Solved

Domain Controller Redundancy

Posted on 2010-08-15
11
623 Views
Last Modified: 2012-05-10
How to make a domain controller in a redundancy environment?
eg: DC A down, there is a DC B to take over its job and all the user that connect to DC A are still able to do their work as usual.
0
Comment
Question by:swpui
  • 4
  • 4
  • 3
11 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33442612
What you do is just promote a DCB.  In Active Directory all domain controllers have all the same info.   Then make DC B a global catalog server.  If you are running DNS on DC A also make DC B a DNS server.

If replication is working ok after DC B is promoted then it will have AD, DNS, and GC information.  

Then make sure all your clients (static and DHCP) have the address for DC B as another DNS server.

If DC A goes down they will continue to work.  if DC A goes down for an extend period of time or dies hard you will have to "seize the FSMO roles) but users can still work as usual if you don't do that right away.

By the way if you have a real world environment like that with only one DC....get that second one up as soon as possible.

Thanks

Mike
0
 
LVL 4

Expert Comment

by:rickybsb
ID: 33442635
Cheers SWPUI
Just put your second domain controller on the network, click START -> RUN-> and type DCPROMO and hit enter.
The wizard will guide you through and when it ends you will see the active directory icons at the administrative tools.
You need to open the active directory sites and services, click on the newly promoted domain controller, open it's properties and mark the Global catalog checkbox.
If need any aditional help let me know
0
 

Author Comment

by:swpui
ID: 33442707
Mkline71: you mean from the begining, I install DC A & DC B, whatever DC A have , DC B also must have. Both are global catalogue server. So when DC A down, I just type 'dcpromo' to promote DC B, do I still need to proceed to do FSMO....ect?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 63 total points
ID: 33442857
You promote DC B and install the same services,  you do the dcpromo now for DC B...don't wait for DC A to go down.

As for seizing the FSMO roles  DO NOT  do that now....that is only in a disaster situation if DC A goes down and is not coming back up again only in a disaster situation (seizing them while DC A is up will cause issues)

Thanks

Mike
0
 
LVL 4

Assisted Solution

by:rickybsb
rickybsb earned 62 total points
ID: 33442877
Hi Swpui: from the beginning.

To acomplish redundancy, BEFORE DC A goes down you should already done:
dcpromo DC B as a member server
run DNS server on DC B
set the DC B as one of your DNS server on your DHCP;
set DC B as a global catalog server.

After this, in a disaster situation when DC A Goes down, you will be able to authenticate your users.

If DC A is completely unaccessible, you should seize the FSMO role so your domain will not look for the dead DC A anymore.

0
 

Author Comment

by:swpui
ID: 33443165
that meas there will still be some down time occured, how to seize the FMSO when DC A is dead?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33443278
No down time at all; if DC A goes down clients still work ok and can log on.

You seize the roles using ntdsutil  http://www.petri.co.il/seizing_fsmo_roles.htm

Thanks
Mike
0
 
LVL 4

Assisted Solution

by:rickybsb
rickybsb earned 62 total points
ID: 33444816
hi SwPui,

This mean doing what i've said on last post, you will nave NO downtime at all!

You will need to seize FSMO only if your DC A goes down and you can't use it as a DC anymore. The seize FSMO is a procedure that you take in order to "tell your remaining domain controllers"  when one of the DCs is permanently dead.

For example, if DC A only suffered a hardware problem and you fixed it, there is no need to seize FSMO, just turn it ON again and everything will work great.

Regards


0
 

Author Comment

by:swpui
ID: 33481684
pls give details on how to seize FSMO
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 63 total points
ID: 33481799
See the link I left above about seizing....here it is again though   http://www.petri.co.il/seizing_fsmo_roles.htm

0
 

Author Closing Comment

by:swpui
ID: 33827719
will try it
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question