Start Free TrialLog in
Avatar of dmuskrat
dmuskrat

asked on 

How do you determine which DC is used in an isolated network and/or a virtualization lab where all DCs are not available?

I'm setting up a virtualization lab for disaster recovery testing, and I'm running into a problem by only having 1 of my 5 domain controllers available within this lab. This issue also seems like it would present itself if I lost one of my subnets that contains 3 out of my 5 domain controllers. Let me briefly describe my virtualization lab. I'm using a single VMware ESX server that runs 4 VMs which correspond to my 4 most important servers - SQL server, Backup Exec sever, IIS/web server, and domain controller. The core issue here is that with the exception of the domain controller, none of my other VM servers can see my domain. So when I try to log into the severs with a privileged domain user, I keep getting a message that the domain is not available. It appears that all of these servers are trying to authenticate with one of the 4 other DCs that I did not virtualize. I also realized that I did not virtualize a DNS server, but I've used the host file to create entries for basic name resolution and I can ping between all of the severs using computer names. What can I change so that all of my VMs can see my 1 domain controller and authenticate? I don't have the option of disjoining the domain or creating a new one because these VMs need to be able to run as my production servers in the event of a real disaster so they have to be a part of the same domain the rest of my organization uses. However, during my testing I need them to be able to operate with my single virtualized domain controller. This issue also makes me wonder whether I would experience similar authentication issues if my primary subnet/site is lost and I only have 2 out of 5 remaining DCs available at my secondary subnet/site. What happens to those workstations that need to authenticate on the 3 unanavailable DCs?
VMwareActive Directory
Avatar of undefined
Last Comment
dmuskrat
Avatar of blindsp0t
blindsp0t
What type of servers are we dealing with here?  
Avatar of blindsp0t
blindsp0t
Just to follow up on my own thoughts here.  I'm going to bet your experiencing a DNS issue.  Hostfile dns emulation is not quite what AD wants to see when asking for resources (such as login servers).  If that's the case and adding DNS resolves your issue - the answer to your second question is no... providing dns is replicating to all  servers a loss of multiple subnets would not prevent users from accessing the domain.
Avatar of dmuskrat
dmuskrat

ASKER

I'm not sure what you are asking for by "type" of severs, but here's all I can tell you. There is a single physical Dell sever with a dual 2.49GHz processor and 4GB of RAM. It's running VMware ESX 3.5. Then I have virtual machines on that ESX host. An SQL server (Server 2000), a Backup Exec server (Server 2003), a web server (Server 2003), and a domain controller (Server 2003). On the domain controller, the forest functional level is Windows Server 2003.

My next attempt to fix this problem is to install DNS on the domain controller, but I'm curious as to whether it matters how I set it up (AD integrated or not). I would imagine that after I set up DNS I will need to manually change the IP address settings on all of my VMs to look to my domain controller as the DNS server.

Any other thoughts or comments on my issue would be appreciated.
ASKER CERTIFIED SOLUTION
Avatar of gump103
gump103
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of gump103
gump103
Thinking about it though the FSMO roles would only be a problem if adding new objects. If everything was just p2v'd then it wouldn't be the problem. Still worth checking and setting though for future.
Avatar of blindsp0t
blindsp0t
AD integrated DNS is considerably easier to manage across multiple servers.  
Avatar of dmuskrat
dmuskrat

ASKER

You were exactly right. Unfortunately, I got impatient and called Microsoft on this. Thanks for the response!
Active Directory
Active Directory

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent