Link to home
Create AccountLog in
Avatar of ircpamanager
ircpamanager

asked on

Win 2003 PDC BDC

Hello everyone,
I have a quick question. I have been reading that there is not really a PDC and BDC with Windows 2003.
If this is the case how does failover work. right now if our PDc is shutdown, you can't login unless you reboot the pc you are trying to login with. Both BDC and PDC have DNS on them. Should our PDC be the primary DNS and and BDC be the secondary? they are both primary AD intergrated right now.
Thanks in advance
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

failover is the wrong word.  In NT4, the PDC was the ONLY writable copy of the user database.  All the BDCs were read-only.  In Active Directory ALL DCs have writable copies and they replicate with each other.  There are 5 FSMO roles that ensure that, for example, no two DCs give out the same SID (RID Master handles this).

As for DNS ,It doesn't matter which is primary and secondard and if it's AD integrated, it shouldn't matter which one anything points to.

More likely, you haven't made more than one DC a GC (Global Catalog).
A AD domain can run in two modes: native mode (in which all DCs are windows 200x machines) and mixed mode (whereby DCs could also be "legacy" NT windows machines).

When the computer is running in native mode, there virtually no BDC involved. Any of the DCs could typically authenticate users, etc... The mixed mode was actualy implemented to make the process of migrating from windows NT domains to windows 200x domains and therefore, introducing a compatibility layer in the process. Windows NT domain would have a BDC on the network hence, when running in mixed mode, there must be a BDC.

Whenever there is no Windows NT domain controller, make sure you are running in Native mode - bear in mind though that once converted to Native mode, you cannot revert back.

Cheers,
R.
Avatar of ircpamanager
ircpamanager

ASKER

thanks for the response.
All the client machines are Win XP. I kinda understand no more PDC and BDC. I can leave both dns as primary intergrated with AD. I guess I will rephrase my question. Is there anyway to have so when one DC fails the other authenticates users trying to login and direct them to exchange box for email?

leew What do you mean by "More likely, you haven't made more than one DC a GC (Global Catalog)."
ASKER CERTIFIED SOLUTION
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
ok my second DC is already a Global Catlog. There is no dhcp server setup on it, so added that and split ip addresses so not to overlap. Can only one DC have the FSMO roles at one time?
It seems there is no real "fail over". Our situation is when the Master DC shutdown, you can't login or get email. It has worked before if you reboot exchange and client pc.
Yes only one machine can hold a particular FSMO role at any one time.
Have you set up the DNS on the clients so that one DC is the preferred DNS server and the other is the Alternate DNS server? You can do this manually or via the DHCP options - if the latter then you need to set it on both DHCP servers.
KCTS
what if master DC hardware fails and is no longer bootable. How does one transfer FSMO roles from Master to Second DC?
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
My previous post contained a link to  http://support.microsoft.com/kb/255504 which explains how to tranfers and seize roles.

so basically I should transfer FSMO roles to second DC just incase first DC goes down for a while?
IRC

Yes, you can have one DC hold all the roles, but I wouldnt reccommend it.   2 on one, 3 on the other is fine.

Here is a list of the 5 roles, and what they do.  

http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm

So it is fault tolerant, but not completely.  A DC that dies can still have a role that he was holding taken away from him "post mortem" to allow the environment to continue working, the "siezing" that is described in an earlier post.  

Just make them both DNS servers (I would even point them to each other for DNS, this makes sure that they update the records on each other), split the DHCP as you have already done, make them both GC's, split the roles, and make sure that they are both listed in all clients DNS settings as DNS servers (primary and secondary, through DHCP).  If one dies, just figure out which roles he held, transfer or sieze those roles to the other server, and get him back up when you can.  

As long as your clients can find a DNS server,  DC and GC (which both boxes should be) then you should NOT have problems logging in when one dies, or gets taken offlline.  Failover?  Not really.  Fault Tolerant?  Yes.  

Danno
ok thanks from everyone.