Announcement

Collapse
No announcement yet.

The backup domain controller which doesn't work.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The backup domain controller which doesn't work.

    I have two Domain Controllers in my local subnet. JLRX01 is the big boy and JLGBACKUP01 is the backup. The other night I had to shutdown JLRX01 and found that no one, not even I the sys admin, could log into our machines or any of the other servers.

    Where was JLGBACKUP01 during this time of need?

    I have another three domain controllers in three subnets (remote offices). I assume that they would not help in this predicament either?

    Windows 2003 Server SP1. Thanks.
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: The backup domain controller which doesn't work.

    Is your "backup" a GC server?
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: The backup domain controller which doesn't work.

      Do you have DNS on the backup DC ? Are the clients configured to point to backup as secondary DNS ?
      Is the backup a GC ?

      btw: Members of Administrators group in AD can logon even if a GC is not available.
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Re: The backup domain controller which doesn't work.

        What does "GC" stand for? (Sorry! )
        The backup controller has DNS configured, but I'm not sure if it's done correctly. How do I check this?
        How do I configure clients to point to backup as secondary DNS? If you are talking about the Primary & Secondary DNS settings, I heard that if the primary fails, the client will "stick" with the secondary until it fails, then revert back to the primary- is this true? Anyhow, how do I setup primary & secondary DNS using DHCP?
        |
        +-- JDMils
        |
        +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
        |

        Comment


        • #5
          Re: The backup domain controller which doesn't work.

          Originally posted by JDMils View Post
          What does "GC" stand for? (Sorry! )
          Global Catalog
          The backup controller has DNS configured, but I'm not sure if it's done correctly. How do I check this?
          It needs to be either a Secondary Zone that pointed to JLRX01 as the primary or an AD Integrated zone. To check see these:
          http://technet2.microsoft.com/Window....mspx?mfr=true (this one cracks me up... notice the instruction)
          http://technet2.microsoft.com/Window....mspx?mfr=true

          How do I configure clients to point to backup as secondary DNS? If you are talking about the Primary & Secondary DNS settings, I heard that if the primary fails, the client will "stick" with the secondary until it fails, then revert back to the primary- is this true? Anyhow, how do I setup primary & secondary DNS using DHCP?
          If it's Windows:
          http://technet2.microsoft.com/Window....mspx#scopedns
          http://technet2.microsoft.com/Window....mspx?mfr=true
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: The backup domain controller which doesn't work.

            I can't see how making the backup DC (JLGBACKUP01) a GC server since this is a single domain schema.
            |
            +-- JDMils
            |
            +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
            |

            Comment


            • #7
              Re: The backup domain controller which doesn't work.

              I can't see how making the backup DC (JLGBACKUP01) a GC server since this is a single domain schema.

              Also, when I added one of the servers (I built it from scratch), I used the "Manage Your Server" wizard to configure AD on that machine. I would have thought that the wizard would have automatically setup that server as a backup DC.?
              Last edited by JDMils; 16th January 2007, 06:27.
              |
              +-- JDMils
              |
              +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
              |

              Comment


              • #8
                Re: The backup domain controller which doesn't work.

                Originally posted by JDMils View Post
                I can't see how making the backup DC (JLGBACKUP01) a GC server since this is a single domain schema.

                Also, when I added one of the servers (I built it from scratch), I used the "Manage Your Server" wizard to configure AD on that machine. I would have thought that the wizard would have automatically setup that server as a backup DC.?
                Your backup NEEDS to be a GC for it to be able to service logons.

                User Logon Support
                In addition to its role as a search provider, in a forest that has more than one domain, the global catalog has a role as an identity source during the user logon process. Universal groups can provide access to resources outside of the users domain. User principal names (UPNs) can specify a domain other than the domain of the user. By making universal group membership and UPN domain-user mapping information available on all global catalog servers, the global catalog provides the definitive source for groups that are capable of providing access in more than one domain and names that do not unequivocally identify the domain of the user.
                Taken from here

                http://technet2.microsoft.com/Window....mspx?mfr=true

                Comment


                • #9
                  Re: The backup domain controller which doesn't work.

                  I've checked all my servers, both local and remote, and the only one with the Global Catalog option ticked in Active Directory Sites & Services dialog is my main DC, ie. JLRX01.

                  So if I understand you correctly, all my satellite office workstations are looking for JLRX01 to authenticate eventhough they have their own local backup domain controller?
                  |
                  +-- JDMils
                  |
                  +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
                  |

                  Comment


                  • #10
                    Re: The backup domain controller which doesn't work.

                    Yes but per GuyT, domain administrators can log on regardless.

                    Did you check DNS to see if it's setup properly?
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment

                    Working...
                    X