Windows 2003 AD Redundancy

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a Win2k3 forest in place, with multiple AD Servers for each domain.
I wish to perform a redundancy test of my domain controllers. But first, I
wanted to read up best practices. Basically, I want to be able to turn off
one of my domain controllers, and have no customer interruption. Anyone
know a good document out there on either the best practices or what to do
when a domain controller fails?

Many thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Once you have multiple domain controllers running, shutting one off will not
effect logons, given the client has good connectivity to the other DC. There
are other considerations with the fsmo roles if the DC's will be off line
for any given amount of time. This is recapped here
http://spaces.msn.com/members/wilwol/Blog/cns!1pJhYIW7R6HVEEKz9wQ2vdnQ!108.entry. A
search in Windows 2003 help will surface many other articles and step by
step instrctions.


--
Hope it helps...........

dw

Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol(REMOVE)@yahoo.com

"Wallace, David K." <dwallace72@comcast.net> wrote in message
news:OjqnN1JKFHA.2784@TK2MSFTNGP09.phx.gbl...
>I have a Win2k3 forest in place, with multiple AD Servers for each domain.
>I wish to perform a redundancy test of my domain controllers. But first, I
>wanted to read up best practices. Basically, I want to be able to turn off
>one of my domain controllers, and have no customer interruption. Anyone
>know a good document out there on either the best practices or what to do
>when a domain controller fails?
>
> Many thanks
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks for the article:

My question is as follows:
DC1 PDC and GC
DC2 RID, GC and Infr

If one of the DC's goes down, how does the clien know to authenticate to the
live DC? If I do a nslookup to the domain name, it brings back both domain
controllers, but if I do a ping to the domain name, it only brings back one
domain controller. How can I force the clients to authenticate to the DC
that is still up and running?



"Don Wilwol" <donwilwol@yahoo.com> wrote in message
news:%23WJRpRKKFHA.2136@TK2MSFTNGP14.phx.gbl...
> Once you have multiple domain controllers running, shutting one off will
> not effect logons, given the client has good connectivity to the other DC.
> There are other considerations with the fsmo roles if the DC's will be off
> line for any given amount of time. This is recapped here
> http://spaces.msn.com/members/wilwol/Blog/cns!1pJhYIW7R6HVEEKz9wQ2vdnQ!108.entry. A
> search in Windows 2003 help will surface many other articles and step by
> step instrctions.
>
>
> --
> Hope it helps...........
>
> dw
>
> Don Wilwol
> Blog - http://spaces.msn.com/members/wilwol/
> Web - http://capital.net/~wilwol/dw.htm
> DonWilwol(REMOVE)@yahoo.com
>
> "Wallace, David K." <dwallace72@comcast.net> wrote in message
> news:OjqnN1JKFHA.2784@TK2MSFTNGP09.phx.gbl...
>>I have a Win2k3 forest in place, with multiple AD Servers for each domain.
>>I wish to perform a redundancy test of my domain controllers. But first,
>>I wanted to read up best practices. Basically, I want to be able to turn
>>off one of my domain controllers, and have no customer interruption.
>>Anyone know a good document out there on either the best practices or what
>>to do when a domain controller fails?
>>
>> Many thanks
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

The client will look to the closest running DC. All DC's will be listed in
DNS.

--
Hope it helps...........

dw

Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol(REMOVE)@yahoo.com

"Wallace, David K." <dwallace72@comcast.net> wrote in message
news:upqtKVKKFHA.3348@TK2MSFTNGP10.phx.gbl...
> Thanks for the article:
>
> My question is as follows:
> DC1 PDC and GC
> DC2 RID, GC and Infr
>
> If one of the DC's goes down, how does the clien know to authenticate to
> the live DC? If I do a nslookup to the domain name, it brings back both
> domain controllers, but if I do a ping to the domain name, it only brings
> back one domain controller. How can I force the clients to authenticate
> to the DC that is still up and running?
>
>
>
> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
> news:%23WJRpRKKFHA.2136@TK2MSFTNGP14.phx.gbl...
>> Once you have multiple domain controllers running, shutting one off will
>> not effect logons, given the client has good connectivity to the other
>> DC. There are other considerations with the fsmo roles if the DC's will
>> be off line for any given amount of time. This is recapped here
>> http://spaces.msn.com/members/wilwol/Blog/cns!1pJhYIW7R6HVEEKz9wQ2vdnQ!108.entry. A
>> search in Windows 2003 help will surface many other articles and step by
>> step instrctions.
>>
>>
>> --
>> Hope it helps...........
>>
>> dw
>>
>> Don Wilwol
>> Blog - http://spaces.msn.com/members/wilwol/
>> Web - http://capital.net/~wilwol/dw.htm
>> DonWilwol(REMOVE)@yahoo.com
>>
>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>> news:OjqnN1JKFHA.2784@TK2MSFTNGP09.phx.gbl...
>>>I have a Win2k3 forest in place, with multiple AD Servers for each
>>>domain. I wish to perform a redundancy test of my domain controllers.
>>>But first, I wanted to read up best practices. Basically, I want to be
>>>able to turn off one of my domain controllers, and have no customer
>>>interruption. Anyone know a good document out there on either the best
>>>practices or what to do when a domain controller fails?
>>>
>>> Many thanks
>>>
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Understood.
But what happens when the closest AD is down.. How does it know to go to the
alternate one?

