Solved

Can I add new users/computers on second DC, in SBS 2008 environment, while SBS server is offline?

Posted on 2009-07-06
9
433 Views
Last Modified: 2012-05-07
Hi,

I am planning to have SBS 2008 domain with an addition DC server running windows server 2008 standard and both servers will take GC role.
As per SBS restriction, my second DC (windows 2008 standard) cannot take any of 5 FSMO roles.
In case of SBS server is down for few hours, shall I be able to add or remove users/computers on second DC?
Any other service disruption in AD management?

Kindly provide details, when you post the solution. Thanks!
0
Comment
Question by:roger_rex
  • 3
  • 3
  • 3
9 Comments
 
LVL 10

Expert Comment

by:Datedman
ID: 24791171
A few hours' downtime shouldn't impact anything noticeably as long as you have another DC.  No details to mention really.  But why would your server be down for hours at a time anyway?
0
 

Author Comment

by:roger_rex
ID: 24791246
Hi Datedman,

Thanks for your comment.
I am planning a solution to face a situation that hardware failure or critical error occurs on SBS server and recovery takes few hours.

As I will not be implementing the second DC as RODC, I should be able to write to AD database, in case of SBS server's failure. But all the FSMO roles are held by that SBS server. This limitation triggers me think about this situation.
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24791284
In my experience it's not a problem.  That's why I have a second DC everywhere even if it's a virtual machine. :)
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 24791375
The FSMO roles allot batches of IDs for various domain functions... in SOME cases, they are only referenced when another DC runs out of (gets low on) things like SIDs for user accounts.  Technically you should be fine to create new users and computers - BUT, you SHOULDN'T DO IT because the SBS server, when created there, will setup the accounts properly for your domain.  The wizards from SBS will not extend to the second server.  The second server should, in some respects, be considered Read Only and essentially as a backup to preserve your AD should the primary server fail - that is, YOU should not make any direct changes on it, other than, if necessary, resetting a person's password.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 10

Expert Comment

by:Datedman
ID: 24791383
Ah thanks leew, i should have specified that i haven't used SBS for a while, didn't know that about it.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 24791388
For example when created with the wizard, they will belong (be prompted to confirm that they should belong) to the proper groups, create an exchange mailbox, etc.  None of this happens if you set them up on the non-SBS DC.
0
 

Author Comment

by:roger_rex
ID: 24801425
Hi Leew,

I found your comment is impressive.

Just want a clarification. Can we create an account on second DC, while SBS is offline, and create a corresponding mailbox, when SBS comes back?

IMHO, group membership should not be an issue, as those groups will exist on second DC. Moving an account among the groups also is an easy task.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 500 total points
ID: 24805212
I didn't say group management was difficult.

And yes, you can create an Exchange Mailbox later...

BUT, WHY would you make your priorities creating a user account and not getting the server running again?  Why would you not wait to get the SBS Server running appropriately?  

I'm not saying you WILL have problems, but SBS is designed to be managed by wizards with the wizards taking care of various tasks.  When you don't use the wizards, you open yourself up to sporadic problems - a user created with the wizards may not be otherwise identical to one that is created through "standard" means.  I've never taken the time to compare the differences in differently created user accounts in SBS - seemed pointless since the SBS server will never be down for an extended period with a good backup and recovery plan in place and a good warranty.

Frankly, if you want redundancy, I'd suggest putting SBS on a virtual machine running off the server.  If the server fails (anything short of catastrophic hard disk failure), you can just copy the VHD off the server hard drives and boot it from a laptop, desktop, another server - whatever, and be back in business in minutes.
0
 

Author Comment

by:roger_rex
ID: 24805617
Hi Leew,

That's great!

Your comments really help, even though I do not love to rum my SBS from VM, for performance reason. My hardware is not that strong.

Really appreciate you guys sparing time to answer me!

Points awarded!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now