are 2 Domain Controllers really necessary?

  • Thread starter Thread starter chrism
  • Start date Start date
C

chrism

I manage a small network of one AD Domain. I currently have two domain
controllers and I am starting a server consolidation project. My question
is: Do I really need 2 domain controllers? I have good system images of my
main FSMO DC and would like to get rid of the other DC. Is this a good
idea?

thanks

chrism
 
Not a good idea at all.

Motherboards go bad.
How long would it take you to recreate your domain from backups and images,
on a new server, with impatient users looking over your shoulder?

DDS
 
it would only take about 15 minutes (I have a sleeper server and am using
Backup Exec System Recovery Server for images).

If the main server that holds the two important Operations Master roles goes
down anyway then I still have to restore that. So why not just put all 5
FSMO roles on one server and image that?
 
Restoring a C from a drive image is not a good idea. It can cause
significant problems because of out of date AD changes and tombstone
issues. Keep the second DC. I consider it almost mandatory.

Regards,
Hank Arnold
 
how about SIDs (RIDs) that have already been used in ACLs after the backup?
Suddendly you revert back using an image and the system might re-issue a SID
to another security principal....in other words security issues

DON'T DO IT! (imaging DCs)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 
Back
Top