{"id":1216,"date":"2008-09-23T08:00:38","date_gmt":"2008-09-23T08:00:38","guid":{"rendered":"http:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm"},"modified":"2008-09-23T08:00:42","modified_gmt":"2008-09-23T08:00:42","slug":"active-directory-design-considerations-part-6-domain-controller-placement","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm","title":{"rendered":"Active Directory design considerations: part 6 (domain controller placement and site design)"},"content":{"rendered":"<p>Continuing the <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-1-introduction.htm\">series of posts about design considerations for Microsoft Active Directory (AD)<\/a>, based around the <a href=\"http:\/\/blogs.technet.com\/mcstalks\/\">MCS Talks: Enterprise Architecture<\/a> series of webcasts, this post discusses the design considerations for placement of Active Directory domain controllers and the associated site links.<\/p>\n<p>Domain controller (DC) placement can have a huge impact on user experience (e.g. the impact on logon times) but generally the choices are for placement on hub sites or at satellite (branch) locations and these should each be considered on a case-by-case basis, looking at the network and application requirements.<\/p>\n<p>It&#8217;s worth mentioning that available network bandwidth has generally increased considerably since early Active Directory deployments were designed and this will allow for consolidation of the overall number of domain controllers in many cases.<\/p>\n<p>With regards to global catalog (GC) servers, there are very few reasons not to make all domain controllers global catalog servers. Indeed, in a single-domain forest, all domain controllers are effectively GCs.  In particular, multi-domain forests using user principle names (UPNs) for logon should consider making each DC a GC.<\/p>\n<p><a href=\"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/windows-server-2008-read-only-domain-controllers.htm\">Read-only domain controllers (RODCs)<\/a> are new in Windows Server 2008 and provide read-only access to Active Directory.  Many people (<a href=\"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/a-look-forward-to-windows-server-2008.htm\">myself included<\/a>) have compared this functionality with Windows NT backup domain controllers (BDCs) but that&#8217;s not a true comparison as no passwords are stored locally and an RODC cannot be promoted to a full DC. The introduction of RODC functionality is really a security feature to mitigate against the theft of a DC on a high-risk site (e.g. a branch location without a physically secure computer room) and is not really intended for DMZ access to AD.  RODCs can reduce replication, as they only replicate inbound traffic; however where users travel between several remote sites they can increase logon traffic as the users details may not be available on the RODC.<\/p>\n<p>The decision as to whether to deploy an RODC or a full DC will depend on:<\/p>\n<ul>\n<li>Application requirements (e.g. does the application need to write to the directory).<\/li>\n<li>Site topology (e.g. site link bridging turned off &#8211; see below).<\/li>\n<li>Password replication policy (no account caching will lead to increased WAN\/hub DC traffic).<\/li>\n<\/ul>\n<p><a href=\"http:\/\/technet.microsoft.com\/en-gb\/library\/cc771744.aspx\">Further details may be found in Microsoft&#8217;s RODC planning and deployment guide<\/a>.<\/p>\n<p>AD site design is closely linked to DC placement and there are two basic models:<\/p>\n<ol>\n<li>A logical site for every physical location, assigning subnets for each physical location to the corresponding site.<\/li>\n<li>A logical site for every physical location that has one or more DCs, assigning subnets for physical locations to the most appropriate site (based on the underlying network).<\/li>\n<\/ol>\n<p>Both approaches work well; however with the first option, DNS site coverage must be considered (i.e. ensure that that appropriate name server records are in place).  With the second option, clients are automatically referred.  It&#8217;s also worth considering other applications (e.g. DFSR) and if there is no DC on site then option 1 may make more sense.<\/p>\n<p>Site links should map to the underlying physical network with <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2004\/01\/determining-costs-for-active-directory.htm\">appropriate costs<\/a> and replication schedules applied.  According to Microsoft, one common mistake is to assign all sites to the DEFAULTIPSITELINK &#8211; effectively using a single link for replication and preventing the application of appropriate costs for least-cost routing.<\/p>\n<p>Also, the option to bridge all site links is on my default and, although this is appropriate on a fully routable network (i.e. one where all DCs can communicate freely) it is not recommended for branch offices (due to the overheads associated with the intersite messaging transport and calculating site links) and can be disabled using <code>repadmin \/siteoptions<\/code> (which still allows DFSR to calculate site link costs).<\/p>\n<p>Custom site link bridges may be used where a network is not fully routable (e.g. if firewalls restrict communication between DCs).<\/p>\n<p>The AD replication topology is automatically managed by the knowledge consistency checker (KCC) based on the site link design, automatically creating the connection objects that are required for replication.  