Solved

Setting up Back up DC

Posted on 2004-08-24
26
173 Views
Last Modified: 2010-04-13
hi I have a PDC on my Network. for this PDC following Settings.

 Windows 2000 Advance Server.
 Dns Server installed on the Same Box
 IP is 192.168.0.209 for this BOX

My Domain Netbiois name is skynetcorp and Dns name is Skynet.local
IN Dns Server I entered a Zone named skynet.local.
IN all the Clients I am using 192.168.0.209 as Primary DNS Address(I added my ISP DNS under forwarders in DNS Server)

So Far Somehow I manage my PDC to work with all the client having no problems.

Now What if my PDC crashes?

There is another Computer on Network. I Ran DCPROMO on it and it has all the user names and OU's in it as well. this means this box is something like BDC? if my PDC Crashes will this Computer Take Over?
if yes then what about DNS. all the clients are using 192.168.0.209 as Primart DNS Address. and the Other Box does not even have DNS Server installed.
Please Advise what should I do on my second Box if my PDC Crashes.

Thanks
0
Comment
Question by:khansoul
  • 7
  • 7
  • 6
  • +1
26 Comments
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

Here goes.

First off all, in 2000 you don't speak of PDC and BDC, you only have Domain Controllers.

>>There is another Computer on Network. I Ran DCPROMO on it and it has all the user names and OU's in it as well. this means this box is something like BDC? if my PDC Crashes will this Computer Take Over?<<

Indeed, the second DC will take over. This is what it's purpose is.. Do make sure to create System State Back-ups of both servers.

>>if yes then what about DNS. all the clients are using 192.168.0.209 as Primart DNS Address. and the Other Box does not even have DNS Server installed.<<

Install DNS on the second server, make sure that DNS is Active Directory integrated, this way if you install DNS on the second server, it will have all DNS entries in it. After that, make sure to give all workstations a second DNS that points to the second DC (Domain Controller). You can do this by using DHCP and give the workstations the two DNS servers.

If you have any more questions, please ask..
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 50 total points
Comment Utility
i agree with rhandels 100% but i would like to add one point,,, in windows 2000 DCs hold 5 FSMO roles and these roles (contrary to popular belief) are not transfered when the DC that holds them goes down.  Yes your domain will probably function normally without them being transferred as long as you aren't doing any major changes to the schema, etc etc  the articles below explain FSMO roles and how to move them:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346

http://support.microsoft.com/default.aspx?scid=kb;EN-US;255690

http://support.microsoft.com/default.aspx?scid=kb;en-us;255504
0
 
LVL 9

Assisted Solution

by:jdeclue
jdeclue earned 100 total points
Comment Utility
The second DC must be configured as a Global Catalog, if it is not, users will not be able to log into the network if the first DC crashes, only Domain Admins will be able to log in. For any AD redundancy you must have at least 2 Global Catalogs.

Go to Active Directory Sites and Services, Open your Site, then open the new server. Right Click on "NTDS Settings" on the left pane and select properties. Check the box for "Global Catalog".

J
0
 

Author Comment

by:khansoul
Comment Utility
> Install DNS on the second server, make sure that DNS is Active Directory integrated, this way if you install DNS on the second server, it will have all DNS entries in it. After that,

After I install DNS on Second Box, I should Add forwarders as well for my ISP in it?, and what should I name the ZONE for this additonal Dns Server? My Domain name is skynet.local


and whats the different B/w Global Cataloge and FSMO.

Thanks
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
the articles in my above post explain clearly what each FSMO roles do,,, the Global Catalog is basically a FULL copy of your local domain database and a partial copy of other domains in you forrest,,, if you have mulitple domains in your forest.


you should name the DNS zone whatever your dns name of your domain is,, ie domain.com or domain.local

yes you should have at least one "real" external DNS server listed as a forwarder,,, ie one of your ISPs DNS servers.
0
 
LVL 23

Assisted Solution

by:rhandels
rhandels earned 50 total points
Comment Utility
Hi,  

>>After I install DNS on Second Box, I should Add forwarders as well for my ISP in it?, <<

Yes, if this server needs to be a back-up DNS server, you do need to do this.. Also make sure that your firewall accepts DNS requests from this other server.

>>and what should I name the ZONE for this additonal Dns Server? My Domain name is skynet.local<<

This server is in the skynet.local domain, so the DNS zone name will still be skynet.local. The servers will have unique FQDN's (Fully Qualified Domain Names) like dns1.skynet.local and dns2.skynet.local

>>and whats the different B/w Global Cataloge and FSMO.<<

Those are both very different things. FSMO roles are roles that only server per domain can have, e.g. the PDC emulator that lets older pc's than 2000 log on, or the schema master which creates chnages within the schema.

