ircpamanager
asked on
Win 2003 PDC BDC
Hello everyone,
I have a quick question. I have been reading that there is not really a PDC and BDC with Windows 2003.
If this is the case how does failover work. right now if our PDc is shutdown, you can't login unless you reboot the pc you are trying to login with. Both BDC and PDC have DNS on them. Should our PDC be the primary DNS and and BDC be the secondary? they are both primary AD intergrated right now.
Thanks in advance
I have a quick question. I have been reading that there is not really a PDC and BDC with Windows 2003.
If this is the case how does failover work. right now if our PDc is shutdown, you can't login unless you reboot the pc you are trying to login with. Both BDC and PDC have DNS on them. Should our PDC be the primary DNS and and BDC be the secondary? they are both primary AD intergrated right now.
Thanks in advance
A AD domain can run in two modes: native mode (in which all DCs are windows 200x machines) and mixed mode (whereby DCs could also be "legacy" NT windows machines).
When the computer is running in native mode, there virtually no BDC involved. Any of the DCs could typically authenticate users, etc... The mixed mode was actualy implemented to make the process of migrating from windows NT domains to windows 200x domains and therefore, introducing a compatibility layer in the process. Windows NT domain would have a BDC on the network hence, when running in mixed mode, there must be a BDC.
Whenever there is no Windows NT domain controller, make sure you are running in Native mode - bear in mind though that once converted to Native mode, you cannot revert back.
Cheers,
R.
When the computer is running in native mode, there virtually no BDC involved. Any of the DCs could typically authenticate users, etc... The mixed mode was actualy implemented to make the process of migrating from windows NT domains to windows 200x domains and therefore, introducing a compatibility layer in the process. Windows NT domain would have a BDC on the network hence, when running in mixed mode, there must be a BDC.
Whenever there is no Windows NT domain controller, make sure you are running in Native mode - bear in mind though that once converted to Native mode, you cannot revert back.
Cheers,
R.
ASKER
thanks for the response.
All the client machines are Win XP. I kinda understand no more PDC and BDC. I can leave both dns as primary intergrated with AD. I guess I will rephrase my question. Is there anyway to have so when one DC fails the other authenticates users trying to login and direct them to exchange box for email?
leew What do you mean by "More likely, you haven't made more than one DC a GC (Global Catalog)."
All the client machines are Win XP. I kinda understand no more PDC and BDC. I can leave both dns as primary intergrated with AD. I guess I will rephrase my question. Is there anyway to have so when one DC fails the other authenticates users trying to login and direct them to exchange box for email?
leew What do you mean by "More likely, you haven't made more than one DC a GC (Global Catalog)."
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
ok my second DC is already a Global Catlog. There is no dhcp server setup on it, so added that and split ip addresses so not to overlap. Can only one DC have the FSMO roles at one time?
It seems there is no real "fail over". Our situation is when the Master DC shutdown, you can't login or get email. It has worked before if you reboot exchange and client pc.
It seems there is no real "fail over". Our situation is when the Master DC shutdown, you can't login or get email. It has worked before if you reboot exchange and client pc.
Yes only one machine can hold a particular FSMO role at any one time.
Have you set up the DNS on the clients so that one DC is the preferred DNS server and the other is the Alternate DNS server? You can do this manually or via the DHCP options - if the latter then you need to set it on both DHCP servers.
Have you set up the DNS on the clients so that one DC is the preferred DNS server and the other is the Alternate DNS server? You can do this manually or via the DHCP options - if the latter then you need to set it on both DHCP servers.
ASKER
KCTS
what if master DC hardware fails and is no longer bootable. How does one transfer FSMO roles from Master to Second DC?
what if master DC hardware fails and is no longer bootable. How does one transfer FSMO roles from Master to Second DC?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
My previous post contained a link to http://support.microsoft.com/kb/255504 which explains how to tranfers and seize roles.
ASKER
so basically I should transfer FSMO roles to second DC just incase first DC goes down for a while?
IRC
Yes, you can have one DC hold all the roles, but I wouldnt reccommend it. 2 on one, 3 on the other is fine.
Here is a list of the 5 roles, and what they do.
http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm
So it is fault tolerant, but not completely. A DC that dies can still have a role that he was holding taken away from him "post mortem" to allow the environment to continue working, the "siezing" that is described in an earlier post.
Just make them both DNS servers (I would even point them to each other for DNS, this makes sure that they update the records on each other), split the DHCP as you have already done, make them both GC's, split the roles, and make sure that they are both listed in all clients DNS settings as DNS servers (primary and secondary, through DHCP). If one dies, just figure out which roles he held, transfer or sieze those roles to the other server, and get him back up when you can.
As long as your clients can find a DNS server, DC and GC (which both boxes should be) then you should NOT have problems logging in when one dies, or gets taken offlline. Failover? Not really. Fault Tolerant? Yes.
Danno
Yes, you can have one DC hold all the roles, but I wouldnt reccommend it. 2 on one, 3 on the other is fine.
Here is a list of the 5 roles, and what they do.
http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm
So it is fault tolerant, but not completely. A DC that dies can still have a role that he was holding taken away from him "post mortem" to allow the environment to continue working, the "siezing" that is described in an earlier post.
Just make them both DNS servers (I would even point them to each other for DNS, this makes sure that they update the records on each other), split the DHCP as you have already done, make them both GC's, split the roles, and make sure that they are both listed in all clients DNS settings as DNS servers (primary and secondary, through DHCP). If one dies, just figure out which roles he held, transfer or sieze those roles to the other server, and get him back up when you can.
As long as your clients can find a DNS server, DC and GC (which both boxes should be) then you should NOT have problems logging in when one dies, or gets taken offlline. Failover? Not really. Fault Tolerant? Yes.
Danno
ASKER
ok thanks from everyone.
As for DNS ,It doesn't matter which is primary and secondard and if it's AD integrated, it shouldn't matter which one anything points to.
More likely, you haven't made more than one DC a GC (Global Catalog).