Announcement

Collapse
No announcement yet.

Addional DC questions...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Addional DC questions...

    hi guys

    I already deployed an additional DC for redundancy you know when the main is down.
    I've read that doing that is not the only when the main server is completely down I need to set the second as Global Catalog and also seize FSMOs roles.

    my questions are when I have to do that?
    I mean I have to set the second server as GC when main one is down or as soon as I deployed the second one I have to enable it.

    second when the main server is up again should I have to transfer the FSMOs roles to the main one?

    BTW is W2003

    thanks a lot
    Last edited by kopper; 1st September 2009, 20:39.

  • #2
    Re: Addional DC questions...

    Yes, make sure the 2nd DC is a GC and also has DNS. If the DC with FSMO roles (or role) ever failed and it needs to be seized, the DC that failed should never be brought back on the domain. Once repaired, it should be reinstalled. Before joining it back to the domain, you would need to remove its METADATA using NTDSUTIL, any entries for it in DNS and in AD Sites and Services. Once joined to the domain as a DC, ensure it is a GC and had DNS and transfer FSMO roles back to it, should you want to.

    Comment


    • #3
      Re: Addional DC questions...

      Originally posted by Virtual View Post
      Yes, make sure the 2nd DC is a GC and also has DNS. If the DC with FSMO roles (or role) ever failed and it needs to be seized, the DC that failed should never be brought back on the domain. Once repaired, it should be reinstalled. Before joining it back to the domain, you would need to remove its METADATA using NTDSUTIL, any entries for it in DNS and in AD Sites and Services. Once joined to the domain as a DC, ensure it is a GC and had DNS and transfer FSMO roles back to it, should you want to.
      cool great information

      just let me ask you something else about the DNS how should I setup the DNS on the other server? any specific zone type? or? sorry is that a stupid question


      thanks

      Comment


      • #4
        Re: Addional DC questions...

        Make your DNS AD integrated. Install DNS on the second DC if it's not already. When DNS is AD integrated both DNS servers are authorative for the domain in the sense that there's no primary and secondary DNS, they're both equals, no zone transfers, you can make zone changes on either DNS server, etc., etc. I find it much easier to manage.

        Comment


        • #5
          Re: Addional DC questions...

          Thumb Rule: Either all DC's need to have a GC or only one DC should be the GC. There are issues if both the GC and Infrastructure master role holding DC's are the same when there are multiple DC's in the same domain.
          AD Admin

          Comment


          • #6
            Re: Addional DC questions...

            Originally posted by ms-ad-expert View Post
            Thumb Rule: Either all DC's need to have a GC or only one DC should be the GC. There are issues if both the GC and Infrastructure master role holding DC's are the same when there are multiple DC's in the same domain.

            sorry I new to this stuff

            so having my 2 servers - Main one and Additional server(backup) - as GCs is not a good practice?

            Comment


            • #7
              Re: Addional DC questions...

              Originally posted by ms-ad-expert View Post
              There are issues if both the GC and Infrastructure master role holding DC's are the same when there are multiple DC's in the same domain.
              This is only applicable in a Multi-domain environment within the forest.
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Addional DC questions...

                got it thanks a lot

                how do I assign points here in order to say thanks?

                Comment


                • #9
                  Re: Addional DC questions...

                  Just click on the yin-yang (black & white circle) icon at the top right of a particular post
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: Addional DC questions...

                    Originally posted by ms-ad-expert View Post
                    Thumb Rule: Either all DC's need to have a GC or only one DC should be the GC. There are issues if both the GC and Infrastructure master role holding DC's are the same when there are multiple DC's in the same domain.
                    Ahmmm... sorry, I do not agree.

                    Yes, in a one-domain situation - all DCs should be GCs.

                    Yes, when not all DCs are GCs, the Infra master should be moved to a nono-GC DC.

                    Now, if not all DCs are also GCs, why say that only one DC ***MUST*** be GC? What about a multi-site situation? What about a site with 10 Exchange servers? Making what you wrote seem like a "rule" is not advised, and not from someone with a nickname like yours.

                    Just my $0.02.
                    Cheers,

                    Daniel Petri
                    Microsoft Most Valuable Professional - Active Directory Directory Services
                    MCSA/E, MCTS, MCITP, MCT

                    Comment


                    • #11
                      Re: Addional DC questions...