A Global Catalog server is a DC whch has some extra "features"..





0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi Mike,

You posted to fast, must be of the decaf.. ;)
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
slow day today,, so i have to keep myself occupied
0
 
LVL 9

Assisted Solution

by:jdeclue
jdeclue earned 100 total points
Comment Utility
Let me explain that a little better, Mike discussed the FSMO roles and he is correct. I was just adding the Global Catalog, as the additional component needed to make the DC truly redundant. You need to do both. My post, is just a little piece that is often overlooked. It is not the answer to the whole question. ;)

J
0
 

Author Comment

by:khansoul
Comment Utility
I wish I knew about DNS like you Guys, But I dont. so i am still confused.

Lets say if my PDC is still up and DNS Zone it has is skynet.local

Now if I Specifiy the Same ZONE name for other box skynet.local, will it create conflicts? Same Zone names for both Servers?


Basicly What I want is, if my PDC Crashes Other DC should take over automatically. I dont want any DownTime.
Thanks
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
THERE IS NO SUCH THING AS A PDC IN WINDOWS 2000/2003
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
your DNS zones should be of the type "active directory integrated"  this will resolve all of your confilcts since they will sync with the Active directory database.   Yes the zone names should be the same
0
 
LVL 9

Expert Comment

by:jdeclue
Comment Utility
When you bring it up as Active-Directory enabled they will share there information because they both read and write to the Active Directory, they will become backups of each other.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:khansoul
Comment Utility
lol.
sorry to piss you off. my bad.
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi khansoul,

If you take our advice (do all the things, also the GC option) you should be good to go with your network, you wont have any downtime from one failing DC.

Here a small thing about DNS.

Every domain (multiple computers that need to work together, let's make it simple) has it's own name eg Microsoft.com. In the Microsoft.com domain, you have a lots of servers, you can have multiple DNS servers within one domain. So if you add the second DC (indeed 200/2003 don't have PDC's or BDC's) to this domain, it will be a member of the same domain microsoft.com (or skynet.local in your case). They will be unique by it's name (as stated before..).
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
im not pissed off,,, its just that those are NT 4.0 terms which are 8-10 years old which is an eternity in the IT world
0
 

Author Comment

by:khansoul
Comment Utility
Thanks Guys.
So before I close the Questions Lets Review. and Correct me if I am wrong.


1. There is one Dc(Global Cataloge) in my Network, Dns name is Skynet.Local
2. That Box has Dns Installed Type (Primary) and zone name is Skynet.Local and all client using its IP as Primary DNS
3. Then I have Additional DC in my Network
4. I will install DNS Server on it with the name Skynet.local but AD Integerated.
5. I will use the IP of this Box for my clients as Secondry DNS Server. (OR if my DC Crashes I will simply Change the IP of this Box to the one that crashed)

Please Correct me if i am wrong.

Thanks
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

You're right... Also, installing DNS on a second server (if DNS is ad integrated) is a piece of cake, just install DNS and it works...
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
have your clients point to DNS servers like this

first DNS server  = ip address of one internal DNS server
second DNS server = ip address of another internal dns server

no need to switch the ips like you mentioned in step 5,,, the switch will take place automaitcally when the client PCs see that the first DNS server is down.
0
 

Author Comment

by:khansoul
Comment Utility
and we can have more then 1 Global Cataolges in Dc's. or I should do it if one DC Crashes?

Thanks
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Right mike, didn't read that right.

Yes, you can have more than one GC in your domain
0
 
LVL 9

Expert Comment

by:jdeclue
Comment Utility
Set the global catalog now, you can't do it after one fails. If you do not have the global catalog on both DC's, then a failure of the DC with the global catalog, will prevent your users from accesing the domain.

J
0
 

Author Comment

by:khansoul
Comment Utility
wow You Guys are Amazing.

This weekend I spent Hours at Barns and Noble, Could not find any book that I need, and did lots of online reseach but was not able to get the answers to the point. You guys helped me and fixed my confusion in matter of minutes.

I think experts should be awarded with something more then the Points. YOU GUYS ARE GREAT. ALL OF YOU

Thanks Again
0
 
LVL 9

Expert Comment

by:jdeclue
Comment Utility
This is a funny one ;) PDC's, BDC's and DC's, oh my....


J
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
We are darn good, aren't we????
0
 
LVL 9

Expert Comment

by:jdeclue
Comment Utility
Let me add one more thing, before everyone leaves...
1 DCs - OK
2 DCs- Not so Good
3 DCs- Redundancy

2 DC's is not a very good option for an Active Directory Structure, Active Directory works best with 1 or 3 DC's. 1 does not have redundancy, 2 can have issues with FSMO roles and Global Catalog, 3 - Allows 2 Global Catalogs and Infrastructe role on seperate server.

J
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now