AD Fault Tolerance

[me]

What would be your suggestion to have a fault tolerant Active
Directory?

1) A second DC located in another building
2) System State Backups and Recovery Disks updated daily
3) ?

Does a system state backup on the FSMO holder, collect the entire AD
database if the only two DC's die?


What if Active Directory gets corrupt and replicates to the only other
DC, how would you recover?


I know it doesent happen much but, if asked, how would you do it?

RSC
http://www.schmooseme.com

 

[Harj]

Hi,

My recommendation for fault tolerance with the suggestion that you have
provided.....
Bring up a second DC AND keep backups of both Domain controllers on a
regular basis.
Think of your clients....if you have only one DC and it goes down, no
matter how good of a back up you have your clients will still be
affected.


Harj Singh
Power Your Active Directory Investment
www.specopssoft.com

 

[Paul Bergson]

You should always have at least two dc's within each domain of your forest.
You should back up at least one of the dc's and by preference if all fsmo
roles reside on one of the dc's then I would suggest backing the system
state up on that dc, there is no need to backup every dc in your domain
unless it is being used for more than just dc services.

Each dc has a copy of AD, if the fsmo role holder dies and you don;t have a
backup of it you can still recover via fsmo role seizure.

AD always replicates and there are tools to help with data issues, but I
wouldn't worry about this.

--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Public News]

snip <

My recommendation for fault tolerance with the suggestion that you have
provided.....
Bring up a second DC AND keep backups of both Domain controllers on a
regular basis.

What you are describing is *not* fault-tolerance. Additional DCs provide
redundancy and *may* increase "availability, but that doesn't address how to
make AD fault-tolerant (FT). To make AD FT, you must make the DCs FT - and
to do that, you must invest in equipment that is FT - i.e., RAID, Redundant
Power Supplies, FT chassis, Managed UPS, etc.

Think of your clients....if you have only one DC and it goes down, no
matter how good of a back up you have your clients will still be
affected.

If you design the DC(s) to be FT, you lower the risk of a service outage.
Although I *always* recommend at least two DCs in any domain, I would always
prefer having one VERY FT server to having two not-FT servers.

-ds

 

[Public News]

<inline>

You should always have at least two dc's within each domain of your
forest.

This increases (potentially) "availability", but doesn't address "fault
tolerance".

You should back up at least one of the dc's and by preference if all fsmo
roles reside on one of the dc's then I would suggest backing the system
state up on that dc, there is no need to backup every dc in your domain
unless it is being used for more than just dc services.

Backup and Recovery are essential, but don't address "Fault tolerance".
They address "Disaster Recovery".

Each dc has a copy of AD, if the fsmo role holder dies and you don;t have
a backup of it you can still recover via fsmo role seizure.

Again - ... doesn't address FT.


-ds

 

[Public News]

<inline>

What would be your suggestion to have a fault tolerant Active
Directory?

Improve the fault-tolerance of the Domain Controllers?

1) A second DC located in another building

This only addresses "Availability" -- not FT.

2) System State Backups and Recovery Disks updated daily

This strategy addresses "Disaster Recovery", but not FT.

3) ?

Increase the quality of the equipment to the point that it can withstand the
vast majority of "faults" that occur. Fault tolerance is achieved by
installing equipment that either survives or fails-over during "faults".
That includes, but is not limited to, redundant disk systems and subsystems,
motherboards, nics, power supplies, and UPSs.

Does a system state backup on the FSMO holder, collect the entire AD
database if the only two DC's die?

Any system state on any DC will suffice for Disaster Recovery - provided it
is a relatively recent backup. What you are addressing with backups is your
DR plan - and the decisions there have to do with how much your AD
environment changes over time as opposed to how resistant to failure your
environment is. IOW - a simple risk analysis will do ...

A more pertinant question is, why do you believe both DCs will "die"
simultaneously? Wouldn't that indicate to you that you might be addressing
the wrong problem?

What if Active Directory gets corrupt and replicates to the only other
DC, how would you recover?

This "hypothetical" scenario has been asked so many times .... It can
actually be rephrased as follows:

"What if the Directory gets so corrupt that it's unusable, but not so
corrupt that it can still replicate?"

If you analyze that statement, the most likely "corruption" that would fall
into this category woudn't be some kind of software failure, but most
likely would be user (AKA Admin) induced. That being the case, I'd
investigate means to ensure people with admin rights don't do stupid or bad
things rather than worry about the very remote possibility that AD woudn't
do its job ... which it does rather nicely.

I know it doesent happen much but, if asked, how would you do it?

If it *did* happen, there is a process known as "Forest Recovery" you would
likely want to perform.
(http://www.microsoft.com/downloads/...79-C99B-4DF9-823C-933FEBA08CFE&displaylang=en)

It's not a simple thing to do (I've practiced it in a lab for a 17 domain
forest), and it should be part of the regular training plan for the
AD/Exchange folks.

-ds