controllers.

 

Realistically consult a local IT services company and get a design proposal and statement of work.

Link to comment
https://linustechtips.com/topic/1461015-active-directy-advise/#findComment-15606122
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Servers, NAS, and Home Lab

×