G->TechLink: G->Pointer's Technology Link

For those playing with networking at home and who have an Domain Controller with Active Directory set up (although it would not be needed) and likely have that main server running as a virtual machine it is interesting to know if it has any side effects to revert back to old snapshots. Asking yourself this question, you will pretty quickly find many articles and posts that this would be a bad idea. The why is likely not found so quickly. The linked blog post nicely explains why. In short: You do not want your update sequence number (USN) getting out of sync. Furthermore starting with Windows Server 2012 cloning an AD server IS supported. Sources: Virtual Domain Controller Cloning in Windows Server 2012 Never Snapshot a Domain Controller! Here’s Why… Snapshots and Domain Controllers - Are they ALWAYS bad??? Keywords: Windows Server, Active Directory, Domain Controller, Virtualization, Snapshot

By default a domain controller is a read/write domain controller. So, it can be used to authenticate against it, but also to e.g. set a new password. That password will then be replicated out to other domain controllers on your network. Why would you need a read-only domain controller now? In short: for security reasons (not performance, availability, ...). The assumption is that remote offices will be less secured than the company headquarters for many reasons (e.g. reducing IT costs on security). As such it is handy to have a local domain controller that clients can use to authenticate on-site. Yet, those should not be allowed to replicate data back to the central system, as they are assumed to be more vulnerable to attacks and breaches than the (hopefully) fortified HQ. Sources: Introduction to Active Directory Infrastructure in Windows Server 2012 @ ~20:00

For those playing with networking at home and who have an Domain Controller with Active Directory set up (although it would not be needed) and regularly shut down that main server it is interesting to know if it has any side effects. As long as you do not keep the Domain Controller shut down longer than the days set for the Active Directory forest's tombstone lifetime you should be safe. ADSIEdit can be used to check the set tombstoneLifetime for that particular server. The default for Windows 2008 R2 and upward is 180 days. See the linked TechNet article on how to determine the tombstone lifetime for the forest. Sources: DC offline for 2 months, best way to handle? Determine the tombstone lifetime for the forest Keywords: Windows Server, Active Directory, Domain Controller, TSL, Tombstone Lifetime

On first glance it might be tempting on smaller networks to put the Windows Server Update Services (WSUS) on the DC; it won't drag that much performance, right? But no, according to MSDN the impact will be "If WSUS is installed a domain controller, this will cause database access issues due to how the database is configured." Sources: WSUS: WSUS should be installed on a non-domain controller Guidance about WSUS on a Domain Controller Step by Step : Installing & Configuring WSUS in Server 2012 R2 Step by Step : Installing & Configuring WSUS in Server 2012 R2, Comment Keywords: Windows Server 2012 R2, Updates, WSUS, Domain Controller

Quite moderate minimum requirements for the basic hardware requirements, but depending on usage (as always) the more RAM the better. Processor Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core) Memory Minimum: 512 MB RAM Disk Space Requirements Minimum: 32 GB or greater Usually the question also goes hand-in-hand with the other tasks that machine can perform: "There are certain roles that typically get folded in with the domain controller in all but the biggest networks (e.g. DNS/DHCP/WINS/Cert Server) with little harm." "There are some that get folded into a DC and will cause performance issues on all but the smallest networks (e.g. File Server/intranet server/WDS Server) but these issues are probably manageable depending on load. These previous two classes of role are a case of a balancing act, how concerned you are about performance on your DCs vs. the resources you have available to provision your network. It's b...