Many Thanks
David

"Don Wilwol" <donwilwol@yahoo.com> wrote in message
news:eIfV28KKFHA.2764@tk2msftngp13.phx.gbl...
> The client will look to the closest running DC. All DC's will be listed in
> DNS.
>
> --
> Hope it helps...........
>
> dw
>
> Don Wilwol
> Blog - http://spaces.msn.com/members/wilwol/
> Web - http://capital.net/~wilwol/dw.htm
> DonWilwol(REMOVE)@yahoo.com
>
> "Wallace, David K." <dwallace72@comcast.net> wrote in message
> news:upqtKVKKFHA.3348@TK2MSFTNGP10.phx.gbl...
>> Thanks for the article:
>>
>> My question is as follows:
>> DC1 PDC and GC
>> DC2 RID, GC and Infr
>>
>> If one of the DC's goes down, how does the clien know to authenticate to
>> the live DC? If I do a nslookup to the domain name, it brings back both
>> domain controllers, but if I do a ping to the domain name, it only brings
>> back one domain controller. How can I force the clients to authenticate
>> to the DC that is still up and running?
>>
>>
>>
>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>> news:%23WJRpRKKFHA.2136@TK2MSFTNGP14.phx.gbl...
>>> Once you have multiple domain controllers running, shutting one off will
>>> not effect logons, given the client has good connectivity to the other
>>> DC. There are other considerations with the fsmo roles if the DC's will
>>> be off line for any given amount of time. This is recapped here
>>> http://spaces.msn.com/members/wilwol/Blog/cns!1pJhYIW7R6HVEEKz9wQ2vdnQ!108.entry. A
>>> search in Windows 2003 help will surface many other articles and step by
>>> step instrctions.
>>>
>>>
>>> --
>>> Hope it helps...........
>>>
>>> dw
>>>
>>> Don Wilwol
>>> Blog - http://spaces.msn.com/members/wilwol/
>>> Web - http://capital.net/~wilwol/dw.htm
>>> DonWilwol(REMOVE)@yahoo.com
>>>
>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>> news:OjqnN1JKFHA.2784@TK2MSFTNGP09.phx.gbl...
>>>>I have a Win2k3 forest in place, with multiple AD Servers for each
>>>>domain. I wish to perform a redundancy test of my domain controllers.
>>>>But first, I wanted to read up best practices. Basically, I want to be
>>>>able to turn off one of my domain controllers, and have no customer
>>>>interruption. Anyone know a good document out there on either the best
>>>>practices or what to do when a domain controller fails?
>>>>
>>>> Many thanks
>>>>
>>>
>>>
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

It will always look to the closest running domain controller. If the DC is
down, it will move on. The only time it could be an issue, is if a user has
just changed a password, or is trying to change a password. Remember that
Windows 2003 uses multi master DC's, which mean they all have equal status
in the AD environment. They can all athenticate.

--
Hope it helps...........

