• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

Active directory 2008

hi there expert

i'm doing a lab with two DC
DC1 hold 2 forest roles
DC2 hold 3 Domain roles
i'm lookin to do a fault tolerance with active directory
suppose that the first dc is down do i resize the two forest roles in dc2 and then install the new dc1 and replicate and transfert the 2 forest roles to the first or i have to backup the first dc1 with 5 roles or with 2 roles.
what do you advise me
thank you.
0
joensw
Asked:
joensw
  • 6
  • 5
  • 4
2 Solutions
 
Chris DentPowerShell DeveloperCommented:
You can put the roles wherever you please, subject a short list of limitations. This can be done regardless of backup state.

The only catch is that if you seize a role, the old role-holder must not come back online (fix / restore), only rebuild is permissible.

Chris
0
 
Glen KnightCommented:
>>>i'm lookin to do a fault tolerance with active directory

Just have another Domain controller and DNS server.

In a single domain scenario, I would personally put all te FSMO roles on the same server, at least then if it dies irricoverably (?) then you know you need to seize all of the roles.
0
 
Chris DentPowerShell DeveloperCommented:
I agree with Demazter, no point in separating them really.

Fault Tolerance for these roles is a bit of difficult thing since they're single-master. But, your domain will continue operating quite happily if they are unavailable for a relatively short time. Depending on how busy your domain is, that can range from a few hours to a few weeks.

Chris
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
joenswAuthor Commented:
hi
my question is what do you advise me for a fault tolerance with two dc can i let the 5 roles in the first dc
and then wthen his down i can resieze the 5 roles in the second
0
 
Chris DentPowerShell DeveloperCommented:
If it fails completely.

If it's down for a few minutes (rebooting, whatever) you should *not* do anything with the roles.

Chris
0
 
Glen KnightCommented:
I think both myself and Chris confirm that is the correct method.
0
 
Glen KnightCommented:
agreed, only if the server is not recoverable should you seize the roles.
0
 
joenswAuthor Commented:
hi
yes i reseize the roles into the second and then i build the first dc and i replicated with the second and  i transfer the 5 roles in the first dc
0
 
Chris DentPowerShell DeveloperCommented:
You could just leave them with the second DC, but that sounds fine.

Chris
0
 
Glen KnightCommented:
>>and  i transfer the 5 roles in the first dc

You don't actually need to do this, they can stay on the second server
0
 
Chris DentPowerShell DeveloperCommented:
Do remember to make your new DC a Global Catalog as well if you didn't select that option during DCPromo.

Otherwise you should refer to the FSMO placement rules here:

http://support.microsoft.com/kb/223346

With the caveat that if all DCs are GCs it won't matter much. And if you have a single-domain forest you can ignore things like the Infrastructure and Domain Naming Masters.

Chris
0
 
joenswAuthor Commented:
ok
and supose that the second dc fail
can we do the same thing for the dc1

0
 
Chris DentPowerShell DeveloperCommented:

Yes, absolutely. You need the roles to be available in the longer term, but, as with DC1, you should only Seize in the event of complete failure.

Chris
0
 
joenswAuthor Commented:
can we resize the 5 roles in dc1 and then rebuild it and  replicate it from dc2
0
 
joenswAuthor Commented:
thanks experts for help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 6
  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now