Is there any advantage to having an extra Domain Controller for a Small Business Server network

From a Disaster Recovery view, is there any advantage to having an additional Domain Controller in a Small Business Server 2003 R2 network?

If so, what, and how would you handle the main SBS Server failing if you had another DC?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hello jmsjms,

It is alwys useful to have an additional domain controller on the network to ensure your ACtive Directory accounts are preserved in case of a failure. Should your SBS server fail then this alternate domain controller will handle login requests and authentication uhtil the main server is up and running again.

I'm assuming you have EXchange runniong on the SBSD too, so having your usera ccount details on another DC will make for a much easier time restoring your email int he event of server death.


Lee W, MVPTechnology and Business Process AdvisorCommented:
Exactly how advantageous it is depends on what your server does for you.  But a second DC would preserve active directory if the SBS server failed and allow your users to potentially continue browsing the internet and logging on.  In addition, if you setup DFS, you can have a replica of the file shares and help ensure that at least SOME services remain functional so your users aren't sitting on their thumbs waiting for the only server you have to be restored...
To expand, exchange email accounts are linked to the active directory accout. It';s not jsut the user login name, but an internal identifier that says which AD account the inbox is linked to. Should your server die as it stands you may be able to resotre your email, but you'll have to manually relink each inbox to it's new AD account, even if your AD accounts are recreated with the same login name. This isbecause recreting the account will give it a different internal identifiuer, causing exchange to think it's a different account.

With an addiutional DC these login details will all be preserved, meaning that once the email data is restored Exchange should recognise all your users natively and give immediate access without extra tinkering.

Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Actually, along the same lines, Active Directory accounts are actually stored as Globally Unique IDs.  You SEE a friendly name like "administrator" but AD sees 3F2504E0-4F89-11D3-9A0C-0305E82C3301-500

A portion of this is randomly generated at the time the domain is created.  As a result, if you "recreate" the domain after a failure, your GUIDs will NOT match since they are randomly created when the domain is created.  The permissions on things remember the old GUIDs while the new domain has a completely different set of GUIDs and as such, you have to spend considerable time restoring things.
jmsjmsAuthor Commented:
Many thanks to all.  OK, you've conviiced me it's a good idea.

But to finish off, there's the second bit of my question.

"If so, what, and how would you handle the main SBS Server failing if you had another DC?"  

To clarify, I'm not concerned with File data (as I have a backup strategy for that), I'm concerned with rebuilding the SBS server.
Lee W, MVPTechnology and Business Process AdvisorCommented:
So you don't have backups of the SBS server?

IF you could restore the SBS server from backup, I would rebuild it and install it into an existing domain (since the AD would be appropriately configured for SBS).
jmsjmsAuthor Commented:
Yep, I've got loads of backups and quite a few Disk Images.  I'm pretty paranoid when it comes to it!

I'm looking for a guide on how to re-install SBS when there's a DC already present.  I've a horrid feeling that if I had to do a full re-build it would overwrite  the AD info the spare DC stores.
jmsjmsAuthor Commented:
Anyone able to answer?

Cheers J
jmsjmsAuthor Commented:
Any one got any ideas about the second part of my question?

If not I'll see if it's possible to award points for some of the question and repost for the remaining bit.

Lee W, MVPTechnology and Business Process AdvisorCommented:
There should be no reason to rebuild it if you have backups.  I would restore from backups.  If it turned out ALL your backups were bad, then there's a MS KB article on installing SBS into an existing domain.  This would be one the instance where I would recommend using that article (in general, I DO NOT recommend using it because SBS sets up the domain in a specific manner... but since SBS was setup first, the domain is in the appropriate format to begin with, meaning that installing an SBS server into a domain in your situation should not pose a problem.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jmsjmsAuthor Commented:
Many thanks to all!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.