Example: Determining Domain Controller Placement
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Figure 3.12 shows an example of a completed Domain Controller Placement worksheet for Trey Research, which has offices located in Seattle, New York, Los Angeles, Boston, Phoenix, and Washington, DC. Users from three domains exist in the organization: the forest root domain, and the EAST and WEST domains. Seattle is the hub location for Western locations and New York is the hub location for Eastern locations. For each location, Trey Research documented the names of the domains, the number of users for each domain, and the type of domain controllers needed.
Figure 3.12 Example of a Domain Controller Placement Worksheet
The following decisions were made regarding placement of domain controllers at each location based on WAN link speed between locations, number of users per domain, the need for users to access resources across the forest, and logon performance over WAN links:
The PDC emulator for the WEST domain is placed in Seattle because it includes the largest number of users from the WEST domain. The PDC emulator for the EAST domain is placed in New York because it includes the largest number of users from the EAST domain.
Because Trey Research includes a large number of users that are distributed across different geographic locations connected by a wide area network (WAN), two regional domains are created (EAST and WEST) to reduce replication traffic over slow WAN links. Regional domain controllers hosting the WEST domain are placed in Seattle, Los Angeles, and New York. Regional domain controllers hosting the EAST domain are placed in New York, Boston, Seattle, and Washington, DC. At any given time, an average of 200 mobile users from the WEST domain travel from Seattle to the New York location. Therefore, regional domain controllers hosting the WEST domain are placed in New York so that these mobile users belonging to the WEST domain can log on locally at the New York location. Similarly, at any given time, an average of 200 mobile users from New York travel to the Seattle location. Therefore, regional domain controllers hosting the EAST domain are placed in Seattle so that mobile users belonging to the EAST domain can log on locally in Seattle.
Because domain controllers from both EAST and WEST domains are placed into the Seattle and New York locations respectively, the resulting network traffic for replication is similar to the replication traffic created if Trey Research had deployed a single domain forest. However, because there are additional locations (Los Angeles, Phoenix, Boston, and Washington, DC) that are connected to the Seattle and New York hub locations through slower network links, and none of the users from these satellite locations will travel to these hub locations, Trey Research will still save network bandwidth caused by replication.
Because Phoenix has only 20 users from the WEST domain and users at the Phoenix location have acceptable logon performance over the WAN link between Phoenix and Seattle, the organization decides not to place any regional domain controllers in Phoenix. Users in Boston require local authentication at all times but do not have 100 percent WAN link availability between New York and Boston. Therefore, a domain controller hosting the EAST domain is placed at the Boston location.
The TRCCORP forest root domain controllers are placed in Seattle and New York because they are hub locations in the Trey Research forest. Shortcut trusts are created between the WEST domain and the EAST domain because users in Boston need to regularly access resources from the WEST domain.
Global catalog servers are placed in Seattle, Los Angeles, and New York because each location hosts more than one hundred users. A domain controller with universal group caching enabled is placed in Boston instead of a global catalog server because that location has only 80 users and does not include any applications that require a global catalog server.
Washington, DC hosts only 50 users from the EAST domain, and does not have 100 percent WAN link availability between New York. Additionally, no applications that require a global catalog server are running at this location. Because Washington, DC has less than 100 users and also no application that requires a global catalog server is running at this location, no global catalog server is placed in Washington, DC. The users in Washington, DC need local authentication at all times, hence a domain controller running Windows Server 2003 is configured for universal group caching and placed there to facilitate user logon requests.