Risks of having only one domain controller

active-directory domain-controller

Solution 1:

First of all, you're looking at things wrong. You're running Exchange and other services on your server as well as Active Directory and DNS. You're doing it wrong. You really want Domain Controllers to only run Active Directory and DNS. You'll run into serious performance issues down the road if you get a medium number of mailboxes in Exchange and it runs on a DC.

That being said, downtime is a real issue. Is your boss OK with users not being able to log in, access file shares, access other SSO technologies that you might leverage for the hours that it will take to do a restore? If you have two DCs (or more) and you have exchange and file services running on separate servers like you should be, then this becomes a very real problem.

As it is, it seems like you already have all of your eggs in one basket, which is a really really bad position to be in. You should be pushing for a dedicated Exchange server, a 2nd DC, and possibly a file/print server. This, of course, depends on the number of users that you have. Even if you do keep Exchange and any file\print services on your existing DC, if it goes down, your network users won't even be able to log in to their machines to even have basic Internet access.

Finally, seizing the FSMO roles is trivial. As long as both DCs are Global Catalogs, you don't even really have to transfer the roles if you're going to be fixing the downed server immediately anyway.

You're already in a bad position. You should be working towards rectifying it by adding the additional infrastructure that you need to eliminate all-or-nothing downtime, not throwing your hands in the air and saying "well we're pretty much screwed anyway."

Solution 2:

The risks are as you stated, but I don't think your Exchange server should have a Single Point of Failure either. With two DC's you add in secondary DHCP, DNS, NTP, and authentication. Likewise, load balancing.

My thinking would also be that you're not always thinking of worst case - say you lose DC1 for a few hours thanks to some bad hardware. You may be back up and running very quickly and in the meantime, DC2 is taking on its tasks quite happily.

Likewise, network outages. If you have a cable or port die, then you're not going to be down long but it's long enough for the users to notice.

You don't need to worry too much about FSMO until it's becoming more serious.

Solution 3:

Most people don't seem to understand the issue here. If you have an imaged based backup solution you can restore your single DC within 10 minutes - muc faster the any other method with 2 DCs having to start replicating again. Tombstone and USN issues don't apply as you only have a single DC. Why would a small company purchase 3 servers (2 dedicated Dcs and 1 Fileserver? - that is total overkill.

Related

ProLiant DL380p not recognising HP hard drives on boot
Microstuttering (mouse/keyboard) after upgrading to 21.10
Add custom shortcut to the GNOME Terminal
What is the package for pycairo in Ubuntu?
How can I permanently change PATH variable in Ubuntu 20.04? [duplicate]
Cannot use sudo apt-get update
"Mute microphone" native button doesn't work - MSI Modern 15 A10M-214XFR
multiple /dev/video devices for 1 camera causing issue with udev rules
How can I get 4K60 output over HDMI 2.0 on my Kaby Lake NUC?
Can I install Ubuntu Desktop on HP Notebook - 15-bs031wm [duplicate]
why is there no name showing at the command line?
How do i revert adding a permenant boot arg from initramfs?