Questions

Additional Domain Controller failover

Tags:
+
0 Votes
Locked

Additional Domain Controller failover

shibug
Hi
we have a dc running windows 2003 sp1 and another additional dc running on same platform.

In the event of failure of the first dc will the additional dc take over. If not how can we do it.

Thx
Shibu
  • +
    0 Votes
    animatech

    If you configured the 2 in a cluster then the answer is YES the 2nd one will take over.
    If not please refer to your doco fur clustering.

    +
    0 Votes

    you dont need to cluster you can simply have the second domain controller on another subnet. setup site linking and enable replication between the domain controllers that way DNS, AD, DFS (if you are running them) will all be replicated.

    if your domain controller is running DHCP you will also have to setup a scope on the second DC.

    because you have them on two different subnets your can have both DC's running DHCP without any conflicts.

    just rember that you will need to make sure that your clients recieve both DNS server addresses so in the event that one fails the clients will not only be able to get a DHCP lease but they will also be able to resolve hosts.

    one other thing if you do use this kind of setup make sure you move the global catalog from the primary domain controller to the secondary, otherwise replication will fail and you will have a lot of problems.

    +
    0 Votes
    asankacgl

    Hi I am really not good at all with this windows, I?ve used this (Additional Domain Controller for an existing domain controller option). This new AD is in a deferent subnet but when the primary (which I used to replicate) goes down orif the connection goes down to the primary site, the users are unable to authenticate against this new AD.
    Appreciate any help I have been struggling over this for weeks without any luck
    Thanks& best Regards

    +
    0 Votes
    Churdoo

    nevertheless, relative to your post, 2 things are required in order for clients to authenticate to your second DC:
    1) needs to also hold Global Catalog. Make sure that your second DC is a GC holder.
    2) nodes need to be able to find the DC, i.e. name resolution. For nodes of your primary site, of course your first DC is their first DNS resolver, is your second DC defined as the nodes' second DNS resolver? Is the reverse true for nodes at your remote site? Broadcast traffic (i.e. name resolution traffic) typically does not cross networks so in the event of a failure, the nodes need to know the IP of the working active-directory DNS resolver.

  • +
    0 Votes
    animatech

    If you configured the 2 in a cluster then the answer is YES the 2nd one will take over.
    If not please refer to your doco fur clustering.

    +
    0 Votes

    you dont need to cluster you can simply have the second domain controller on another subnet. setup site linking and enable replication between the domain controllers that way DNS, AD, DFS (if you are running them) will all be replicated.

    if your domain controller is running DHCP you will also have to setup a scope on the second DC.

    because you have them on two different subnets your can have both DC's running DHCP without any conflicts.

    just rember that you will need to make sure that your clients recieve both DNS server addresses so in the event that one fails the clients will not only be able to get a DHCP lease but they will also be able to resolve hosts.

    one other thing if you do use this kind of setup make sure you move the global catalog from the primary domain controller to the secondary, otherwise replication will fail and you will have a lot of problems.

    +
    0 Votes
    asankacgl

    Hi I am really not good at all with this windows, I?ve used this (Additional Domain Controller for an existing domain controller option). This new AD is in a deferent subnet but when the primary (which I used to replicate) goes down orif the connection goes down to the primary site, the users are unable to authenticate against this new AD.
    Appreciate any help I have been struggling over this for weeks without any luck
    Thanks& best Regards

    +
    0 Votes
    Churdoo

    nevertheless, relative to your post, 2 things are required in order for clients to authenticate to your second DC:
    1) needs to also hold Global Catalog. Make sure that your second DC is a GC holder.
    2) nodes need to be able to find the DC, i.e. name resolution. For nodes of your primary site, of course your first DC is their first DNS resolver, is your second DC defined as the nodes' second DNS resolver? Is the reverse true for nodes at your remote site? Broadcast traffic (i.e. name resolution traffic) typically does not cross networks so in the event of a failure, the nodes need to know the IP of the working active-directory DNS resolver.