For a small Active Directory managed network (say 30-50 DHCP clients) should I have a domain controller (and then somehow another one as a failover) hand out IPs via DHCP or should I just let my router do it?
Just an update, fyi: We have two brand-new machines running as AD, DNS, etc. servers so we've got a nice setup going there. Just wondering if it makes sense to check the "DHCP" box on one or both of them as well, and turn it off in our router.
I'd hand out IP addresses with the Windows DHCP server. It's nicer than any router's DHCP server I've ever seen (as far as the management interface and displaying statistics). Perhaps I've grown soft w/ my age, but I prefer the GUI management in Windwos for DHCP Servers.
Having a secondary domain controller (also assigned the "Global Catalog" role) is a great cheap insurance policy. If you're not going to store any data on it then it doesn't have to have a "set the world on fire" disk subsystem or hardware redundancy. It's just really, really nice in a disaster scenario to have a second copy of AD around.
I'd have both DC's run DNS and "point" clients at both. You can configure both with either "root hints" or "forwarders" to your ISP's DNS servers-- your choice.
As far as a secondary DHCP server goes I'm fairly "down" on the behaviour of Microsoft DHCP Server when you have two overlapping DHCP servers. The behaviour becomes nondeterministic since they don't coordinate their activities (i.e. a client will get a lease from the first one that responds). My solution is to make sure that the DHCP database is backed-up each day and, in the event of failure, I'll manually roll the DHCP backup onto the secondary node and bring DHCP up there. Running 8+ day DHCP leases helps with this, too.
Perhaps I'm not paranoid enough, but in environments the size you're talking about w/ properly spec'd server computer hardware (UPS, redundant power supplies, RAID) I just don't "lose" server computers all that frequently enough to be worried sick about DHCP failover.
It is always good practice to have (even for a small network), to have a main dc and a fail over dc.
For example:
Primary Box:
Secondary Box:
With a setup like this you have room for scalability and more control over your environment. This is similar to what I have implemented for my network.
Also it can be good practice to have a gateway server (connected to your router), that has an external network separate to your internal network. This way internet traffic can be properly controlled and fire walled.
Just FYI, you can run DHCP on a box that is not a DC, and you don't need Active Directory to use DHCP. But with 30-50 clients, I would recommend an AD setup assuming they are all Windows machines.
I'll second running the Windows DHCP server rather than the router. Then the DHCP server will update DNS records for you for clients that won't do it on their own. Granted Win2000 and up do, but maybe that would help for Macs or Linux(?).