The KCC-generated topology is used for AD and sysvol replication using the file replication service (FRS); however in Windows Server 2008 sysvol is replicated using DFSR, once the domain functional level is at Windows Server 2008.  This increases scalability (removing inefficiencies around <a href=\"http:\/\/technet.microsoft.com\/en-gb\/library\/cc758169.aspx\">FRS version vector joins<\/a>).  For new Windows Server 2008 native domains, replication of sysvol via DFSR is automatic but <a href=\"http:\/\/blogs.technet.com\/filecab\/archive\/2008\/02\/08\/sysvol-migration-series-part-1-introduction-to-the-sysvol-migration-process.aspx\">for upgraded domains there is a migration process to follow<\/a>.<\/p>\n<p>In the next post in this series, I&#8217;ll take a look at the design considerations for domain controller configuration.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Continuing the series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, this post discusses the design considerations for placement of Active Directory domain controllers and the associated site links. Domain controller (DC) placement can have a huge impact on user experience (e.g. the &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Active Directory design considerations: part 6 (domain controller placement and site design)<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[],"tags":[102],"class_list":["post-1216","post","type-post","status-publish","format-standard","hentry","tag-active-directory"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Active Directory design considerations: part 6 (domain controller placement and site design) - markwilson.it<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Active Directory design considerations: part 6 (domain controller placement and site design) - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"Continuing the series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, this post discusses the design considerations for placement of Active Directory domain controllers and the associated site links. Domain controller (DC) placement can have a huge impact on user experience (e.g. the &hellip; Continue reading Active Directory design considerations: part 6 (domain controller placement and site design)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2008-09-23T08:00:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2008-09-23T08:00:42+00:00\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2008\\\/09\\\/active-directory-design-considerations-part-6-domain-controller-placement.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2008\\\/09\\\/active-directory-design-considerations-part-6-domain-controller-placement.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"Active Directory design considerations: part 6 (domain controller placement and site design)\",\"datePublished\":\"2008-09-23T08:00:38+00:00\",\"dateModified\":\"2008-09-23T08:00:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2008\\\/09\\\/active-directory-design-considerations-part-6-domain-controller-placement.htm\"},\"wordCount\":759,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"keywords\":[\"Microsoft Active Directory\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2008\\\/09\\\/active-directory-design-considerations-part-6-domain-controller-placement.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2008\\\/09\\\/active-directory-design-considerations-part-6-domain-controller-placement.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2008\\\/09\\\/active-directory-design-considerations-part-6-domain-controller-placement.htm\",\"name\":\"Active Directory design considerations: part 6 (domain controller placement and site design) - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"datePublished\":\"2008-09-23T08:00:38+00:00\",\"dateModified\":\"2008-09-23T08:00:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2008\\\/09\\\/active-directory-design-considerations-part-6-domain-controller-placement.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2008\\\/09\\\/active-directory-design-considerations-part-6-domain-controller-placement.htm\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2008\\\/09\\\/active-directory-design-considerations-part-6-domain-controller-placement.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Active Directory design considerations: part 6 (domain controller placement and site design)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Active Directory design considerations: part 6 (domain controller placement and site design) - markwilson.it","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm","og_locale":"en_GB","og_type":"article","og_title":"Active Directory design considerations: part 6 (domain controller placement and site design) - markwilson.it","og_description":"Continuing the series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, this post discusses the design considerations for placement of Active Directory domain controllers and the associated site links. Domain controller (DC) placement can have a huge impact on user experience (e.g. the &hellip; Continue reading Active Directory design considerations: part 6 (domain controller placement and site