domain controller cluster

Posted on 2008-06-25
Last Modified: 2012-05-05
Dear Expert,
currently i m having domain controller installed on windows server 2003.

Now I am plannig move on to clustered DC.I have two Identical servers to do so.

Now my question is whether it is recommended? What are the steps i should folow?


Question by:sandeepthete
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
LVL 13

Accepted Solution

TheCapedPlodder earned 55 total points
ID: 21864548
This is not a best practice.  In fact I doubt it's even possible.

Build each server as Windows 2003 Standard and promote them to be domain controllers.  Active Directory automatically replicates with other domain controllers in the same domain and provides complete fault tolerance (with the exception of FSMO roles).

Make sure you install DNS on both servers and created your DNS zones as AD integreated.  Also ensure you make both DC's global catalogs.

You'll save yourself a bundle on Enterprise Edition licenses and shared disk.

Author Comment

ID: 21864806
thanks..but its not all abt saving money.I have already bought hardware & licences.
I have my storage box is ready.
Below are the steps i have completed.
1.Created LUNS on storage (hitachi AMS)
2.Installed win2k3 r2 enterprise edition on both nodes.
3.Promoted both nodes to Domain controller(test domain).
4.Then I followed the procedure from microsoft K-base and configured the cluster.
5.Clustering is workin fine in test domain.

Now my concern is to tranfer or migrate my existing domain to this new environment with minimum down time.



What I want to achive is complete fault tolerence.
LVL 30

Assisted Solution

LauraEHunterMVP earned 20 total points
ID: 21864852
Clustering domain controllers is not a recommended configuration, see You achieve fault tolerance in Active Directory by deploying multiple individual domain controllers, not by creating clusters.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Expert Comment

ID: 21865180
Quote "LauraEHunterMVP:
Clustering domain controllers is not a recommended configuration, see You achieve fault tolerance in Active Directory by deploying multiple individual domain controllers, not by creating clusters."

This is very true, should your domain controller hosting any one or multiple FSMO's fail you can seize the FSMO role onto another DC.
LVL 70

Expert Comment

ID: 21867094
I'll add to that - clustering of DCs is NOT recommended, by all means have two DCs - but not in a cluster - keep your cluster to exchange and keep the DCs seperate

Author Comment

ID: 21872376
Why clustering of domain controllers are not recommended by microsoft?

can anybody list few points?
LVL 13

Expert Comment

ID: 21872581
It's really quite simple.  Active Directory is fault tolerant by design, if one AD server fails all other AD servers will happily carry on regardless provided FSMO roles are moved (and this is a well documented process).  Adding clustering to the mix just over complicates things unnecessarily and reduces the usefulness of the two servers.

With two seperate servers running indepently both can serve customers at the same time making maximum use of the servers.  In a cluster only one server is doing anything at any one time.

With two seperate servers when one fails there is no interuption to service.  In a cluster when the active node fails there is a service outage whilst resources fail over.

You've now been told by four people that this is not a good idea. Take that as a good recommendation.
LVL 30

Expert Comment

ID: 21873608
Did you happen to actually read the Microsoft link that I listed earlier?

"You cannot cluster domain controllers for fault tolerance. You can promote computers to be domain controllers, and then you can install the Cluster service on those computers, but there is no method to store Active Directory on any one of the cluster's managed drives. There is no "failover" of Active Directory."
LVL 13

Assisted Solution

TheCapedPlodder earned 55 total points
ID: 21873632
I didn't read it myself but I did postulate in my first response that "In fact I doubt it's even possible" so it's nice to have this confirmed.

So there we have it.  Can't be done.

Author Comment

ID: 21873775
Dear All,
Thanks a lot for ur responce..I think the point is well explained.
I have one small query regarding the storage.
Ok now if i promote one server to PDC..Is it possible by any chance that MY ADC and PDC could share a common storage from my SAN box.


Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ntp server 15 79
Active Directory Cleanup Report 2 48
Setting up two DCs 4 43
Active Directory Powershell Script 9 37
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question