Solved

Second AD Domain Controller

Posted on 2011-02-25
9
611 Views
Last Modified: 2012-08-13
I have a server which runs 4 virtual machines on Hyper-V, and is also a DC, DNS, DHCP. I want to obvously have a backup of this. I have two older machines which I premarily use as SQL batch operation machines.

Should I install promote a virtual machine, or one of the old physical machines? what happens when the old physical machine dies? Does that leave rouge crap in AD forever that is always causing errors? I have had this problem before on another network where one of the DCs died, and I could never get rid of some phantom issues where it was looking for the other machine first.

the only reason I could think to use a virtual machine as the secondary DC would be because I can redeploy that from backup image, and bam I have my AD back. the physical old machine I think would be the best route, but if it dies, I dont want to replace right away likely. So what happens when a secondary DC just drops off the face of the earth I guess is the real question?
0
Comment
Question by:markterry
  • 4
  • 3
  • 2
9 Comments
 
LVL 2

Accepted Solution

by:
Mattrw earned 500 total points
ID: 34984429
Virtual DC's can be a bit of a problem.  If the virtual DC has a problem with it's network connectivity it will opt to receive it's time source from the the clock on the hardware it's hosted.  This in turn can cause problems because it may fall out of sync with other DC's while it thinks it has the correct time.  MS recommend you stick with physical DC's where ever possible.  If your physical DC is lost foreever then seize the roles this broken DC held, rebuild  a new  server promote it and name it accordingly it will start to replicate all of the information from the other domain controllers.
0
 
LVL 2

Assisted Solution

by:Mattrw
Mattrw earned 500 total points
ID: 34984469
Further Clarification:  Your DC's should have an NTP time source set such as an atomic clock which can be updated over the internet.  If your virtual dc loses this NTP time source it will opt for the hardware time source in the BIOS.
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 34984485
In an only-two DC environment (which is what minimally what you should have). Opt for one physical.

VM based DCs have been far too prevalent and they are supported by MS.

Regarding the tim sync issue mentioned above, see my blog post http://www.shariqsheikh.com/blog/index.php/200912/time-synchronization-for-virtualized-dcs/
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 6

Author Closing Comment

by:markterry
ID: 34984487
Thank you! that is very informative and exactly what I was hoping/expecting to hear.
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 34984510
Only the PDCe (the FSMO role) should be setup as NTP (with an external source), the other DC(s) should be setup with NT5DS i.e setup to sync its time with the PDCe (by default).

http://support.microsoft.com/kb/816042
0
 
LVL 6

Author Comment

by:markterry
ID: 34984567
I guess I accepted the answer to the question a bit too early. Now I am a bit torn. So should I go virtual then?

I still think I will go for physical over virtual as if the host goes down, so do the virtuals, and I have to wait to be able to restore for AD to be online.

I will take heed the time issues, that is very informative, Thank you!
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 34984600
0
 
LVL 6

Author Comment

by:markterry
ID: 34985096
Restore from a backup image (windows backup image) just as bad as well?
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 34985445
True as it is an image, take a look at the links regarding the USN issue with doing so.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question