General discussion

Locked

DCs in domain

By Whatme? ·
I have a single domain spread across 5 sites. No childs. All have GC, AD,DHCP,DNS. Our sites are very remote and it could take days or even weeks before a tech could get there to replace a DC. Is it a good idea to install a second DC at those sites in case of hardware error? or would the second DC conflict w/ the first one.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

DCs in domain

by timwalsh In reply to DCs in domain

It depends (my favorite answer)! It really depends on the configuration of the DCs at each site. Just to verify, you have a single-forest, single-domain AD organization. Is each remote site only a physical site or is it configured as an AD site also?

There are really two sides (sort of) to this: AD and DHCP/DNS.

From the AD side, if the local DC dies, clients will search for another DC that is also a GC to authenticate with.

DHCP/DNS possibly presents different problems.

In your DHCP configuration, under Scope Options (or possibly Server Options), do you have DNS servers other than just the local one listed? Or do your clients only point to the local DNS server, and the local DNS server has a forwarder configured? If your clients don't know about any other DNS server than the local one, if that DNS server dies, local clients lose all connectivity to the outside world. DHCP may present different problems depending on the length of your leases. If the DHCP server dies and is not fixed before clients need to renew their leases, they will lose all DNS info supplied by DHCP or (in the case of XP clients), revert to automatically assigned private IP addresses. In either case, clients will lose connectivity to the outside world and possible stop communicating with each other.

You have a couple of options here:
(continued)

Collapse -

DCs in domain

by timwalsh In reply to DCs in domain

1. Assign static IP addresses to all clients (stop using DHCP) and make sure each client has at least one other DNS server in the organization to point to. You obviously lose the benefits of DHCP, but do away with the need of another DC/server at each site.

2. In your DHCP configuration, add at least one other DNS server. Change the lease length to be at LEAST as long as it will take for a tech to visit the site and fix the problem. DHCP clients will hold the DNS information passed to them until the lease expires. As long as the DHCP server is fixed before then, the clients should be able to continue to communicate.

NOTE: 1 and 2 are assuming that the increased log-in times associated with finding another GC are acceptable!3. Create a second server at each site, and at a minimum install DHCP and DNS. DNS could be installed as a standard secondary pointing to one of the other DNS servers in your organization. To install a secondary DHCP server, you will need to split your scope, with each of your DHCP servers at a single site offering half the available IP addresses. If you do this, the scope on each DHCP server will need to be large enough to service all clients. If you go this route, you might as well make this server a DC also and get the additional benefits. There is no limit to the number of DCs that can be installed in a domain. Multiple DCs at a single site (physical only or physical/AD) will not conflict with one another. The only down side isthat as the number of GCs increases, the amount of network traffic associated with replication can also increase dramatically.

Hope this helps.

Collapse -

DCs in domain

by Whatme? In reply to DCs in domain

That sounds good. Yes I already point to another DNS server in my dhcp. ststic ips are no good however but extending the life sounds good

Thanks
merv

Collapse -

DCs in domain

by Whatme? In reply to DCs in domain

This question was closed by the author

Back to Windows Forum
4 total posts (Page 1 of 1)  

Related Forums