Is anyone actually running 2 DCs?

[-]

disclosure5@reddit

Uh I'm at an MSP. Most small customers are pure cloud at this point. If you're big enough to have one DC, you're big enough to have two has been our rule for a long time.

Reply

[-]

mnvoronin@reddit

How would you justify going pure cloud to a civil engineering company with 25 staff and 10+ TB of survey data?

Reply

[-]

disclosure5@reddit

If you can afford 10+TB of storage you can afford two DCs.

Reply

[-]

Two DCs on a single box is no better than one DC, and 10+ TB of storage is peanuts compared to the cost of a second box. >That said, the basic Business Premium licensing gives you 1TB of Sharepoint space per user First, MS365 Business licensing is 1TB of Sharepoint space per tenant plus 10GB per user. OneDrive is 1TB per user, but it is not shared. Second, Sharepoint is awful for storing CAD files or raw survey data.

Reply

[-]

NSFW_IT_Account@reddit (OP)

Must be nice being advanced! Most of ours still have a server and hybrid setup.

Reply

[-]

Breadfruit6373@reddit

As the MSP isn't that kinda.. your fault? I suppose you cant force them to listen to you, but I imagine most would.

Reply

[-]

NSFW_IT_Account@reddit (OP)

For which part? If they have a server, the usually need it for one reason or another. As far as spinning up 2 DCs, its a hard sell when they’ve been running off 1 for years with little or no issues.

Reply

[-]

PepeTheMule@reddit

Should probably have 3. 2 is 1 and 1 is 0 in terms out outages.

Reply

[-]

NSFW_IT_Account@reddit (OP)

2 is 1? explain?

Reply

[-]

PepeTheMule@reddit

2 DCs = if one goes down, now you're down 1 one, and if that goes down, you're screwed. Should have 3 to avoid that worst case scenario.

Reply

[-]

NSFW_IT_Account@reddit (OP)

By that logic you should have 4 lol

Reply

[-]

mnvoronin@reddit

Make it 8. On the same box.

Reply

[-]

MajStealth@reddit

2dc´s - if 1 fails, your have 1 left.

Reply

[-]

anonymousITCoward@reddit

MSP here, most of our clients run 2 DC's, event the small ones

Reply

[-]

NSFW_IT_Account@reddit (OP)

On 1 or 2 separate hosts?

Reply

[-]

anonymousITCoward@reddit

Sorry for the lateness, TG and all.. The really small ones are single host, but most are clustered.

Reply

[-]

ZAFJB@reddit

Always at least 2. We have 3, one per building.

Reply

[-]

NSFW_IT_Account@reddit (OP)

What hardware are they running on?

Reply

[-]

ZAFJB@reddit

VMs. We have a physical host in each rack.

Reply

[-]

NSFW_IT_Account@reddit (OP)

You have a physical host at each location? What kind of hardware is it and what does it run other than the DC?

Reply

[-]

ZAFJB@reddit

Dell 7xx servers. Dozens of other Windows and Linux servers distributed amongst the three. For simplicity we try to stick to one server per service.

Reply

[-]

mace73@reddit

2 is the recommended minimum. Used to be MS best practice to even make sure they are on separate hardware whether they are physical or virtual systems. We run at least one at each physical location and multiple in our larger facilities, somewhere around 75 in total across the globe.

Reply

[-]

morilythari@reddit

We run 3. Two VMs in our Nutanix cluster with affinity on different chassis and one physical.

Reply

[-]

NSFW_IT_Account@reddit (OP)

What hardware runs your physical one?

Reply

[-]

morilythari@reddit

Dell power edge R700 series something or other with redundant boot drives, a 12core CPU and I think 32gb of ddr5. DCs don't need much power behind them.

Reply

[-]

NSFW_IT_Account@reddit (OP)

So you have your customers buy a whole separate box just to run a dc?

Reply

[-]

graffix01@reddit

We always keep the old server when it's time for upgrades. Then it's easy to get a second DC without much cost.

