hi,
we have multiple sites and subnets on different vlans. most active directory sites and services have two domain controllers.
we have had a few projects come up where we have had to create a couple of servers on different subnets but creating ad controllers is not really needed.
my question is.... should we really be creating ad controllers in each zone regardless as best practice? at the moment we are just pointing the smaller zones to a larger zone for ad authentication and using the firewall to direct traffic to the ad controllers.
Is this method ok or should we be doing this different?
Thanks
phill