argument for multiple windows domain controllers

Posted on 2009-04-30
Last Modified: 2013-12-04
I am in the proposal stages of designing a small network.  I have proposed two servers...One SBS 2003 STD server and one 2008 server.  I had intended to have the second server there idle as a disaster to maintina the AD informatino in the event of a failure of server one.  I got the following reply from the clients advisor.  Can you counter this?  I obviously want to sell two servers, but if I am wrong, then I am wrong.

In this environment I see no advantage gained by the backup server.  While this server would keep the "network" running, there would be no data to access, because it would all reside on the primary server. Therefore to the end user, this server would do nothing.  Current windows clients will cache the domain sign on data, so unlike in the past, you would still have full access to your local P.C.   While there are ways to make the secondary server a true fall-back for the primary server, this would require both servers to have IDENTICAL hardware configurations, and use a different version of windows server (Windows Server 2008 enterprise).   This would be substantially more expensive  and I am not sure that level of redundancy is justified in this environment.
Question by:jcistaro
    LVL 5

    Accepted Solution

    Your user is somewhat right and somewhat wrong.  Yes they will need to pay for software and hardware licenses for the backup server.  Depending on how your going to backup the server, they may not need IDENTICAL hardware. If you truely ghosting the system, then yes, hardware needs to be the same.  If your just backup up data that changes each day, then no, you dont need the same exact hardware.  But in MOST cases, it always highly recommended to keep both machines the same when feasible.

    In guess in our business we must get to the following responsibility....
    1.  We must be totally honest to the customer
    2.  We must explain every gotcha to the user for not having  a backup.. Virus, Disgruntled employee be malicious, power outages and any other disaster scenario.
    3.  Next after explaining 2, ask them how long of a down time their business could operate without the system being there.  (To include locating someone to come in reload whole system and then finding data hopefully that is backup somewhere).
    4. Now the hard part for us.... Let them make the decision.  As a contractor of systems, our job is to ensure the customer knows all the pitfalls by education, and if they decide they can live through step 3 without backup, let them do so.  You can lead a horse to water, but you cant make it drink.

    In my younger days I wanted to make everyone do the right thing to keep them from not having night mares of data and computer problems, but the reality hit, some users and managers due to ignorance, are like used car salesman trying to impress the owner and save them some money or they have poor budgets are going to take the risk of losing their system.  

    And thats when I learned why Im here.... and when I make my most money, for those type of people.  Yes I love having the guy who smart and listens and buys the backup server and makes his life easier, but I found out more, that I make lots more from the guy who is panic mode because he didnt back up his stuff. Because in the long run, he is going to backup server, but it wont be until after he lost all his data once and its a midnight on a 4 of July weekend, and Im in there charging him ungodly amounts of money since he was hard headed in the first place.   The old pay me now, or pay me LOTS later scenario.

    Just be nice, tell them the reasons too and then let make the decision.  All you can do... be nice so they will call you when the disaster happens, and after doing this for 25 years.. it will happen.

    LVL 58

    Assisted Solution


    If you buy into a second server, you can configure a lot of replication and failover to that server, so more services than simply Active Directory continue to function if the first server fails.

    Installing the second server as a DC and GC is imperative. The second server must also be a DNS Server and be configured as an alternate DNS server for all workstations (such as through DNS). For all my clients, I then use DFS to replicate data between the two servers and to create a domain-based namespace, so there is a central point for all share traffic to go to. (Shares mapped to \\\Share-Name rather than \\server\Share-Name). An offline server will as a result be transparent to the user and their access to file shares will continue as usual from the remaining running server. To make this effective, use Server 2003 R2 or Server 2008 as it has improved DFS Replication features.

    For other applications (such as Exchange or SQL Server) you need to consider their high availability features separately. For automated Exchange 2007 failover, as an example, you need Server 2003/2008 Enterprise and Exchange 2007 Enterprise, which is costly and generally way too much for a lot of environments.

    The benefit of a second server is much more than simply an idle standby. With load balancing (such as through DFS) and so on, both servers can run the network on a daily basis.

    The consultant is both right and wrong. The servers do NOT need to be identical hardware for traditional high-uptime techniques, such as Windows clustering (costly) or simply promoting 2 DCs. Similar hardware is only recommended if you install a server as a cold standby - one which is booted and has a backup restored to in the event of a failure of the main server.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Article by: btan
    The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now