Every business owner understands mitigating risk by not having “all your eggs in one basket” or having a single point of failure. However, we see far too many customers that are operating under high risk either forgetting or not understanding that all domains should have two domain controllers for redundancy.

A domain is simply your network and a domain controller is the special role that provides network logon security. Domain controllers can either be installed on traditional server hardware or virtually on separate physical hosts. Due to the critical security role, these servers should not run applications or share files.

When these rules are not followed, there can be serious consequences:

1. No one can get on the Internet. Besides responding to network logon requests, a domain controller also provides DNS services or conversion of IP addresses to computer names or website URLs. Without a second domain controller for redundant DNS services, you won’t be able to access the Internet even though your firewall and Internet connection are functioning.
2. No one can respond to e-mail. If your one domain controller is down and you have an on premise Exchange or other e-mail server, then you cannot reply to any received e-mail. The reason is because the mail server also relies on a domain controller for DNS services to determine where to send e-mail. Outbound mail will simply stack up in outboxes or in the queue on the mail server until DNS services are restored. [Note: Office 365 is much less cost with higher security and eliminates this problem.]
3. Restore is costly. Unfortunately, most network administrators are neither performing an authoritative backup of Active Directory nor capable of restoring Active Directory. Standard shipment of a new server is a minimum of 5-10 business days. Then you have a half day of operating system installation and configuration. If Active Directory is not restored, all workstations and servers must be rejoined to a new domain with days or weeks of subsequent user and application issues.

Depending upon your environment and requirements, the hardware and software for a domain controller should range between $4,000 and $7,000. With support and backup, the first year fully landed cost should be approximately $10,000 – $12,000. This figure translates to about $25 per month per employee for a staff of 30 people the first year. That cost goes down dramatically per user in following years without product purchase or installation cost.

Considering the potential productivity and data loss, having a second domain controller is very cheap insurance. Based upon a typical hardware warranty of 4 years, most customers will replace one or both domain controllers at that time. In good years, the 179 tax expense will be taken to purchase two domain controllers. In lean years, customers may replace one domain controller and then budget the second domain controller for the subsequent year.

Published by Kevin Fream

Many people don't understand their current situation and become frustrated in business and life, so I created the Delta Method and wrote the #1 Best-Seller "Change Your Game" - as featured at Harvard and NASDAQ as well as national TV news. Streamline your technology for competitive advantage using vetted IT support and take a divergent approach to personal growth. View all posts by Kevin Fream