[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Backup Domain Controller

Posted on 2011-04-30
Medium Priority
Last Modified: 2012-06-27
We have a PDC running Server 2008 and backup DC running Server 2003. Last week the PDC had a hard drive failure and was down. After about 1 day the users could not get authenticated and DNS information was not available to clients so Shares and mapped drives started to disappear. Of course without DHCP new clients such as mobile laptops couldnt even get IP addresses.  Should the backup DC taken over automatically or did it need to be promoted, what about DHCP? Both servers are back up and running now. I want to make sure if this happens again we can continue to work until the PDC is repaired.
Question by:Vincent Costanza
  • 2
  • 2
LVL 20

Accepted Solution

Svet Paperov earned 1336 total points
ID: 35498469
In AD DS there is no separation between the domain controllers on PDC and BDC. All DC are equals. There are, however, so called FSMO roles holders – in small networks, all FSMO roles could be on one DC, but generally, this is not the case. If a FSMO holder goes off, the role automatically is transferred to another DC and if this doesn’t happen you can seize them from the another DC. Here is a little bit more information on FSMO: http://www.petri.co.il/determining_fsmo_role_holders.htm

Also in the practice of small networks, all DC are DNS servers and all DNS zones are domain integrated. That helps, if one of the DC goes offline – the DNS is supported by the other, but again, both DNS servers are equal. So, the TCP/IP configuration of the clients must include both DNS, no matter which one is Primary DNS or and which Secondary. With integrated DNS zones the information is replicated as part of the DC replication.

This, however, do not include DHCP. DHCP server is independent from the AD DS and you need to take measures that another DHCP server is available if the primary is down.

I don’t know what went wrong in your case – may be it was the missing DHCP server or missconfigured DNS servers.
LVL 70

Assisted Solution

KCTS earned 664 total points
ID: 35498689
Add another DC by running DCPROMO or usiing the roles wizard, on a new Server
Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS or again you can use the roles wizard.  
If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

All the clients (and the domain controllers themselves) need to have their Preferred DNS server set to point to one DC/DNS server and the alternate DNS Server set to another (All DNS server should use themselves as the preferred DNS server. On machines with static IPs to this in the TCP/IP settings. for DHCP clients mke sure that you add the additional DNS server to the DHCP options.

You can also add DHCP to the new machine - the simplest way would be to create a new - non-overlapping scope eg. If you nare using a scope of say to then reduce this scope to - on the exiting DHCP server. On the new DHCP server set a scope of -

Author Comment

by:Vincent Costanza
ID: 35501393

If DHCP has non overlapping Scopes can they share the same Reservatons? for certain clients that are virtual servers? Or do I have to change those to static?
How do I make sure that DHCP is giving the address of both servers for DNS?
LVL 20

Assisted Solution

by:Svet Paperov
Svet Paperov earned 1336 total points
ID: 35501417
Technically yes, practically no because you will never know which DHCP is the provider of the address.

Moreover, for the server static addresses are much better. DNS servers, as well as AD DC servers MUST have static addresses. Normally in small to mid-size networks DC and DNS are on the same server.

Author Comment

by:Vincent Costanza
ID: 35501484

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question