Announcement

Collapse
No announcement yet.

Scenario for separate users working under the same forest.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Scenario for separate users working under the same forest.

    Hi everyone.
    I manage a local network at work in which i built a forest for my Active Directory. I work on Vsphere and the Windows Server 2012/R2 is obviously build on a VM. Every week i shut down the VM and follow some maintenance procedures. Now i have a task that is kind of tricky since i am not honestly that experienced in this topic. I have to manage some new users, working on the same network but in a department that needs to stay online 24/7. My thought is to make a second VM on my server and create a domain under my forest to add only these users. That way i will be able to shut down only the "primary" VM that holds the forest, for maintenance, and leave the other VM working uninterrupted. I am pretty sure there are some alternative scenarios and i am happy to hear them.
    Any help appreciated.
    Thanks

  • #2
    Where ever possible always have a second domain controller.

    Comment


    • #3
      Thanks for the reply.
      I do have a second DC but i set it up for DFS replication as a secondary DC. Should i add a third one? Could then be replicated on the secondary as well?

      Comment


      • #4
        You need to describe your network topology. From your initial question you say just have one server, and now you say you have two DC's. For example, is DFS on both the DC's or is it on one DC and a member server? How many servers do you have and what roles/features do they host? You may already have redundancy built into your present network setup.
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          You setup DFS replication to replicate a DC that will automatically replicate??

          Yeah now i'm lost i'm afraid.

          Comment


          • #6
            Yes, totally lost. Could you please try to describe exactly what you have and what you're trying to achieve? Try not to mix concepts (a DC is a DC, a DFS replica is a DFS replica).
            Cheers,

            Daniel Petri
            Microsoft Most Valuable Professional - Active Directory Directory Services
            MCSA/E, MCTS, MCITP, MCT

            Comment


            • #7
              Thanks for the reply. Apologize if i am unclear. I have two physical servers both working with VSphere. In the first server i installed a VM containing the primary DC. In the second server i installed a VM containing the second DC. The first DC works as the primary DC and the second, as the secondary DC which is mirrored to the first one, in case the primary goes down, the secondary takes the lead. What i am asking is if i could create another VM (another DC) on my primary physical server to host a subdomain for a specific department that wishes to work 24/7. Also if i could mirror this subdomain DC to the second physical server to another VM (another DC) in case the primary DC for the subdomain goes down. And my final question is whether the 24/7 DCs will continue to work when the first DCs are shut off, so a subdomain could function independently in case i want to power off the domain DCs for maintenance.
              I haven't been able to study for a Microsoft diploma since this work came too sudden so i study by myself, so excuse me if my questions are too naive.
              Thanks again.

              Comment


              • #8
                The Active Directory hosts the domain. That's it. If you create sub-domains, they are created within the domain. The DC's host Active Directory. They replicate changes, additions, deletions between each other quite rapidly so each DC's copy of the directory is effectively the same. Powering down one DC will not affect access to or modification to the Active Directory objects as they will be available on the second DC.

                The only thing that might be affected is if you have particular roles or features only on one DC they will not be available while that server is offline.

                When you say mirrored, do you mean replication? There is a redundancy product available that 'mirrors' servers. It works by replicating changes made on one server to a second server, but only one server is ever visible on the network.
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment


                • #9
                  Thanks for the reply. Pretty clear response.. The most accurate description is replicate because when i was promoting the secondary DC i selected replicate from primary DC (in case of fault situation). Nevertheless thanks again for the info. I think this scenario is appropriate for my situation and i will apply to my network.

                  Comment


                  • #10
                    The key is always to test, test, test

                    After making your changes switch off one of the DC's outside office hours and test log ons, network and Internet access etc. If there are problems they will be logged and you can then power the DC back up and fix the issues at your leisure.
                    A recent poll suggests that 6 out of 7 dwarfs are not happy

                    Comment


                    • #11
                      Is the DC on the second Server also a Global Catalog (GC)? Just wondering if your concern is that when you take the first Server offline that your users are also unable to logon.
                      1 1 was a racehorse.
                      2 2 was 1 2.
                      1 1 1 1 race 1 day,
                      2 2 1 1 2

                      Comment


                      • #12
                        Originally posted by antros48 View Post
                        as the secondary DC which is mirrored to the first one, in case the primary goes down, the secondary takes the lead.
                        I have a slight issue with this. What do you mean by "mirrored"? a DC is not "mirrored", it's a totally separate machine (VM or physical, it doesn't matter), and the internals of the fact that it is a DC in an existing domain means that the AD data is replicated to it from the original DC. Once that is done, they are kept in a multi-master replication model, meaning whatever you add or change on one DC is replicated to the other(s).

                        Cheers,

                        Daniel Petri
                        Microsoft Most Valuable Professional - Active Directory Directory Services
                        MCSA/E, MCTS, MCITP, MCT

                        Comment

                        Working...
                        X