D
Degen Ende
This one may be a stupid question, but that's why we have newsgroups,
right?
We're replacing our 2 Active Directory Global Catalog Servers, and
there's an issue or two that needs to be addressed. Now, being that I'm
a former Novell guy, some of my terms or even my train of thought may
be misguided, but I'll do my best for it to make sense.
We believe we know the proper steps for replacing DC1 and DC2 with DCA
and DCB. Basically, turn them all on, then set DCA to the Primary
Catalog Server and take down DC1 in a couple days/hours/whenever things
are done replicating. Then, just take down DC2 and we're good to go,
because DCB should already be a secondary/failover/etc.
My problem is that various home-built applications are authenticating
to DC1 specifically, and they do not allow for failover. In other
words, it's DC1 for authentication or no authentication at all. This is
a problem, I believe, with the applications that have been constructed
in-house, but management feels that adjusting such programs are
insurmountable and therefore it's become my headache.
What has been suggested is we run Network Load Balancing between DCA
and DCB and create a virutal server, DC1, so our applications will
still point to the same name and authentication will occur.
My question is can I do this? Does this make sense? I know for AD
authentication I don't have to do anything. DCB should take over
anytime I put a fork in DCA's power supply. Will NLB work for LDAP
authentication, or do my programs just suck?
To add to the mix, does anyone know if a Cisco Load Balancing (CLB)
device will help me at all? Or, will the CLB work for LDAP but screw
with my AD authen?
Any assistance/suggestions/advice would be outstanding.
right?
We're replacing our 2 Active Directory Global Catalog Servers, and
there's an issue or two that needs to be addressed. Now, being that I'm
a former Novell guy, some of my terms or even my train of thought may
be misguided, but I'll do my best for it to make sense.
We believe we know the proper steps for replacing DC1 and DC2 with DCA
and DCB. Basically, turn them all on, then set DCA to the Primary
Catalog Server and take down DC1 in a couple days/hours/whenever things
are done replicating. Then, just take down DC2 and we're good to go,
because DCB should already be a secondary/failover/etc.
My problem is that various home-built applications are authenticating
to DC1 specifically, and they do not allow for failover. In other
words, it's DC1 for authentication or no authentication at all. This is
a problem, I believe, with the applications that have been constructed
in-house, but management feels that adjusting such programs are
insurmountable and therefore it's become my headache.
What has been suggested is we run Network Load Balancing between DCA
and DCB and create a virutal server, DC1, so our applications will
still point to the same name and authentication will occur.
My question is can I do this? Does this make sense? I know for AD
authentication I don't have to do anything. DCB should take over
anytime I put a fork in DCA's power supply. Will NLB work for LDAP
authentication, or do my programs just suck?
To add to the mix, does anyone know if a Cisco Load Balancing (CLB)
device will help me at all? Or, will the CLB work for LDAP but screw
with my AD authen?
Any assistance/suggestions/advice would be outstanding.