Archived from groups: microsoft.public.win2000.dns (
More info?)
> 1 domain
> I have 18 small branch offices (less than 150 people/office) that
currently
> come thru the T1 to authenticate.
> Total of 5,000 users coming thru the T1 for authentication.
You will probably see more performance issues
due to the WAN than to the DNS.
Some of those offices perhaps should have DC/DNS
anyway though...
Relevant question:
Are there local domain resources, on an individual LAN,
which are critical to your business?
If yes, that location needs a DC/DNS.*
*Access to domain resources requires domain authentication.
> Currently I have total of (3) Dc's on the main site. If I make the
> PrimaryDNS and SecondaryDNS DC's in order to enable the ADI, that would be
5
> DC's on the main site.
A (likely good) choice if performance of the DNS is
ever an issue, but I would want to take advantage of the
other advantages of AD integration in any case.
Secure updates and multi-mastering are the biggest
benefits (especially to you.)
> > Largest LAN location? General size of other locations?
> 4 major branch offices have one DC/GC per site; about 800 users/machines
on
> remote branch offices.
And these should almost certainly be AD-Integrated DNS server.
If that site is critical (domain resources etc) then you
may wish to consider two DC-GC-DNS servers in
one or more of them.
Replication burden will not increase (these should be
Sites of course) since replication will be on a per site
basis.
Note that AD-Integrated DNS will allow you to update
DNS locally without having to use the WAN.
Also recognize that most people VASTLY overpower
their (dedicated) DCs. A relatively old machine (circa
500-2000 Mhz with as 512 Meg of RAM can do quite
well in most cases.) The OS will cost more than the
hardware.
> As I said before, other small branch offices have less than 150
> people/machines and I let them come thru the T1 since the T1 utilization
is
> really low and that has been working alright.
>
>
>
> > The entire AD database can be loaded (cached) into
> > something like (probably less) 80 Meg so a bit of ram
> > will help. Caching the entire DNS database (whether
> > as part of AD or separately) would only add a negligible
> > amount.
> >
--
Herb Martin
"Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
news:OneHZhC8EHA.3700@tk2msftngp13.phx.gbl...
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:u2m$H187EHA.3236@TK2MSFTNGP15.phx.gbl...
> > "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
> > news:OmpzQo77EHA.3828@TK2MSFTNGP09.phx.gbl...
> >> I have 5,000 computer.
> >> About 15,000 users.
> >>
> >
> >
> > --
> > Herb Martin
> >
> >
> >>
> >> "Herb Martin" <news@LearnQuick.com> wrote in message
> >> news:%23Yha2857EHA.4072@TK2MSFTNGP10.phx.gbl...
> >> > "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
> >> > news:#bwEbf47EHA.1300@TK2MSFTNGP14.phx.gbl...
> >> >> Can you please point me to a complete and updated article on DNS
> > (Win2003
> >> > AD
> >> >> integration) deployment ?
> >> >> I am interested in server performance consideration as well.
> >> >>
> >> >> I understand that on AD-DNS integrated, my existing primary and
> > secondary
> >> >> Windows 2003 DNS servers will be setup as DC's. I am wondering
whether
> >> >> the
> >> >> fact that the DNS serves will be acting as Domain Controllers and
> > provide
> >> >> authentication would make me buy more robust hardware to support the
> >> >> workload ?
> >> >
> >> > How many users/computers do you have?
> >> >
> >> > Most DCs are vastly overpowered unless they
> >> > have other non-DC/non-name-resolution jobs.
> >> >
> >> > DNS adds little to the DC in terms of load, for
> >> > most reasonable size networks, and if you have
> >> > more computers you put in more DCs and with
> >> > more DNS - you will likely run into network
> >> > issues long before you overtax the DNS/DC.
> >> >
> >> >
> >> > --
> >> > Herb Martin
> >> >
> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>