3. Configuring Server Topology
When you are using environments that require
multiple sites, you must carefully consider where you place your
servers. In doing so, you can greatly improve performance and the end
user's experience by reducing the time they must spend performing
common operations such as authentication or searching Active Directory
for resources.
There are two main issues to consider when you are
designing a distributed Active Directory environment. The first is how
you should place domain controllers within the network environment. The
second is how to manage the use of Global Catalog (GC) servers. Finding
the right balance between servers, server resources, and performance
can be considered an art form for network and systems administrators.
In the following sections, you'll look at some of the important
considerations you must take into account when you design a replication
server topology.
3.1. Placing Domain Controllers
Microsoft highly recommends that you have at least
two domain controllers in each domain of your Active Directory
environment. Using additional
domain controllers provides the following benefits:
Increased network performance:
Fault
tolerance (In case one domain controller fails, the other still
contains a valid and usable copy of the Active Directory database).
In Windows Server 2008, RODCs help increase security when users connect to a domain controller in a unsecured remote location.
As we just mentioned, having too few domain controllers can be a problem. However, you can also have too many.
Keep in mind that the more domain controllers you choose to implement,
the greater the replication traffic among them. Because each domain
controller must propagate any changes to all of the others, compounding
services can result in increased network traffic.
3.2. Placing Global Catalog Servers
A Global Catalog (GC)
server is a domain controller that contains a copy of all the objects
contained in the forest-wide domain controllers that compose the Active
Directory database. Making a domain controller a GC server is very
simple, and you can change this setting quite easily. That brings us to
the harder part—determining which domain controllers should also be GC
servers.
Where you place domain controllers and GC servers, and how many you deploy, are very important network planning decisions.
Generally, you want to make GC servers available in
every site that has a slow link. This means that the most logical
places to put GC servers are in every site and close to the WAN link
for the best possible connectivity
However, having too many GC servers a bad thing. The
main issue is associated with replication traffic—you must keep each GC
server within your environment synchronized with the other servers. In
a very dynamic environment, using additional GC servers causes a
considerable increase in additional network traffic.
Therefore, you will want to find a good balance between replication burdens and GC query performance in your own environment.
To create a GC server, simply expand the Server
object in the Active Directory Sites And Services tool, right-click
NTDS settings, and select Properties to bring up the NTDS Settings
Properties dialog box (see Figure 7). To configure a server as a GC server, simply place a check mark in the Global Catalog box.
