Windows Active directory - what happens when communication between domain controllers is lost?

Hello,

I could use some advice with regards to Windows 2016 active directory scenario.

I have 3 domain controllers, each holding a copy of the global catalogue.

The domain controllers are spread out globally in 3 locations:

North America,  Asia, and Europe. The all are inter-connected via VPN tunnels, and have no problem replicating / communicating with each other.

North america was the first DC built.

I am trying to account for different scenarios and I am currently trying to test what happens in the event of a failure.

What happens if say Europe VPN tunnels go done and it loses communication to the other 2 DC's? How is it handled if the VPN tunnels are down (DC is still working in Europe) for anywhere from a few minutes to say 24-48 hours? Would there be a serious problem when the VPN tunnels come back up and Europe can communicate with the other 2 servers again?

I need to understand better and hopefully someone can explain what happens and how tombstoning  plays a part in this.

Thanks in advance,

Mark
LVL 1
mbudmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SeanSystem EngineerCommented:
usually nothing happens other than the GC is out of sync. So if someone changes a password in Asia and the tunnel is down the password won't be updated at the other two sites until the tunnel is restored and the DCs can sync their GC.

This is no different than if a DC is offline for a reboot or is unplugged locally and is something they are built the handle. Now that isn't saying that they couldn't get so far out of sync that it requires more work if they are offline for a long time but again, the short time you are talking it's not a problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mbudmanAuthor Commented:
What would you say is the time period that server (Europe)  can be out of communication with other 2 DC having to do intervention to fix when communication is restored?

In the scenario I mentioned above, the Europe DC is still servicing local clients, but is unable to communicate with North America DC as well as Asia DC.
0
SeanSystem EngineerCommented:
the default Tombstone Lifetime period has been changed in Windows Server 2003 SP1 and later to 180 days.

Also might want to know exactly what server holds the FSMO roles as that could be an issue.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

mbudmanAuthor Commented:
All 5 FSMO roles are currently held by the DC in North America
0
SeanSystem EngineerCommented:
then it shouldn't be a problem if Euro is offline for a bit. Once it's online I would just check the replication and verify there are no issues but shouldn't be a problem for awhile.
0
DrDave242Commented:
Shouldn't Sean get credit for this? He answered all of the questions asked.
0
mbudmanAuthor Commented:
Hi Sean,

Thank you for your assistance. Sorry about the confusion regarding who best answered. I thought that I selected you, but apparently I did not.

Thanks again!

Mark
0
mbudmanAuthor Commented:
Sean should get credit as he did assist me with excellent information. My apologies as it appears his name was not selected even though I thought that I selected him for best solution, so I unintentionally clicked the wrong button (by mistake)
0
DrDave242Commented:
No problem! Just wanted to make sure the right person got credit. :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.