How many ADS server do I need?

[David]

Hi,

I have a windows NT4.0 Domain with 400 windows XP
clients, I want to upgrade to W2k domain. How many ADS,
DNS, and DHCP server do I need to implement? I am
thinking of the following to guarantee the fault
tolerance:
Server1: will be ADS Global Catalog
Server2: will be ADS + DNS Primary + DHCP
Server3: will be ADS + DNS Secondary + DHCP

Thanks.
DawoodR

 

[Simon Geary]

You should have at least two global catalogues for redundancy. For a 3
server network, I would make them all a GC. Also, you are no longer
restricted to Primary\Secondary DNS, use AD integrated instead on all three
servers.
3 DC's for 400 users should be plenty.

 

[Dave Shaw [MVP]]

How about this idea:

Server 1 - AD/GC/DNS Pri/WINS/DHCP
Server 2 - AD/GC/DNS Pri/WINS/DHCP

-ds

 

[John]

DO NOT put DHCP on a DC!!!!
This is poor security practices and not recommended by MS.
Especially if you have DHCP registering all records. If you do then the DHCP
server has to go into the DNSUpdateProxy group. This is to ensure that they
don't take ownership of the records in DNS that they update. Otherwise the
client will not be able to update themselves. Now If the DHCP server is a DC
it no longer will own it's own record in DNS and is a prime target to get
hacked and have the entry changed to redirect people to other servers. NEVER
put DHCP on a DC!!
I would also not have primary and secondary DNS but an AD integrated and
have DNS installed on both DC's
I would also have a second GC

 

[Simon Geary]

A fix for this DHCP security issue was made available in Service Pack 1.
http://support.microsoft.com/?id=255134