SW111
asked on
Setting W2k3 BDC
I have an existing windows 2003 domain controller, with active directory, dhcp, dns and file server set up on the same box. lets call this 50.0.0.1
But for safety (after very terrible experience) I wanted to set up a Backup Domain Controller (BDC). The process seems easy enough. I setup W2k3, add role as AD and then set the new box as NOT the first DC on the domain. After following through the process I end up with a server that has AD installed, which seems to mimic the PDC. So it seems to serve its purpose.
The problem is that only AD is created on the BDC. It did not create the DHCP and DNS and File Server part.
So the questions are:
1. IF the PDC fails (knock on wood), how would having just a backup AD help, without DHCP and especially without DNS part?
2. It would also help if I get to keep the File Sharing (Security & Privileges) settings.
3. Are there additional steps I need to do on the BDC, in case the PDC fail?
4. How is this better than setting up a backup hard disk so that I can simply replace the damaged PDC? (Although my backups have never succesfully restored a system, I always end up re-installing from scratch manually.... so a hint on this part would also be appreciated).
Thank You
But for safety (after very terrible experience) I wanted to set up a Backup Domain Controller (BDC). The process seems easy enough. I setup W2k3, add role as AD and then set the new box as NOT the first DC on the domain. After following through the process I end up with a server that has AD installed, which seems to mimic the PDC. So it seems to serve its purpose.
The problem is that only AD is created on the BDC. It did not create the DHCP and DNS and File Server part.
So the questions are:
1. IF the PDC fails (knock on wood), how would having just a backup AD help, without DHCP and especially without DNS part?
2. It would also help if I get to keep the File Sharing (Security & Privileges) settings.
3. Are there additional steps I need to do on the BDC, in case the PDC fail?
4. How is this better than setting up a backup hard disk so that I can simply replace the damaged PDC? (Although my backups have never succesfully restored a system, I always end up re-installing from scratch manually.... so a hint on this part would also be appreciated).
Thank You
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I only answered some of the questions.
BDC is a legacy there shoudl be no other steps that you need to do to configure the AD part of the server. Although you shoudl probably make the server a GC also.
Having mutliple DC's is always a good idea because it can spread the load for authentication as well as provide fault tolerance.
BDC is a legacy there shoudl be no other steps that you need to do to configure the AD part of the server. Although you shoudl probably make the server a GC also.
Having mutliple DC's is always a good idea because it can spread the load for authentication as well as provide fault tolerance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your prompt reply willetmeister.
I've never realized that there's such thing as secondary DNS server. I will look up google on how to do this.
DHCP: Is there a way to simply install the same settings of DHCP (scope and everything else) and leave it OFF until I need to use it? (i.e until PDC fails)? The way I understand it is that DHCP is really only needed when I'm adding a new computer to the network, otherwise every computers will already have been assigned with an IP address, and as long as DNS is alive, they'll be happy. If this is the case, for my application, I dont really have the need for online redundancy. We can wait a couple of hours for me to set DHCP ON. But is it possible?
Or, on a separate note, since AD is a database, is it possible to simply backup AD and DNS and DHCP info (and file sharing info), and then restore it to a new installation of W2K3?
I've never realized that there's such thing as secondary DNS server. I will look up google on how to do this.
DHCP: Is there a way to simply install the same settings of DHCP (scope and everything else) and leave it OFF until I need to use it? (i.e until PDC fails)? The way I understand it is that DHCP is really only needed when I'm adding a new computer to the network, otherwise every computers will already have been assigned with an IP address, and as long as DNS is alive, they'll be happy. If this is the case, for my application, I dont really have the need for online redundancy. We can wait a couple of hours for me to set DHCP ON. But is it possible?
Or, on a separate note, since AD is a database, is it possible to simply backup AD and DNS and DHCP info (and file sharing info), and then restore it to a new installation of W2K3?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Best thing for AD backups is to use System State Backups.
Here is a good technet article about backing up Active Directory:
http://technet.microsoft.com/en-us/library/cc738755.aspx
Here is a good technet article about backing up Active Directory:
http://technet.microsoft.com/en-us/library/cc738755.aspx
I can't think of any reason why won't you use redundancy DHCP by following the 25/75 rule. Unless you have only one server available to provide DHCP services. Otherwise, why not have two DHCP up running at all the time and not worry about the user not being able to obtain an IP during the few hours outage, afterall, you can't gurantee when a user reboot their machine. Since you will have two DCs, just make them 75% of the IP in one and the other with %25 on the other. Whether these two DCs are on the same subnet or not, you can still leverage the dual DHCP servers for redundancy, afterall, no additional cost.
Other DHCP concern is if you have DHCP Client reservation, you can schedule task to run daily or weekly to export your DHCP database to a file where you can easily import to another DHCP server in just a few minutes when comes to restore. The command to export DHPC database is "netsh dhcp server export C:\dhcpfilename all" and import command is just replace the export with import.
One last thing is you should definitely make both DCs also a GC for what you want to do.
Other DHCP concern is if you have DHCP Client reservation, you can schedule task to run daily or weekly to export your DHCP database to a file where you can easily import to another DHCP server in just a few minutes when comes to restore. The command to export DHPC database is "netsh dhcp server export C:\dhcpfilename all" and import command is just replace the export with import.
One last thing is you should definitely make both DCs also a GC for what you want to do.
I wouldn't mess with a back up and restore when a secondary server is a much more elegant solution. Easier to test and easier to maintain. You can probably run the secondary server on an old desktop if money is an issue.
