Not many people know that Microsoft provides a wealth of information useful for designing Active Directory structures. The so called Infrastructure Planning and Design (IPD) series is freely available on TechNet.
Here are a few of the Microsoft Products with IPDs:
- Active Directory Domain Services
- Active Directory Certificate Services
- Exchange Server 2010
- SharePoint Server 2010
- SQL Server 2008
- SCCM 2007 SP1 with R2
- SCOM 2007
- Windows Server Virtualization
Or, if you are feeling bold, download ALL of the IPDs!
The best thing about the IPD docs is the numbers used to determine how many servers to deploy.
For example, here is some extremely useful information for determining Active Directory Domain Controller numbers (from the AD IPD v2.1):
Task 1: Determine Number of Domain Controllers
For each domain in each location identified in Step B1, the minimum number of domain controllers required needs to be identified. The table below describes the minimum number of domain controllers required, based on number of users.
Table 4. Minimum Number of Domain Controllers
User per domain in a site Minimum number of domain controllers required per domain in a site 1–499 One – Single Processor 500–999 One – Dual Processors/Cores 1,000–2,999 Two – Dual Processors/Cores 3,000–10,000 Two – Quad Processors/Cores
For workloads greater than 10,000 users in a site, additional testing should be performed with user workloads to determine the need for additional hardware. Previous guidance stated an extra quad processor system for every additional 5,000 users. However, for authentication-only workloads, this will be overkill for most environments.
If only one domain controller per location exists, consideration should be made for the need to span the WAN to communicate with a domain controller for authentication and access to resources in the event of failure of the local domain controller.
All domain controllers within a domain must be fully aware of all information related to the domain. This is handled by replication of the AD DS database between domain controllers. This replication occurs within AD DS sites and across site boundaries. If the number of replication partners in a given site reaches 15 or more, an additional domain controller should be added to the site. Another domain controller should be added for each additional 15 replication partners.
Review all applications that rely on AD DS data. Some applications, such as Exchange Server, require additional domain controllers in order to function correctly. Evaluate the need for additional domain controllers based on the expected loads and requirements of the applications.
The IPD documents are valuable to the person tasked with design work.