I am asking these questions to know what are the Microsoft recommandations for newly created enterprises (100 employee with 2 licences of Microsoft Windows Server 2008 Standard Edition) 1- how many domain controller should be used? 2- How many DNS server should be used? 3- What are the recommandations for the DNS service? 4- How can I apply strategies on user? 5- What is Active Directory replication and how to configure it? 6- Do I need a cluster for a domain controller? 7- How can users choose a domain controller to communicate with? 8- Do I need a WINS server? 9- How many DHCP server do I need? 10-What are Microsoft recommandations for DHCP service?

1- I recommand to you to use at least two domain controllers so that if one of them is down the other one will still reponding users. This link is about how to install a domain controller for windows server 2003 but it is the same thing for windows server 2008: http://technet.microsoft.com/en-us/library/cc759011%28WS.10%29.aspx This link is about how to install an additional domain controller: http://technet.microsoft.com/en-us/library/cc733027%28WS.10%29.aspx

2- I recommand to you to use at least two DNS servers so that if one them is down the other one will still responding users. I recommand also that you configure one of them as a primary DNS server and the other one as a secondary one on client computers. This is a link about how to install a DNS server on Windows Server 2008: http://www.zdnetasia.com/install-a-dns-server-in-windows-server-2008-62040433.htm

3- In your case, I recommand to you to integrate your two DNS servers in Active Directory so that you will be able to: -Avoid the DNS pollution attack (client computers should be authenticated before upgrading their DNS records) -Use the Active Directory replication to replicate DNS zone modifications -Have more a primary DNS zone (In your case you will have two DNS servers that accept DNS records updates) This is a link about how to integrate the DNS service in Active Directory: http://www.ehow.com/how_4536697_configure-dns-integration-active-directory.html

4- You can apply strategies on users and computers with the use of GPOs (Group Policy Objects). Have a look to this link, it is about GPOs: http://www.windowsecurity.com/articles/Group-Policy-Management-Console.html

5- Active Directory service use Active Directory replication to replicate changes like user and computer accounts creation, created and applied GPOs, DNS integrated zones changes ... This is a link that will explain to you how Active Directory Replication Topology works: http://technet.microsoft.com/en-us/library/cc755994%28WS.10%29.aspx

6- You can use two domain controllers without clustering. If one of your domain controller is down, the other one will ensure the service continuity. So, like that you will have an Active Directory environment that is ensuring high availability for the Active Directory service. If you want to use cluster, this will ensure a higher availability.

7- Users are not able to choose a domain controller to communicate with. The domain controllers are chosen via two possible ways: a- The sites configuration: computers will communicate with domain controllers in their sites if they are available. b- DNS SRV records priority: The domain contoller having the lowest SRV records priorities is the domain controller that is priviliged. In your case its is the DNS SRV records priority that will specify the chosen domain controllers. By default the priorities are equal to 100 and it is for that half of the traffic will go to the first domain controller and the other half will do to the second domain controller.

8- If your DNS configuration is OK, you don't need a WINS server. WINS servers are used to solve NetBIOS names (They can also solve DNS names if a DNS server does not have a possible resolution). DNS servers are able to solve DNS names and also NetBIOS names if your client computers are well configured So, with the use of the DNS service you can do both resolution and you don't need to have a WINS server.

9- You can use an only one DHCP server, but, I recommand to you to use two DHCP servers. Configure each one to be able to assign the half of possible IP addresses of your scope so that if one of them is down the other one will continue to assign IP addresses. This is to ensure the high availability of your DHCP service. This is a link about how to install and configure the DHCP service on Microsoft Windows Server 2008: http://www.windowsnetworking.com/articles_tutorials/How-to-Install-Configure-Windows-Server-2008-DHCP-Server.html

10- The Microsoft recommandation for the DHCP service is to use the Microsoft 80 / 20 DHCP rule. This means that you should have at least two DHCP servers, one of them will be able to assign 80% of the IP addresses of your DHCP scope. The other one will be able to assign 20% of the IP addresses of the DHCP scope. The DHCP that will be used is the one which hosts the 80% IP addresses of the scope and if this one is down the other one will be used to ensure the DHCP service continuity.

Thank you for the links you gave to me but what should I do exactly to install the two domain controllers? Please describe all the needed steps.

Follow these steps to install the first domain controller: 1- Give your server a static IP address (for the primary DNS server specify 127.0.0.1 as its IP address) 2- Run DCPROMO on the first server 3- Specify the DNS and the NetBIOS name of your domain 4- Specify that you that this DC will be also a DNS server 5-Specify the AD recovery password (Don't forget it, maybe one day you will need it) 6-Finish the install and restart the server

Follow these steps to install the second domain controller: 1-Give your server a static ip address (for the primary DNS server specify your installed DNS server IP address) 2-Specify that you will install an additional domain controller 3- Finish the install and restart your server If these steps are done you will have two domain controllers. Please mark as an answer and helpful my replies that helped you. Best regards.

After the install of the two domain controllers, what should be done for the DNS service? I've got one DNS server installed

You should install the DNS service on the second domain controller. After the install is performed, create a primary zone with DNS name of your domain and integrate it in Active Directory. After a while the DNS records will be replicated and all will be OK. After the DNS records had been replicated, specify the 127.0.0.1 IP address as the IP address of the primary DNS server on the second DC.

I suggest to you to have a look at the FSMO rules. This is a link about the best practises for assigning FSMO rules: http://windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html

Thank you for the replies. That helped me soo much. Cheers.

Just a remark. In your case you are using an only one domain so I recommand to you that both of your DCs have a GC (Global Catalog). This is a link about how to configure a GC on DC: http://www.petri.co.il/configure_a_new_global_catalog.htm Best regards.

Suspicious Activity Identified - Locking Thread.