It directly depends upon following things and u can think of more. 1. Organization requirements towards security ( intend of your policies and procedures) 2.Oraganizatioin maturity level 3.Application dependencies 4.Availability of service
Really this depends on the szie of your domain. What might be overkill for one domain, might be very sparse for another.
Another big factor is the geographic area of the network. If you had a big office here and a smaller office down the road in a different building, you'd probably be aswell to put a DC in the small office even if you did only have 4 or 5 computers in it, you could even make the DC a global catalogue. But no matter how many DC's you have. A WAN is never truly going to be fault tolerant. For example the sql slammer worm a few years back took down hundreds of WAN's.
The recommended limit of DCs per domain as per Microsoft is 1200
15 seconds.
Select the correct VTP mode and version. Configure the switch with the name of the new management domain. Verify that the switch has a lower configuration revision number than the other switches in the new domain.
When you install Active Directory on a server, you promote the server to the role of a domain controller for a specified domain. When completing this process, you are prompted to specify a DNS domain name for the Active Directory domain for which you are joining and promoting the server.If during this process, a DNS server authoritative for the domain that you specified either cannot be located on the network or does not support the DNS dynamic update protocol, you are prompted with the option to install a DNS server. This option is provided because a DNS server is required to locate this server or other domain controllers for members of an Active Directory domain
Suriname Domain Name Registration, .SR Domain Registration, Suriname .SR Domain, Domain Name .SR, Register Surinamese Domain, Surinamese Domain Names
knowledge consistency checker- it generates the replication topology by specifying what domain controllers will replicate to which other domain controllers in the site. The KCC maintains a list of connections, called a replication topology, to other domain controllers in the site. The KCC ensures that changes to any object are replicated to all site domain controllers and updates go through no more than three connections. Also an administrator can configure connection objects.
Its is recommended just because in case of one fails other server can take over the roles and the network does not crash down.
Replication
Domain Controllers OU
first domain controller in the forest root domain.
yes
Ntds.dit
The recommended limit of DCs per domain as per Microsoft is 1200
Outbound replication is when a domain controller transmits replication information to other domain controllers on a network andInbound replication is when a domain controller receives updates to the Active Directory database from other domain controllers on the network.
The Knowledge Consistency Checker (KCC) is a built-in process that runs on all domain controllers and creates the replication topology for the forest. By default, the KCC runs at 15-minute intervals and designates the replication routes between domain controllers on the basis of the most favorable connections that are available at the time. The KCC creates replication connections between domain controllers in the same site automatically. When there is more than one site, configure links between the sites; the KCC can then create the connections automatically between the sites as well. from: http://technet.microsoft.com/en-us/library/dd277429.aspx
5 Min.
the forest functional level win 2k3 interim,and win2k only do not support windows 2000 domain controllers rest does native and mixed