Windows 2003 AD Redundancy

  • Thread starter Thread starter Wallace, David K.
  • Start date Start date
W

Wallace, David K.

I have a Win2k3 forest in place, with multiple AD Servers for each domain.
I wish to perform a redundancy test of my domain controllers. But first, I
wanted to read up best practices. Basically, I want to be able to turn off
one of my domain controllers, and have no customer interruption. Anyone
know a good document out there on either the best practices or what to do
when a domain controller fails?

Many thanks
 
Once you have multiple domain controllers running, shutting one off will not
effect logons, given the client has good connectivity to the other DC. There
are other considerations with the fsmo roles if the DC's will be off line
for any given amount of time. This is recapped here
http://spaces.msn.com/members/wilwol/Blog/cns!1pJhYIW7R6HVEEKz9wQ2vdnQ!108.entry. A
search in Windows 2003 help will surface many other articles and step by
step instrctions.


--
Hope it helps...........

dw

Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol(REMOVE)@yahoo.com
 
Thanks for the article:

My question is as follows:
DC1 PDC and GC
DC2 RID, GC and Infr

If one of the DC's goes down, how does the clien know to authenticate to the
live DC? If I do a nslookup to the domain name, it brings back both domain
controllers, but if I do a ping to the domain name, it only brings back one
domain controller. How can I force the clients to authenticate to the DC
that is still up and running?
 
Understood.
But what happens when the closest AD is down.. How does it know to go to the
alternate one?

Many Thanks
David
 
It will always look to the closest running domain controller. If the DC is
down, it will move on. The only time it could be an issue, is if a user has
just changed a password, or is trying to change a password. Remember that
Windows 2003 uses multi master DC's, which mean they all have equal status
in the AD environment. They can all athenticate.

--
Hope it helps...........

dw

Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol(REMOVE)@yahoo.com
 
This explains it a little better.
http://www.microsoft.com/resources/...03/standard/proddocs/en-us/sag_ADlocateDC.asp

to log on to the domain microsoft.com, computers running Windows 2000,
Windows XP, or servers running Windows Server 2003 send a DNS name query of
the type SRV for the name _ldap._tcp.microsoft.com. The response from the
DNS server contains the DNS names of the closest domain controllers
belonging to the microsoft.com domain and their IP addresses.
Using the list of domain controller IP addresses, computers running running
Windows 2000, Windows XP, or servers running Windows Server 2003 attempt to
contact each domain controller to ensure that it is operational. The first
domain controller to respond is the domain controller that is used for the
logon process. Net Logon then caches the domain controller information so
that any future requests from that computer do not attempt to repeat the
same location process.

--
Hope it helps...........

dw

Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol(REMOVE)@yahoo.com
 
Many thanks!!!

Don Wilwol said:
This explains it a little better.
http://www.microsoft.com/resources/...03/standard/proddocs/en-us/sag_ADlocateDC.asp

to log on to the domain microsoft.com, computers running Windows 2000,
Windows XP, or servers running Windows Server 2003 send a DNS name query
of the type SRV for the name _ldap._tcp.microsoft.com. The response from
the DNS server contains the DNS names of the closest domain controllers
belonging to the microsoft.com domain and their IP addresses.
Using the list of domain controller IP addresses, computers running
running Windows 2000, Windows XP, or servers running Windows Server 2003
attempt to contact each domain controller to ensure that it is
operational. The first domain controller to respond is the domain
controller that is used for the logon process. Net Logon then caches the
domain controller information so that any future requests from that
computer do not attempt to repeat the same location process.

--
Hope it helps...........

dw

Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol(REMOVE)@yahoo.com
Click to expand...
 
We are still using WINS as well.. Can that cause any problem with the client
authentication w/ a failed domain controller.
 
Back
Top