Dimensioning the servers properly

Now, let's look at how to actually dimension intended domain controllers:

• Intend to create equal domain controllers in terms of hardware dimensions: It's tempting to place one big server and one smaller server as domain controllers, but consider the possibility of having to move FSMO roles or other loads from one domain controller to another. Since domain controllers are randomly assigned to networking clients inside an Active Directory site, networking clients accessing the smaller server might not enjoy the same performance.
  
• Dimension the intended domain controllers properly in terms of hardware: Domain controllers offer the best performance, when they can cache the Active Directory database, ntds.dit, in RAM. Plan for ample room in RAM to cache up to 4 KB per Active Directory object plus a 10 MB minimum for the main objects and partitions. You should start with the minimum RAM required to install Windows Server then add on the additional memory for AD DS. For physical servers, use RAID and separate spindles for storage of Active Directory related data, when possible. Use hardware that will be covered by the manufacturer's (extended) guarantee, support, and life cycle policies for the period in which you need to rely on the domain controller. 
• Dimension the intended domain controllers properly in terms of software: Use a version of Windows Server that will be covered by Microsoft's (extended) support and life cycle policies for the period in which you need to rely on the domain controller.
  
• Implement the Server Core version of Windows Server, when possible: Server Core installations of Windows Server offer higher availability and smaller attack surface compared to Windows Server installations with the Desktop Experience feature. However, some agents or other software components in use within the organization might not properly run on Server Core installations. In the latter scenario, Windows Server installations with the Desktop Experience feature (called full installations in previous versions of Windows Server) should be performed, obviously.
• Install the latest firmware for devices and/or integration components: On physical boxes you intend to use as a domain controller, install the latest stable firmware for the Basic Input/Output System (BIOS), the storage controller(s), the video card(s) and network interface card(s) (NICs). On virtual machines, implement the latest stable version of the integration components or VMware tools and follow the recommended practices from the vendor of the hypervisor platform. 
• Use a virtualization platform that offers the VM-GenerationID feature: Place virtual domain controllers on a virtualization platform that offers the VM-GenerationID feature. This will offer the domain controller virtualization safeguards that allows administrators to take snapshots of domain controllers without compromising the integrity of the Active Directory database. Also, domain controller cloning is available on these virtualization platforms.