Reply

[-]

morilythari@reddit

We are in house IT but you can get a dell box with basically the lowest specs on the list and 5 year PRO support for pretty cheap and its a solid "investment" to not have a completely fucked AD failure.

Reply

[-]

come_ere_duck@reddit

2 minimum. Mid to large business here, we have 4 DCs, two in each major location.

Reply

[-]

Proud_Contribution64@reddit

I run 3

Reply

[-]

AlexHuntKenny@reddit

If you only have one DC, you have no DC and you should keep your phone on.

Reply

[-]

NSFW_IT_Account@reddit (OP)

Story time? Never had an issue with only one but I definitely understand the concern

Reply

[-]

AlexHuntKenny@reddit

Only really had a setup like that when I was helpdesk, but we had too many people making too many cowboy changes and the DC would fail, if you're only on one having break glass and a change management process is sufficient. Helpdesk always got the calls at 2AM when a change failed 🙃 if we had a redundancy built it they could work on changes with little impact. Every time my phone would ring at 2AM I promised the girlfriend dinner. Lots of dinners bought at that company. Dhcp and DNS should have their own redundancies but that's lost money to the c suite.

Reply

[-]

MasterOfPuppetsMetal@reddit

I work in K-12 IT and we have 2 DCs at our HQ for staff and student logins. I believe the ones in our HQ handle logins for all employees as well as most logins for the smaller school sites (K5). We have 2 high schools and they each have their own DC and I believe our largest K-8 site has its own DC on-premises. And if memory serves me right, we have a backup DC at a defunct school site that is in the outskirts of town, but still has power and network.

Reply

[-]

ContentPriority4237@reddit

I've never run fewer than 2 DCs in any Windows environment, each on separate hardware. Geographically separated if possible/budgeted.

Reply

[-]

NSFW_IT_Account@reddit (OP)

Definitely not a possibility to geographically separate a box when most customers only have 1 location. Would be curious to see what that looks like for those that do.

Reply

[-]

ContentPriority4237@reddit

I worked for a place with 3 physical locations, so having BDCs in those offices was no big deal. For places without separate physical locations, you're looking at a server at a colocation service or a virtualized server in Azure or other hosting company with a secure network connection with the PDC's network.

Reply

[-]

cjcox4@reddit

We currently have 4. 2 locations, one being a datacenter, the other being physical address. One physical host DC at each, and one VM DC at each. It's whatever makes sense for your architecture. Having "just one" means a potential very long downtime scenario is more likely to occur. Why two for each "zone" in our case? To minimize (eliminate) downtime for upgrading (be that software or hardware).

Reply

[-]

pdp10@reddit

When we ran MSAD, we ran between one and three Domain Controllers *per site*. Meaning per office. VMware was bad with time slipping in a way that KVM and Hyper-V [probably aren't](https://blog.wikichoon.com/2014/07/enabling-hyper-v-enlightenments-with-kvm.html), so at least one bare-metal ADDC per [black-start](https://en.wikipedia.org/wiki/Black_start) site when the other ADDCs are running in VMware. Today, consider a cloud-first architecture with no MSAD, or alternately, redundant ADDCs on Samba.

Reply

[-]

bageloid@reddit

5. Two at our main Datacenter/Office, Two at our Second largest is presence(One rack, but has an exchange server) and one at our DR site. All other branch locations get nothing, but use Citrix so a local DC isn't as Important.

Reply

[-]

ledow@reddit

I have 2 physical DCs, and 2 DC VMs sitting on a 3-node failover cluster. On a comparatively tiny network. So yes. I wouldn't ever deploy a network without 2 x DCs (and hence 2 x DNS), 2 x DHCP minimum. With the appropriate DC role allocation as per Microsoft recommendations. Maybe... as an MSP... you should advise your clients to follow Microsoft's minimum recommendations.

Reply

[-]

AdeptFelix@reddit

Having a single DC is asking for trouble. If you're gonna have AD, at least two DCs per major site or data center. If you only have two DCs then make sure they're on two different pieces of hardware, either as standalone servers or on separate physical hypervisors. If you have multiple data centers, then the separate hardware requirement is less important. If you have VMs, make sure the hypervisor is sufficiently locking down access to manage or connect to the DC guests. Those are the bare minimum rules IMO.

