?
Solved

Secondary Active Directory Controller not taking authorizations, not doing DNS

Posted on 2009-05-18
8
Medium Priority
?
340 Views
Last Modified: 2012-05-07
We have 2 AD controllers at 2 sites.  They are both on the same subnet, connected via fiber relay between buildings (on a 10.0.10.* network).  When the 'main' controller (ADSERVER1) goes down, the secondary one (ADSERVER2) appears to not be taking over authentication and DNS.

Our primary server went down this morning, and until I could get it back up, we had no DNS, and no authentication whatsoever.

How would I check to see if the ADSERVER2 is set to take over domain control when ADSERVER1 is down?
0
Comment
Question by:gracewild
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 600 total points
ID: 24414179
I assume if they are both on the same subnet, then you haven't configured the two physical sites as two sites in AD Sites and Services?

Are both DCs also DNS servers, and do your clients have both servers' IP addresses in their preferred DNS servers list?
0
 
LVL 6

Accepted Solution

by:
Gunter17 earned 800 total points
ID: 24414214
The first active directory servers DNS should be set to itself, and the seconds DNS server set to itself as well. Your clients DNS should be set to your primary and secondary active directory servers.

As long as there are no sync problems (which would be logged in the FRS event log) the other server should function fine and serve logon requests after the timeout period on the primary dns expires.

Are both servers providing global catalog services?
http://technet.microsoft.com/en-us/library/cc758330(WS.10).aspx
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414227
Is your second domain controller also a global catalog server?
Thanks
Mike
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 600 total points
ID: 24414243
The AD servers don't have to be pointing to themselves for DNS (although that is ok)
You can have them pointing to each other for primary and each other for secondary.  Both methods are valid.
Thanks
Mike
0
 

Author Closing Comment

by:gracewild
ID: 31582682
Thank you for the quick replies.
The DNS server settings were pointed both the ADSERVER1, so I put ADSERVER2's IP address for the primary, and ADSERVER1 for the secondary.  Global catalog was NOT checked on ADSERVER2, but now it is.

Thanks a ton.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414433
ok thanks let us know if ADServer2 takes over next time AD1 goes down.
Thanks
Mike
0
 

Author Comment

by:gracewild
ID: 24414445
I certainly will.  I am going to test it tonight or tomorrow after everyone goes home for the day.

I really appreciate it.

0
 

Author Comment

by:gracewild
ID: 24585232
Sorry it took me so long to reply, things have been crazy here, and I have been ill.  

The fix did work.  Our ADSERVER2 does take over the domain authorization and DNS when ADSERVER1 is down.  This is a very good thing, because the motherboard just died on ADSERVER1.  Parts are on order and ADSERVER2 is doing everything until we get it rebuilt.

Thanks
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question