[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1057
  • Last Modified:

active directory disaster recovery

Hi!

1. I am working on disaster recovery and i want make sure if my hard disk crash of domain controller than how i use my additional domain controller as a domain controller.
2. i make domain controller on windows 2003 standards server  and additional domain controller on windows 2003 standards server(both have DNS).
3. now i switch off my domain controller and seize FSMO on additional domain controller by these command
ntdsutil.exe <enter>
role <enter>
connections  <enter>
connect to server localhost <enter>
quit <enter>
seize schema master <enter>
seize domain naming master <enter>
seize RID master<enter>
seize PDC  <enter>
seize infrastructure master <enter>
quit
quit
note:- when i try to seize it show ldap connection error
4. finally i check FSMO role holder and i found additional domain controller as FSMO role holder but i get error when i try to make new OU or new user that domain controller not contain Global catalog

Error :-- domain not contain global catalog when i try to make new user or new OU

0
sitg
Asked:
sitg
  • 4
  • 4
1 Solution
 
Hypercat (Deb)Commented:
Hosting the Global Catalog is not an FSMO role. It is defined through the GUI in AD Sites and Services, under the server name/NTDS Settings/Properties.  I don't know off-hand how or if you can do this using NTDSUTIL. However, since there can be more than one global catalog in a domain, you can make your second domain controller a global catalog server and leave it that way.
0
 
KCTSCommented:
Global catalog is required for universal group membership enumeration - for resilliance you need to install it on multiple DCs in the domain: Go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox.

Also make sure that clients are configured with the IP of one DC/DNS server as the preferred DNS server and another DC/DNS server as the alternate DNS.

If you are using DHCP you might want to consider sprading this across multiple servers as well
0
 
sitgAuthor Commented:
no i have not change global catalog in ADC i just seize FSMO role by ntdsutil. and try to make new user than i get error. can u tell me in detail now how i change my global catalog since i found to two entry in Sites and Services ( old domain that replicate to ADC adn ADC replicate old domain ).
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
KCTSCommented:
You can have multiple Global Catalogs.

Go to the machine(s) that you want to be Global Catalog Servers. Open to Administrative Tools. Open Active Directory Sites and Services, Expand->Sites->Default first site->Servers.

Right click on the server name and select properties and tick the "Global Catalog" checkbox.
0
 
sitgAuthor Commented:
ok KCTS,
tell me one thing more.........
when we use Domain Controller and Additional Domain Controller in production environment and if Domain Controller have any problem(like power off, network failure or hard disk crash) than domain user should automatically go on ADC( Additional domain controller) or we have transfer/seize FSMO role for this?

if i want domain user shift automatically on ADC  for this should i use multiple Global Catalog?        
0
 
KCTSCommented:
providing that you have a second DC and that the client is set up with an alternate DNS server and that a global catalog is available there is no need to move the FSMO roles.

While the FSMO roleholder is down some operations - like modifying the domain structure will not be possible, but other than this the domain can continue without the FSMO roles for a considerable time (several weeks).

If you are planning to bring a server down for some time then by all means tranfser the FSMO roles (see http://www.petri.co.il/transferring_fsmo_roles.htm).

If the FSMO roleholder fails - and cannot be recovered then seize the roles (see http://www.petri.co.il/seizing_fsmo_roles.htm) and remove the failed DC (see http://www.petri.co.il/delete_failed_dcs_from_ad.htm)

You should only seize as a last resort and once done the original FSMO holder should not be brough back online
0
 
sitgAuthor Commented:
thanks KCTS,

one more thing i am not understanding this means that was on petri's site.................

Note: Do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest.

............because if i have only two DC and FSMO role holder's hard disk crash than i have to seize FSMO role on other DC and i have to seize Infrastructure Master role too. as i told previous in question  i am getting error when i make new user or new OU for Global Catalog. i want to know should i seize IM role or not since i know my old FSMO holder can't be live in future?
0
 
KCTSCommented:
If you have a single domain then you don't need to worry about this, it only comes into play with muliple domains in a forest.
0
 
sitgAuthor Commented:
thank u very much KCTS and thanks hypercat too.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now