Two SBS DC's

Not too familiar with SBS, is there a limitation to the number of DC's one can use? IE I would like to have one SBS server which will be at a colo and then a second RODC, also SBS at the client site. Is this feasible?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

undomiel

One SBS per a forest, no exceptions. You can put in as many non-SBS DCs as you would like though.

RobertKaucher

Yes, undomiel is very correct. An SBS server must host all of the FSMO roles or it will die after about 75 days.

Hyper-Me

RobertKaucher wrote: »

Yes, undomiel is very correct. An SBS server must host all of the FSMO roles or it will die after about 75 days.

I've never dealt with SBS but doesnt this go against some of the core principals of a well planned AD infrastructure?

I know with SBS there is usually only one DC but having all FSMO's on one server is asking for it. Actually having one DC in general is kind of asking for it.

RobertKaucher

SBS environments are engineered to be small. And by small I mean up to 50 clients. I know MS says 75, but really 50 is the upper practical end IMO.

You have everything hosted on a single server:
DC/DNS/DHCP
Exchange
SharePoint
Terminal Services

The benefit is one of cost. You get all of these wonderful things at a fraction of the cost for what you would pay if you bought separate server hardware and Volume License for the OS, the additional software like Exchange and all the CALs.
The downside is scalability. You are restricted in what you can do by the fact that it must be packaged together.
My home network is descended from an SBS network. It was SBS 2003 that I migrated to Server 2008 and Exchange 2007 standard. We don’t actually use Exchange, it was just for fun. But MS really makes you jump through some hoops.

rsutton

This project I'm working on is for a small 10 person company. And yes cost was the reason they wanted SBS over the full version of Windows server. When you have limited VC funds you can only spend so much on IT.

HeroPsycho

Hyper-Me wrote: »

I've never dealt with SBS but doesnt this go against some of the core principals of a well planned AD infrastructure?

I know with SBS there is usually only one DC but having all FSMO's on one server is asking for it. Actually having one DC in general is kind of asking for it.

How is all your FSMO roles on one server "asking for it"?

For smaller environments, there's nothing wrong with keeping all your FSMO roles on one server. In fact, I don't see the need to split them up in virtually all single domain forests.

And again, you can have multiple DC's along side SBS.

Hyper-Me

HeroPsycho wrote: »

How is all your FSMO roles on one server "asking for it"?

For smaller environments, there's nothing wrong with keeping all your FSMO roles on one server. In fact, I don't see the need to split them up in virtually all single domain forests.

And again, you can have multiple DC's along side SBS.

From Technet:

These automatic operations master role assignments can cause very high CPU usage on the first domain controller created in the forest or the domain. To avoid this, assign (transfer) operations master roles to various domain controllers in your forest or domain. Place the domain controllers that host operations master roles in areas where the network is reliable and where the operations masters can be accessed by all other domain controllers in the forest.

I think not having them all on one DC is primarily for the fact that if one goes down, its more of a headache to have them all down for a bit than just 1 or 2.

Also the Infrastructure master is always said that it should not be placed on a Global Catalog DC unless all DC's are global catalogs.

HeroPsycho

For small environments, all FSMO roles on one DC isn't going to cause a significant enough load to notice any performance degradation unless the box is already undersized.

Also, infrastructure master not being on a GC has two exceptions:

1. All DC's are GC's.
2. There's a single domain in the forest, which by definition would be an SBS environment since SBS based networks are limited to a single domain.

FSMO placement and optimization on Active Directory domain controllers

dynamik

HeroPsycho wrote: »

For small environments, all FSMO roles on one DC isn't going to cause a significant enough load to notice any performance degradation unless the box is already undersized.

Also, infrastructure master not being on a GC has two exceptions:

1. All DC's are GC's.
2. There's a single domain in the forest, which by definition would be an SBS environment since SBS based networks are limited to a single domain.

FSMO placement and optimization on Active Directory domain controllers

Pwndizzled. Not sure why this is even up for debate...

RobertKaucher

I don't think Hyper-me was debating. I imagine he was just trying to work through his understanding, which was skewed by being in a larger environment.

RobertKaucher

rsutton wrote: »

This project I'm working on is for a small 10 person company. And yes cost was the reason they wanted SBS over the full version of Windows server. When you have limited VC funds you can only spend so much on IT.

The SBS cals will cover an RODC at the branch office and they should be able to access any of the services on the main office SBS server via the VPN link or whatever you are using to connect them.

rsutton

RobertKaucher wrote: »

The SBS cals will cover an RODC at the branch office and they should be able to access any of the services on the main office SBS server via the VPN link or whatever you are using to connect them.

Yes that is the setup. Looking forward to implementing it.

RobertKaucher

Good luck and enjoy it! SBS really rocks and is a nice way to get your feet wet in stuff like SharePoint and Exchange.

rsutton

RobertKaucher wrote: »

Good luck and enjoy it! SBS really rocks and is a nice way to get your feet wet in stuff like SharePoint and Exchange.

I'm approaching it backwards I guess. I have been working with these products for a number of years in a (larger) corporate environment. A consulting job I recently took has me working with SBS for a few different clients. I really need to do some reading on the core differences between SBS and the full version of Windows server.

RobertKaucher

Really you have touched on them in this thread. SBS 2008 is Server 2008 Standard.

* SBS 2008 only comes in 64 bit as it runs Exchange 2007.
* The SBS server MUST be the host for all the FSMOs
* There CAN be other domain controllers but the environment MUST be a single domain forest with no external trusts.

That's all the serious stuff I can think of...

Requirements for License Compliance

Hyper-Me

RobertKaucher wrote: »

I don't think Hyper-me was debating. I imagine he was just trying to work through his understanding, which was skewed by being in a larger environment.

Yeah, this says it.

I work in a pretty large environment so redundancy and failover are always primary concerns. Though I guess thats not as prevalent in a single office, handful of users environment.