Announcement

Collapse
No announcement yet.

Domain controller resiliency

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain controller resiliency

    I have two domain controllers. One of them holds all the operations masters. If that box suffers a power supply failure Friday night, will my users still be able to log on when they come in Monday morning?

  • #2
    Re: Domain controller resiliency

    Yes, as long as replication is working.

    Comment


    • #3
      Re: Domain controller resiliency

      OK, assuming replication was working fine before the domain controller went down.... Does putting terminal servers into the mix change anything? (on a separate license server of course)

      How long could the environment reasonably go in this reduced DC capacity?

      Comment


      • #4
        Re: Domain controller resiliency

        For most FSMO roles you can run awhile with some reduced functionality. I think the role you'll miss the quickest is the PDC emulator as that processes password changes and such. This link gives a good overview of the implications in losing the FSMO's.

        http://www.petri.com/planning_fsmo_roles_in_ad.htm

        Comment


        • #5
          Re: Domain controller resiliency

          Well a period of passwords not being able to be changed is probably fine... but I'm concerned about that PDC emulator role being crucial if a user mistypes their password. The whole idea of highly-available servers kind of defeats the purpose of having multiple domain controllers.

          Leave it to Microsoft to claim the Primary Domain Controller concept is dead and convince everyone of this multi-master crap - only to find out they've change the name of the PDC concept to something else, then carry on the necessity of creating a panic if the head-end box goes belly up! I'm not liking this one bit in case anyone couldn't tell.

          Comment


          • #6
            Re: Domain controller resiliency

            You can seize the fsmos in minutes if required.

            Make sure both DCs are GCs.

            The idea is that you will have long enough to fix the FSMO holder or transfer the FSMOs, not that your domain will work without them in the long term.
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Domain controller resiliency

              And of course ensure that any other services on these servers are available elsewhere. I would assume you have DNS on your DCs. What about DHCP?
              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment


              • #8
                Re: Domain controller resiliency

                Seizing the FSMO role requires Administrative intervention so it's not going to help the 3rd shifters where IT isn't staffed 24/7.

                DHCP services have been deployed at remote offices, each on their own subnet.

                Comment


                • #9
                  Re: Domain controller resiliency

                  Originally posted by chip743 View Post
                  Seizing the FSMO role requires Administrative intervention so it's not going to help the 3rd shifters where IT isn't staffed 24/7.
                  No its not, but as already stated, things will NOT come to a halt that quickly.

                  Can I suggest you try it -- power down the FSMO holder for whatever the worst period it could be down is, and note any issues your users encounter. In this environment you can power it up immediately if problems arise.

                  You may manually want to check lockouts etc.

                  I have managed a distributed single domain network and had sites offline for extended periods (up to a week) without any user reports of issues (apart from obvious ones such as not accessing files in other sites)
                  Last edited by Ossian; 8th March 2011, 16:37.
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment

                  Working...
                  X