Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 475
  • Last Modified:

Failover for Window 2000 active directory service ?

Is there any way to build a failover server for Window 2000 server that with active directory service installed ? Once the primary Active Directory Server down, the FailOver server will be running up.



0
joehuang
Asked:
joehuang
  • 5
  • 2
  • 2
1 Solution
 
NevaarCommented:
How about a second W2K domain controller in the same domain?

They should both register their resources in DNS, so any workstations should have access (via DNS) to the names and locations of both domnain controllers/AD servers.
0
 
joehuangAuthor Commented:
We do have a second W@K ADS Domain controller here, but the problem is that administrator has to configure RID/PDC/Insfratructure thru Active Directory Users and Computers, and something else that I read from TechNet.
I have done a test that I shutdown the Primary Domain Controller, no user can login to the network even the 2nd DC online. in order for user to logon to network, the RID/PDC/Infrastructure need to be modified on BDC befor PDC shutdown. This is a lot of different than NT4 that BDC still authenticate the net logon, even PDC offline.
It does not make any sense why Microsoft creat a such drawback in Win2k ADS. Please correct me, if my concept is wrong.

This is a reason that I am looking a tool to build a Failover server for OS/Domain Controller failure. I hae found a solution from http://www.marathontechnologies.com , but We do not need such big system.

Does Microsoft Clustering Serveice handle OS Failove for Domain Controler ? or It only handle the application failover ?
0
 
NevaarCommented:
The lack of RID, PDC & Infrastructure roles will not keep a user from being able to logon to a domain.

However, the lack of a DHCP and/or DNS server would.  Is you primary server the only DHCP and DNS server that you have set up?
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
NevaarCommented:
Oops, I almost forgot.  A missing Global Catalog server would cause you problems too.
0
 
st_steveCommented:
If you need to shut down the PDC often, BEFORE you shut it down, "transfer" the PDC Emulator role (from Active Directory Users and Computers) to the second domain controller. Transfer the role back to original PDC when it's up again.

You should only seize the roles if you know for SURE that the old machine will NEVER be online again. Many recommend if you SEIZE a role, you format the hard drive of the machine which held the role originally.

As Nevaar alreasdy mentioned, you also need DNS for AD to function and for clients to locate the nearest PDC.

On another note, if you need to shut down a machine often, that computer shouldn't be running any of the FSMO roles.

You need to be at least Domain Admin to modify these rights. You wouldn't want anyone to modify what server holds what FSMO roles, would you??
0
 
st_steveCommented:
Under Windows 2000, every DC is the same except:

PDC Emulator:
Controls user authentication
Time synchronisation within the domain (required for Kerberos)

Infrastructure Master:
Manages group membership changes (doesn't function if the machine is also a Global Catalog Server), being a GC, Infrastructure Master can't tell whether group memeberships have changed.

Relative ID Master:
Manages new accounts creations, GUID = DomainID + RelativeID

Schema Master:
Controls Modifications to Schema, the backbone of AD

Domain Naming Master:
Controls adding and removing of Domain names

Schema and Domain Naming are "forest-wide" roles (only one in each forest), the rest are "domain-wide" roles (one in each domain).
0
 
NevaarCommented:
What type of clients are you running (W98, NT 2K, XP)?  Are they running NetBios int addition to TCP?
0
 
joehuangAuthor Commented:
There is only one DHCP service on Primary DC, DNS service on each of  Primary DC and Second PC. w98/NT/2K/XP are the client running NetBios/TCP. This is a good reminder plus GC, once Primary DC down, DHCP Clients can not lease the iP address from any DC, because there is only one DHCP server.  

So, if the Primary DC dead suddenly, there is no chance to modify the role with PDC on line, how to make second DC become Primary DC ?


 
0
 
NevaarCommented:
In terms of Active Directory from the client perspective, there is no such thing as a primary or secondary DC. This is not an old style NT domain.

You should set up a DHCP server (with a smaller scope) on the second DC.  Also make sure that you have both DNS servers listed in the DNS server option on your DHCP server scopes.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 5
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now