design)","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm","og_site_name":"markwilson.it","article_published_time":"2008-09-23T08:00:38+00:00","article_modified_time":"2008-09-23T08:00:42+00:00","author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"Active Directory design considerations: part 6 (domain controller placement and site design)","datePublished":"2008-09-23T08:00:38+00:00","dateModified":"2008-09-23T08:00:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm"},"wordCount":759,"commentCount":1,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"keywords":["Microsoft Active Directory"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm","name":"Active Directory design considerations: part 6 (domain controller placement and site design) - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"datePublished":"2008-09-23T08:00:38+00:00","dateModified":"2008-09-23T08:00:42+00:00","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"Active Directory design considerations: part 6 (domain controller placement and site design)"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":1218,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-8-summary-and-further-information.htm","url_meta":{"origin":1216,"position":0},"title":"Active Directory design considerations: part 8 (summary and further information)","author":"Mark Wilson","date":"Wednesday 24 September 2008","format":false,"excerpt":"Over the last few days, I\u00e2\u20ac\u2122ve written a series of posts about design considerations for Microsoft Active Directory (AD), based on the MCS Talks: Enterprise Infrastructure series of webcasts. Just to summarise, the posts so far have been: Introduction. Forest and domain design. Organisational Units. Group policy objects. Security groups.\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1203,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-1-introduction.htm","url_meta":{"origin":1216,"position":1},"title":"Active Directory design considerations: part 1 (introduction)","author":"Mark Wilson","date":"Tuesday 16 September 2008","format":false,"excerpt":"A few weeks back, I wrote a series of posts on the architectural considerations for designing a predominantly-Microsoft IT infrastructure, based on the MCS Talks: Enterprise Infrastructure series (Introduction, Remote offices, Controlling network access, Virtualisation, Security, High availability and data centre consolidation). Session 2 of the MCS Talks series looked\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1208,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-5-security-groups.htm","url_meta":{"origin":1216,"position":2},"title":"Active Directory design considerations: part 5 (security groups)","author":"Mark Wilson","date":"Monday 22 September 2008","format":false,"excerpt":"Continuing the series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, this post discusses the design considerations for the creation and use of security groups within Active Directory. First of all, let's recap on the various group scopes.\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1217,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-7-domain-controller-configuration-and-dns.htm","url_meta":{"origin":1216,"position":3},"title":"Active Directory design considerations: part 7 (domain controller configuration and DNS)","author":"Mark Wilson","date":"Wednesday 24 September 2008","format":false,"excerpt":"Continuing the series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, this post discusses the design considerations for Active Directory domain controller configuration and DNS, which is critical to any Active Directory deployment. Whilst the CPU specification for\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":295,"url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/06\/dns-and-operations-master-roles.htm","url_meta":{"origin":1216,"position":4},"title":"DNS and operations master roles placement with Active Directory","author":"Mark Wilson","date":"Thursday 8 June 2006","format":false,"excerpt":"I had a call last night from a client who is implementing Active Directory (AD) in his organisation and was trying to resolve some replication issues. Like so many problems in AD the issue was related to the DNS configuration and once I had made a few configuration changes on\u2026","rel":"","context":"In \"DNS\"","block_context":{"text":"DNS","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/dns"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":315,"url":"https:\/\/www.markwilson.co.uk\/blog\/2004\/09\/active-directory-system-volume.htm","url_meta":{"origin":1216,"position":5},"title":"Active Directory system volume placement","author":"Mark Wilson","date":"Tuesday 28 September 2004","format":false,"excerpt":"I came across a useful tip on the Microsoft website today, entitled \"Why is placing the Sysvol directory on a separate partition a good practice?\" As links like this have a habit of disappearing from the Microsoft website, I've reproduced the content below: \"The System Volume (Sysvol) shared directory is\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/1216","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=1216"}],"version-history":[{"count":0,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/1216\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=1216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=1216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=1216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}