Solved

Domain Controller Redundancy

Posted on 2010-08-15
11
620 Views
Last Modified: 2012-05-10
How to make a domain controller in a redundancy environment?
eg: DC A down, there is a DC B to take over its job and all the user that connect to DC A are still able to do their work as usual.
0
Comment
Question by:swpui
  • 4
  • 4
  • 3
11 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33442612
What you do is just promote a DCB.  In Active Directory all domain controllers have all the same info.   Then make DC B a global catalog server.  If you are running DNS on DC A also make DC B a DNS server.

If replication is working ok after DC B is promoted then it will have AD, DNS, and GC information.  

Then make sure all your clients (static and DHCP) have the address for DC B as another DNS server.

If DC A goes down they will continue to work.  if DC A goes down for an extend period of time or dies hard you will have to "seize the FSMO roles) but users can still work as usual if you don't do that right away.

By the way if you have a real world environment like that with only one DC....get that second one up as soon as possible.

Thanks

Mike
0
 
LVL 4

Expert Comment

by:rickybsb
ID: 33442635
Cheers SWPUI
Just put your second domain controller on the network, click START -> RUN-> and type DCPROMO and hit enter.
The wizard will guide you through and when it ends you will see the active directory icons at the administrative tools.
You need to open the active directory sites and services, click on the newly promoted domain controller, open it's properties and mark the Global catalog checkbox.
If need any aditional help let me know
0
 

Author Comment

by:swpui
ID: 33442707
Mkline71: you mean from the begining, I install DC A & DC B, whatever DC A have , DC B also must have. Both are global catalogue server. So when DC A down, I just type 'dcpromo' to promote DC B, do I still need to proceed to do FSMO....ect?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 63 total points
ID: 33442857
You promote DC B and install the same services,  you do the dcpromo now for DC B...don't wait for DC A to go down.

As for seizing the FSMO roles  DO NOT  do that now....that is only in a disaster situation if DC A goes down and is not coming back up again only in a disaster situation (seizing them while DC A is up will cause issues)

Thanks

Mike
0
 
LVL 4

Assisted Solution

by:rickybsb
rickybsb earned 62 total points
ID: 33442877
Hi Swpui: from the beginning.

To acomplish redundancy, BEFORE DC A goes down you should already done:
dcpromo DC B as a member server
run DNS server on DC B
set the DC B as one of your DNS server on your DHCP;
set DC B as a global catalog server.

After this, in a disaster situation when DC A Goes down, you will be able to authenticate your users.

If DC A is completely unaccessible, you should seize the FSMO role so your domain will not look for the dead DC A anymore.

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:swpui
ID: 33443165
that meas there will still be some down time occured, how to seize the FMSO when DC A is dead?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33443278
No down time at all; if DC A goes down clients still work ok and can log on.

You seize the roles using ntdsutil  http://www.petri.co.il/seizing_fsmo_roles.htm

Thanks
Mike
0
 
LVL 4

Assisted Solution

by:rickybsb
rickybsb earned 62 total points
ID: 33444816
hi SwPui,

This mean doing what i've said on last post, you will nave NO downtime at all!

You will need to seize FSMO only if your DC A goes down and you can't use it as a DC anymore. The seize FSMO is a procedure that you take in order to "tell your remaining domain controllers"  when one of the DCs is permanently dead.

For example, if DC A only suffered a hardware problem and you fixed it, there is no need to seize FSMO, just turn it ON again and everything will work great.

Regards


0
 

Author Comment

by:swpui
ID: 33481684
pls give details on how to seize FSMO
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 63 total points
ID: 33481799
See the link I left above about seizing....here it is again though   http://www.petri.co.il/seizing_fsmo_roles.htm

0
 

Author Closing Comment

by:swpui
ID: 33827719
will try it
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now