• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 642
  • Last Modified:

Domain Controller Redundancy

How to make a domain controller in a redundancy environment?
eg: DC A down, there is a DC B to take over its job and all the user that connect to DC A are still able to do their work as usual.
0
swpui
Asked:
swpui
  • 4
  • 4
  • 3
4 Solutions
 
Mike KlineCommented:
What you do is just promote a DCB.  In Active Directory all domain controllers have all the same info.   Then make DC B a global catalog server.  If you are running DNS on DC A also make DC B a DNS server.

If replication is working ok after DC B is promoted then it will have AD, DNS, and GC information.  

Then make sure all your clients (static and DHCP) have the address for DC B as another DNS server.

If DC A goes down they will continue to work.  if DC A goes down for an extend period of time or dies hard you will have to "seize the FSMO roles) but users can still work as usual if you don't do that right away.

By the way if you have a real world environment like that with only one DC....get that second one up as soon as possible.

Thanks

Mike
0
 
rickybsbCommented:
Cheers SWPUI
Just put your second domain controller on the network, click START -> RUN-> and type DCPROMO and hit enter.
The wizard will guide you through and when it ends you will see the active directory icons at the administrative tools.
You need to open the active directory sites and services, click on the newly promoted domain controller, open it's properties and mark the Global catalog checkbox.
If need any aditional help let me know
0
 
swpuiAuthor Commented:
Mkline71: you mean from the begining, I install DC A & DC B, whatever DC A have , DC B also must have. Both are global catalogue server. So when DC A down, I just type 'dcpromo' to promote DC B, do I still need to proceed to do FSMO....ect?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Mike KlineCommented:
You promote DC B and install the same services,  you do the dcpromo now for DC B...don't wait for DC A to go down.

As for seizing the FSMO roles  DO NOT  do that now....that is only in a disaster situation if DC A goes down and is not coming back up again only in a disaster situation (seizing them while DC A is up will cause issues)

Thanks

Mike
0
 
rickybsbCommented:
Hi Swpui: from the beginning.

To acomplish redundancy, BEFORE DC A goes down you should already done:
dcpromo DC B as a member server
run DNS server on DC B
set the DC B as one of your DNS server on your DHCP;
set DC B as a global catalog server.

After this, in a disaster situation when DC A Goes down, you will be able to authenticate your users.

If DC A is completely unaccessible, you should seize the FSMO role so your domain will not look for the dead DC A anymore.

0
 
swpuiAuthor Commented:
that meas there will still be some down time occured, how to seize the FMSO when DC A is dead?
0
 
Mike KlineCommented:
No down time at all; if DC A goes down clients still work ok and can log on.

You seize the roles using ntdsutil  http://www.petri.co.il/seizing_fsmo_roles.htm

Thanks
Mike
0
 
rickybsbCommented:
hi SwPui,

This mean doing what i've said on last post, you will nave NO downtime at all!

You will need to seize FSMO only if your DC A goes down and you can't use it as a DC anymore. The seize FSMO is a procedure that you take in order to "tell your remaining domain controllers"  when one of the DCs is permanently dead.

For example, if DC A only suffered a hardware problem and you fixed it, there is no need to seize FSMO, just turn it ON again and everything will work great.

Regards


0
 
swpuiAuthor Commented:
pls give details on how to seize FSMO
0
 
Mike KlineCommented:
See the link I left above about seizing....here it is again though   http://www.petri.co.il/seizing_fsmo_roles.htm

0
 
swpuiAuthor Commented:
will try it
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now