Active Directory - Domain controllers

On our network the PDC is a older machine that  I don't entirely trust anymore.
( the lights one drive in the raid are out, but seemingly running anyway, one power supply is red lighting as well. And I don't think it's worth putting more $ into it)
There is another machine that has active directory installed, and it is apparently also a domain controller. However, as a test, I powered down the primary to see if the other one would  function as the domain controller and authenticate users logging in. It did not. In fact, I could not log onto it via terminal services as it reported that the domain controller could not be found.
I want it to know how to configure these machines so that if (when)  the primary one fails, the other one will step up and function as the PDC without any interruption for our users.
Thanks
awalkintheparkAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KenMcFCommented:
Do both Domain Contorllers have DNS installed and the clients pointing to both DCs for DNS resolution?

I would also recomend making both Global Catalog servers and running DCDIag to verify the health of both DCs.

http://technet.microsoft.com/en-us/library/cc787589(WS.10).aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike KlineCommented:
In addition to Ken's answer you can transfer the FSMO roles to this other DC   http://www.petri.co.il/transferring_fsmo_roles.htm

...if your PDC dies right now without a graceful transfer then you can seize the roles later

Also start looking at another box or buying another box for an additional DC.  So if this "bad" DC goes down you can still have two DCs.

thanks

Mike
SylvainDrapeauCommented:
Hello !

Beside DNS and GC, you have to transfer FSMO roles over to the "new" DC.

Use this article to transfer the roles your new DC doesn't have : http://support.microsoft.com/kb/324801/en-us

and this to create or move the GC : http://support.microsoft.com/kb/313994/en-us

Syldra
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

shekharshoorCommented:
Hi,

First verify that two DC's are able to replicate to each other.
I case you want to retain current PDC in the setup then using AD intergrated DNS configure secondary DNS on client machines with the ip of the second server.
Tranfer FSMO roles to second server.
In this cas even if PDC is down users will be authenticated.

-SS
awalkintheparkAuthor Commented:
It seems to be simpler, I added DNS to the second server, it has replicated the directory without any nudges. I took the PDC off the network, added the IP of the 2nd to a workstation for DNS, and it logged in with no trouble. Seems that DNS was all that's was needed for that, which was the original question.
I did read this suggested by SylvainDrapeau:
Use this article to transfer the roles your new DC doesn't have : http://support.microsoft.com/kb/324801/en-us
But I'm unclear on if this can be done if PDC fails. Can the second DC which currently allows authentication be promoted to assume these roles if the PDC is gone?
My guess is yes, but I'd prefer to stay one step ahead of the obstacles and know in advance
Thanks
Mike KlineCommented:
If the PDC fails yes the second DC will allow authentication to continue.  The fact that it is a DC means it has already been promoted.

What you would have to do if it failed hard would be to seize the FSMO roles   http://www.petri.co.il/seizing_fsmo_roles.htm

...only do that if the original FSMO roles don't come back up.

One of my personal favorite FSMO role blogs is from Brian Puhl of Microsoft IT (one of the engineers that runs their internal AD)   http://blogs.technet.com/b/bpuhl/archive/2005/12/07/415761.aspx

Thanks

Mike
awalkintheparkAuthor Commented:
thanks to all who commented.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.