I have a native Windows 2003 domain with two domain controllers and a single site. I thought my domain controllers were redundant of each other, meaning that if one failed hard than the other would maintain all domain services. Recently, while one of them was restarting after installing Microsoft Updates, I ran into an issue. I was on another server in the domain, an Exchange 2003 server, in the Active Directory Users & Computers tool, trying to add a user into an existing security group. I was not able to do it. I forget what the exact message was but it had to do with not being able to contact the domain controller that was rebooting. The domain contoller that was rebooting is actually the secondary controller.
My question is, how exactly do I make sure that the domain controllers are redundant for the domain? I don't want any active directory services unavailable if I need to restart one of them.
I also would like to know how to make sure that they both are up to date with USN's (Update Sequence Numbers)? They seem to have different numbers although at the same time, they seem to pass communication tests with each other.