Reply

[-]

icemerc@reddit

I know I'm a dinosaur, but last rebuild was 4 physical 1U systems for DCs. 2 at each site.

Reply

[-]

Ataal77@reddit

I do a lot of M&A and I would say just about every company we've integrated with fewer than, say 30 employees, all had 1 DC. Heck, most of those aren't even using a hypervisor of any kind. Just one server doing everything. So, I would say that is pretty common among "small businesses." It is not ideal, but those smaller businesses will generally do just enough to get things running. Redundancy is not a high priority.

Reply

[-]

Anticept@reddit

Small business here with a lot of data that is too big for cloud expenses. 2 DCs. It takes 3-4 individual instances of windows server to cover all the basic security of on prem: 2 DCs for redundancy and availability for AD, DNS, and DHCP, one for active directory certificate services, and one for network policy and SSO connectors through things like federated services if needed. Server standard licenses allow you to run two virtual machines per license on the same physical box.

Reply

[-]

magfoo@reddit

Have four at the start. They hardly need any resources, so they don't eat bread.

Reply

[-]

CommanderApaul@reddit

Three minimum on at least two VM hosts. If you only have one VM host then you want a physical one as well. I prefer to have one physical DC in the root forest as an "oh shit the SAN is fucked" option regardless of the VM situation.

Reply

[-]

e_t_@reddit

We have about a dozen DCs. Too many, really.

Reply

[-]

TipIll3652@reddit

We have 1 DC. I've been advocating for a second. I've been told no. My concerns have been documented both in email and in public forum minutes. O well I guess.

Reply

[-]

FKFnz@reddit

I have 3. Two in the hosted datacentre (on different hosts), and one at the largest WAN site.

Reply

[-]

xxdcmast@reddit

Must be an msp for extremely small clients. I’m about 50 dcs across the world.

Reply

[-]

rickAUS@reddit

Also at a MSP, if they aren't running of Entra/InTune the majority of our clients still using AD usually have at least 2, some have 3. The handful that only have 1, only have it for accessing legacy systems which aren't critical LOB apps so having HA isn't that important.

Reply

[-]

DDHoward@reddit

At our primary location, we have one DC on one hypervisor, a second DC on another hypervisor, and an RODC in the DMZ (long story...) We have a third DC at a mission critical location, and two branch locations each have an RODC. So three writables, three read-onlies.

Reply

[-]

Illustrious-Chair350@reddit

I have 3 at 3 sites. If I had one site I would have 3 at one site, 1 DC is crazy.

Reply

[-]

Master-IT-All@reddit

Not for Small business. For small business the number of DCs is generally zero. It's all cloud now.

Reply

[-]

ImpossibleLeague9091@reddit

We have three two at the main site and one at a failover site

Reply

[-]

ParkerPWNT@reddit

2 on the 2 separate boxes is the minimum IMO. Otherwise just use the cloud.

Reply

[-]

Unnamed-3891@reddit

Out of 100+ customers, not one has less than 2 DCs assuming they still run AD.

Reply

[-]

GloveLove21@reddit

We have three, 2 on primary host, 1 at DR site

Reply

[-]

johnfkngzoidberg@reddit

What’s their downtime tolerance? Do they have working (tested) backups? If they have bare metal backup/restore and can handle 4-8 hours of downtime, then sure one is fine. I’m old school so I always push for 2 DC’s, but lots of places (doctors, dentists, insurance branch offices) all have one “server” that doesn’t all.

Reply

[-]

BinaryDichotomy@reddit

Even on my home network I run two. Yes, you should have at least two.

Reply

[-]

im-just-evan@reddit

We have 3, vms on three different boxes.

Reply

[-]

Alzzary@reddit

DCs, DHCP and DNS are the three services that are worth having redundancy. One of them failing will have major business impact.

Reply to Post

64 Comments