                      I never wish to get into an argument as its waste of time. But a little extract from the following Microsoft link has been pasted below for reference:
                      http://support.microsoft.com/kb/223346

                      "As a general rule, the infrastructure master should be located on a nonglobal catalog server that has a direct connection object to some global catalog in the forest, preferably in the same Active Directory site. Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold. Two exceptions to the "do not place the infrastructure master on a global catalog server" rule are:
                      Single domain forest:

                      In a forest that contains a single Active Directory domain, there are no phantoms, and so the infrastructure master has no work to do. The infrastructure master may be placed on any domain controller in the domain, regardless of whether that domain controller hosts the global catalog or not.
                      Multidomain forest where every domain controller in a domain holds the global catalog:

                      If every domain controller in a domain that is part of a multidomain forest also hosts the global catalog, there are no phantoms or work for the infrastructure master to do. The infrastructure master may be put on any domain controller in that domain."

                      Why wait till someone enters a multi domain environment, experience a problem and then call us at Microsoft to spend a few hundred dollars along with precious hours and the fear of loosing job for something that was as simple as following my thumb rule? I dont think anyone would ever be harmed with my thumb rule except that he would always be benefited due to it. Could some one tell me one issue that could be an outcome of following my thumb rule? Brothers, Cool it. I am what my nick name is
                      AD Admin

                      Comment


                      • #12
                        Re: Addional DC questions...

                        Yes, making the Infrastructure master a GC may not always be recommended. I think Daniel was drawing attention more to the point you made, stating that only one DC should be a GC. Can you perhaps give any literature supporting that remark?

                        I would be inclined to agree with Daniel - why would you make a point of not making other DCs (other than the Infrastructure master) a GC?
                        Gareth Howells

                        BSc (Hons), MBCS, MCP, MCDST, ICCE

                        Any advice is given in good faith and without warranty.

                        Please give reputation points if somebody has helped you.

                        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                        Comment


                        • #13
                          Re: Addional DC questions...

                          As also mentioned by Daniel, a consideration to separate physical sites needs to be made. A GC may not necessarily be required at a certain site. There are of course pros and cons with regards to whether a GC should be there or not anyway.

                          This is worth reviewing regarding GC placement.

                          http://technet.microsoft.com/en-us/l...69(WS.10).aspx

                          Comment


                          • #14
                            Re: Addional DC questions...

                            I agree there is no Rule of Thumb..


                            Especially when using sites, there is link costing to consider, yo don't want all sites updating from 1 main site, distance also plays a factor...

                            the main purpose of the Infrastructure master is detect out of date data (if you like) with GC and Non GC's, and making all Server GC's is not always best case (rule of thumb) there are so many factors to consider and the bigger your AD is and more sites you have the more you have to consider, playing with costing is one way to combat replication.

                            Some sites will need 1 or maybe more GC's to handle the load if there are multiple exchange servers etc.

                            the fact is my remote office with a 512Mbps DSL line has 4 users with 1 DC why would i want unnecessary replication from GC's?

                            in a 1 site small business 1 exchange server with 50 users, yeah make all dc's GC's why not...

                            Originally posted by ms-ad-expert View Post
                            Thumb Rule: Either all DC's need to have a GC or only one DC should be the GC. There are issues if both the GC and Infrastructure master role holding DC's are the same when there are multiple DC's in the same domain.
                            There is only an issue with this case if all DC's are not GC's and you have the Infrastructure master on a GC, reason being when the Infrastructure Master tries check for topology/replication/ or user/group information it will always be up to date as its checking its self and because its a GC it has a Full uptodate copy of AD, there for any miss information problems with replication cannot be detected on non GC's.
                            Last edited by ikon; 4th September 2009, 15:38.
                            MCSE 2003; MCTS Vista; Sec+; CCNA
                            Attitude Makes The Difference!
                            in other words you got to WANT to do it..

                            Comment


                            • #15
                              Re: Addional DC questions...

                              Originally posted by ms-ad-expert View Post
                              I never wish to get into an argument as its waste of time.
                              This is not an argument. You said something that is not 100% correct, and I pointed it out. Notice that I did agree to the first parts of your answer. Saying that if not all DCs are GCs, then you just need ONE GC is not 100% correct. Don't you agree?
                              Cheers,

                              Daniel Petri
                              Microsoft Most Valuable Professional - Active Directory Directory Services
                              MCSA/E, MCTS, MCITP, MCT

                              Comment

                              Working...
                              X