Re: Redundant Domain Controllers in 2008
I may be showing my ignorance here, but concerning the FSMO roles in 2003, if the server holding the PDC failed, all sorts of problems occured with authentication, replication and the like until you seized the role with another DC.
But mainly, it was if the DC that a server/client identified in the LOGONSERVER setting in the environment failed, it would cause delays when accessing domain resources, and we would have to run a batch file to force it to use a different DC, or wait for it to timeout and create a new secure channel to a different DC.
And yes, I know very well the precautions that have to be taken when seizing, but I had hoped that manual intervention was unnecessary in 2008. Basically, that you don’t have to seize roles if a DC fails.
Considering that domain controllers form the backbone of active directory, and a necessary part of a fully integrated windows network, I’m just surprised there are not better ways to ensure their availability.