ASKER
OK. So here's what I gather:
1. Need to setup Secondary DC (not BDC) with secondary DNS Server
2. dariusg: Need to setup Global Catalog on the Secondary DC and NOT on the PDC (how do I do this?)
3. willettmeister:Have 2 DHCP running all the time. (I thought we cant have 2 DHCP on the same network, otherwise it will mess up the network). I really cant imagine how to split the zones. What is the basis I need to use for the separation? Simply separate any unused IP range into 2 batch?
4. Americon: Given #3, should I still export the DHCP? or will the 2 DHCP somehow take notes of the other's zones? (For example, if I set reservations, do I have to do it on both DHCP? Otherwise, if I reserve 50.0.0.2 on DHCP#1 for Box#1, and it fails, will other clients get this IP instead of Box#1?
On File Server:
5. ISWSIMBX: "You could leverage DFS for your file shares and that would replicate the data between the two domain controllers and maintain security and permissions."--Does this mean somekind of a Secondary File Server? How would I go about setting this up? Right now, I'm using shadow copies. Is thsi what you mean?
6. ISWSIMBX: "You would need to use NTDSUTIL to seize any FSMO roles that are owned by the PDC." I dont understand this part. Do you mean when PDC fails, we need to use NTDSUTIL to switch to Secondary DC? What is FSMO?
1. Need to setup Secondary DC (not BDC) with secondary DNS Server
2. dariusg: Need to setup Global Catalog on the Secondary DC and NOT on the PDC (how do I do this?)
3. willettmeister:Have 2 DHCP running all the time. (I thought we cant have 2 DHCP on the same network, otherwise it will mess up the network). I really cant imagine how to split the zones. What is the basis I need to use for the separation? Simply separate any unused IP range into 2 batch?
4. Americon: Given #3, should I still export the DHCP? or will the 2 DHCP somehow take notes of the other's zones? (For example, if I set reservations, do I have to do it on both DHCP? Otherwise, if I reserve 50.0.0.2 on DHCP#1 for Box#1, and it fails, will other clients get this IP instead of Box#1?
On File Server:
5. ISWSIMBX: "You could leverage DFS for your file shares and that would replicate the data between the two domain controllers and maintain security and permissions."--Does this mean somekind of a Secondary File Server? How would I go about setting this up? Right now, I'm using shadow copies. Is thsi what you mean?
6. ISWSIMBX: "You would need to use NTDSUTIL to seize any FSMO roles that are owned by the PDC." I dont understand this part. Do you mean when PDC fails, we need to use NTDSUTIL to switch to Secondary DC? What is FSMO?
ASKER
I tried setting up the Secondary DNS on the secondary DC, using this guide:
http://support.microsoft.com/kb/816518
But when I am at step#9 on configuring Master DNS IP Address, when clicking Finish I get the following error: "The zone cannot be created. The zone already exists".
I set the zone name to be: location1.mydomain.com (the exact same domain name I set on the PDC).
I set the Master IP to: 50.0.0.1, which is the PDC's IP address.
What went wrong?
http://support.microsoft.com/kb/816518
But when I am at step#9 on configuring Master DNS IP Address, when clicking Finish I get the following error: "The zone cannot be created. The zone already exists".
I set the zone name to be: location1.mydomain.com (the exact same domain name I set on the PDC).
I set the Master IP to: 50.0.0.1, which is the PDC's IP address.
What went wrong?
ASKER
Ah, ignore the previous comment. Turns out after doing step#1, Identifying the second DNS, Windows automatically create the forward and reverse zone on the secondary DC. I just had to refresh it since it wasn't showing up before.
I'm now trying to find the global catalog thing because the ms article didnt say anything about GC.
I'm now trying to find the global catalog thing because the ms article didnt say anything about GC.
ASKER
DNS Forwarders.
So I saw on this article: https://www.experts-exchange.com/questions/23857184/Secondary-domain-controller-not-working-properly.html
which links to thi article: http://www.petri.co.il/configure_dns_forwarding.htm
that I have to set "Forwarding". But on point#2 "Check the Enable forwarders check-box." I cant find a checkbox on the W2K3 I'm using.
The question is, is this step needed?
Global Catalog.
Seems easy enough. I ticked GC on the secondary DC, per this article:
http://support.microsoft.com/kb/313994
So easy, I cant figure out what GC is for. But since It doesnt say secondary GC or backup GC, it just says assign this server (secondary DC) as a GC, will this effect my PDC's GC?
So I saw on this article: https://www.experts-exchange.com/questions/23857184/Secondary-domain-controller-not-working-properly.html
which links to thi article: http://www.petri.co.il/configure_dns_forwarding.htm
that I have to set "Forwarding". But on point#2 "Check the Enable forwarders check-box." I cant find a checkbox on the W2K3 I'm using.
The question is, is this step needed?
Global Catalog.
Seems easy enough. I ticked GC on the secondary DC, per this article:
http://support.microsoft.com/kb/313994
So easy, I cant figure out what GC is for. But since It doesnt say secondary GC or backup GC, it just says assign this server (secondary DC) as a GC, will this effect my PDC's GC?
You want both Domain controllers to be Global Catalogs.
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1. If you don't have a secondary DC and your primary DC goes down you will loose all functionality on your Windows Network. When install AD you should always install DNS on the same server.
3. If the primary goes down then clients will start authenticating to the secondary without any Admin interaction. The two things you must be sure to have in place before any failure is that the clients are pointing to the secondary DC for DNS and the secondary is a Global Catalog.
4. If you had a bacup hard disk and then power supply went down how would you install the backup hard disk it wouldn't matter your power supply is down. So, having a second DC you will allow for uptime no matter what happens to the primary.