Active directory 2008

hi there expert

i'm doing a lab with two DC
DC1 hold 2 forest roles
DC2 hold 3 Domain roles
i'm lookin to do a fault tolerance with active directory
suppose that the first dc is down do i resize the two forest roles in dc2 and then install the new dc1 and replicate and transfert the 2 forest roles to the first or i have to backup the first dc1 with 5 roles or with 2 roles.
what do you advise me
thank you.
LVL 7
joenswAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:
You can put the roles wherever you please, subject a short list of limitations. This can be done regardless of backup state.

The only catch is that if you seize a role, the old role-holder must not come back online (fix / restore), only rebuild is permissible.

Chris
0
Glen KnightCommented:
>>>i'm lookin to do a fault tolerance with active directory

Just have another Domain controller and DNS server.

In a single domain scenario, I would personally put all te FSMO roles on the same server, at least then if it dies irricoverably (?) then you know you need to seize all of the roles.
0
Chris DentPowerShell DeveloperCommented:
I agree with Demazter, no point in separating them really.

Fault Tolerance for these roles is a bit of difficult thing since they're single-master. But, your domain will continue operating quite happily if they are unavailable for a relatively short time. Depending on how busy your domain is, that can range from a few hours to a few weeks.

Chris
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

joenswAuthor Commented:
hi
my question is what do you advise me for a fault tolerance with two dc can i let the 5 roles in the first dc
and then wthen his down i can resieze the 5 roles in the second
0
Chris DentPowerShell DeveloperCommented:
If it fails completely.

If it's down for a few minutes (rebooting, whatever) you should *not* do anything with the roles.

Chris
0
Glen KnightCommented:
I think both myself and Chris confirm that is the correct method.
0
Glen KnightCommented:
agreed, only if the server is not recoverable should you seize the roles.
0
joenswAuthor Commented:
hi
yes i reseize the roles into the second and then i build the first dc and i replicated with the second and  i transfer the 5 roles in the first dc
0
Chris DentPowerShell DeveloperCommented:
You could just leave them with the second DC, but that sounds fine.

Chris
0
Glen KnightCommented:
>>and  i transfer the 5 roles in the first dc

You don't actually need to do this, they can stay on the second server
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chris DentPowerShell DeveloperCommented:
Do remember to make your new DC a Global Catalog as well if you didn't select that option during DCPromo.

Otherwise you should refer to the FSMO placement rules here:

http://support.microsoft.com/kb/223346

With the caveat that if all DCs are GCs it won't matter much. And if you have a single-domain forest you can ignore things like the Infrastructure and Domain Naming Masters.

Chris
0
joenswAuthor Commented:
ok
and supose that the second dc fail
can we do the same thing for the dc1

0
Chris DentPowerShell DeveloperCommented:

Yes, absolutely. You need the roles to be available in the longer term, but, as with DC1, you should only Seize in the event of complete failure.

Chris
0
joenswAuthor Commented:
can we resize the 5 roles in dc1 and then rebuild it and  replicate it from dc2
0
joenswAuthor Commented:
thanks experts for help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.