Link to home
Create AccountLog in
Avatar of awalkinthepark
awalkinthepark

asked on

Active Directory - Domain controllers

On our network the PDC is a older machine that  I don't entirely trust anymore.
( the lights one drive in the raid are out, but seemingly running anyway, one power supply is red lighting as well. And I don't think it's worth putting more $ into it)
There is another machine that has active directory installed, and it is apparently also a domain controller. However, as a test, I powered down the primary to see if the other one would  function as the domain controller and authenticate users logging in. It did not. In fact, I could not log onto it via terminal services as it reported that the domain controller could not be found.
I want it to know how to configure these machines so that if (when)  the primary one fails, the other one will step up and function as the PDC without any interruption for our users.
Thanks
ASKER CERTIFIED SOLUTION
Avatar of KenMcF
KenMcF
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Hello !

Beside DNS and GC, you have to transfer FSMO roles over to the "new" DC.

Use this article to transfer the roles your new DC doesn't have : http://support.microsoft.com/kb/324801/en-us

and this to create or move the GC : http://support.microsoft.com/kb/313994/en-us

Syldra
Hi,

First verify that two DC's are able to replicate to each other.
I case you want to retain current PDC in the setup then using AD intergrated DNS configure secondary DNS on client machines with the ip of the second server.
Tranfer FSMO roles to second server.
In this cas even if PDC is down users will be authenticated.

-SS
Avatar of awalkinthepark
awalkinthepark

ASKER

It seems to be simpler, I added DNS to the second server, it has replicated the directory without any nudges. I took the PDC off the network, added the IP of the 2nd to a workstation for DNS, and it logged in with no trouble. Seems that DNS was all that's was needed for that, which was the original question.
I did read this suggested by SylvainDrapeau:
Use this article to transfer the roles your new DC doesn't have : http://support.microsoft.com/kb/324801/en-us
But I'm unclear on if this can be done if PDC fails. Can the second DC which currently allows authentication be promoted to assume these roles if the PDC is gone?
My guess is yes, but I'd prefer to stay one step ahead of the obstacles and know in advance
Thanks
If the PDC fails yes the second DC will allow authentication to continue.  The fact that it is a DC means it has already been promoted.

What you would have to do if it failed hard would be to seize the FSMO roles   http://www.petri.co.il/seizing_fsmo_roles.htm

...only do that if the original FSMO roles don't come back up.

One of my personal favorite FSMO role blogs is from Brian Puhl of Microsoft IT (one of the engineers that runs their internal AD)   http://blogs.technet.com/b/bpuhl/archive/2005/12/07/415761.aspx

Thanks

Mike
thanks to all who commented.