dw

Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol(REMOVE)@yahoo.com

"Wallace, David K." <dwallace72@comcast.net> wrote in message
news:e9%236CKLKFHA.2136@TK2MSFTNGP14.phx.gbl...
> Understood.
> But what happens when the closest AD is down.. How does it know to go to
> the alternate one?
>
> Many Thanks
> David
>
> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
> news:eIfV28KKFHA.2764@tk2msftngp13.phx.gbl...
>> The client will look to the closest running DC. All DC's will be listed
>> in DNS.
>>
>> --
>> Hope it helps...........
>>
>> dw
>>
>> Don Wilwol
>> Blog - http://spaces.msn.com/members/wilwol/
>> Web - http://capital.net/~wilwol/dw.htm
>> DonWilwol(REMOVE)@yahoo.com
>>
>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>> news:upqtKVKKFHA.3348@TK2MSFTNGP10.phx.gbl...
>>> Thanks for the article:
>>>
>>> My question is as follows:
>>> DC1 PDC and GC
>>> DC2 RID, GC and Infr
>>>
>>> If one of the DC's goes down, how does the clien know to authenticate to
>>> the live DC? If I do a nslookup to the domain name, it brings back both
>>> domain controllers, but if I do a ping to the domain name, it only
>>> brings back one domain controller. How can I force the clients to
>>> authenticate to the DC that is still up and running?
>>>
>>>
>>>
>>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>>> news:%23WJRpRKKFHA.2136@TK2MSFTNGP14.phx.gbl...
>>>> Once you have multiple domain controllers running, shutting one off
>>>> will not effect logons, given the client has good connectivity to the
>>>> other DC. There are other considerations with the fsmo roles if the
>>>> DC's will be off line for any given amount of time. This is recapped
>>>> here
>>>> http://spaces.msn.com/members/wilwol/Blog/cns!1pJhYIW7R6HVEEKz9wQ2vdnQ!108.entry. A
>>>> search in Windows 2003 help will surface many other articles and step
>>>> by step instrctions.
>>>>
>>>>
>>>> --
>>>> Hope it helps...........
>>>>
>>>> dw
>>>>
>>>> Don Wilwol
>>>> Blog - http://spaces.msn.com/members/wilwol/
>>>> Web - http://capital.net/~wilwol/dw.htm
>>>> DonWilwol(REMOVE)@yahoo.com
>>>>
>>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>>> news:OjqnN1JKFHA.2784@TK2MSFTNGP09.phx.gbl...
>>>>>I have a Win2k3 forest in place, with multiple AD Servers for each
>>>>>domain. I wish to perform a redundancy test of my domain controllers.
>>>>>But first, I wanted to read up best practices. Basically, I want to be
>>>>>able to turn off one of my domain controllers, and have no customer
>>>>>interruption. Anyone know a good document out there on either the best
>>>>>practices or what to do when a domain controller fails?
>>>>>
>>>>> Many thanks
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

This explains it a little better.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_ADlocateDC.asp

to log on to the domain microsoft.com, computers running Windows 2000,
Windows XP, or servers running Windows Server 2003 send a DNS name query of
the type SRV for the name _ldap._tcp.microsoft.com. The response from the
DNS server contains the DNS names of the closest domain controllers
belonging to the microsoft.com domain and their IP addresses.
Using the list of domain controller IP addresses, computers running running
Windows 2000, Windows XP, or servers running Windows Server 2003 attempt to
contact each domain controller to ensure that it is operational. The first
domain controller to respond is the domain controller that is used for the
logon process. Net Logon then caches the domain controller information so
that any future requests from that computer do not attempt to repeat the
same location process.

--
Hope it helps...........

dw

Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol(REMOVE)@yahoo.com

"Don Wilwol" <donwilwol@yahoo.com> wrote in message
news:ufDr%23RLKFHA.2812@TK2MSFTNGP15.phx.gbl...
> It will always look to the closest running domain controller. If the DC is
> down, it will move on. The only time it could be an issue, is if a user
> has just changed a password, or is trying to change a password. Remember
> that Windows 2003 uses multi master DC's, which mean they all have equal
> status in the AD environment. They can all athenticate.
>
> --
> Hope it helps...........
>
> dw
>
> Don Wilwol
> Blog - http://spaces.msn.com/members/wilwol/
> Web - http://capital.net/~wilwol/dw.htm
> DonWilwol(REMOVE)@yahoo.com
>
> "Wallace, David K." <dwallace72@comcast.net> wrote in message
> news:e9%236CKLKFHA.2136@TK2MSFTNGP14.phx.gbl...
>> Understood.
>> But what happens when the closest AD is down.. How does it know to go to
>> the alternate one?
>>
>> Many Thanks
>> David
>>
>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>> news:eIfV28KKFHA.2764@tk2msftngp13.phx.gbl...
>>> The client will look to the closest running DC. All DC's will be listed
>>> in DNS.
>>>
>>> --
>>> Hope it helps...........
>>>
>>> dw
>>>
>>> Don Wilwol
>>> Blog - http://spaces.msn.com/members/wilwol/
>>> Web - http://capital.net/~wilwol/dw.htm
>>> DonWilwol(REMOVE)@yahoo.com
>>>
>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>> news:upqtKVKKFHA.3348@TK2MSFTNGP10.phx.gbl...
>>>> Thanks for the article:
>>>>
>>>> My question is as follows:
>>>> DC1 PDC and GC
>>>> DC2 RID, GC and Infr
>>>>
>>>> If one of the DC's goes down, how does the clien know to authenticate
>>>> to the live DC? If I do a nslookup to the domain name, it brings back
>>>> both domain controllers, but if I do a ping to the domain name, it only
>>>> brings back one domain controller. How can I force the clients to
>>>> authenticate to the DC that is still up and running?
>>>>
>>>>
>>>>
>>>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>>>> news:%23WJRpRKKFHA.2136@TK2MSFTNGP14.phx.gbl...
>>>>> Once you have multiple domain controllers running, shutting one off
>>>>> will not effect logons, given the client has good connectivity to the
>>>>> other DC. There are other considerations with the fsmo roles if the
>>>>> DC's will be off line for any given amount of time. This is recapped
>>>>> here
>>>>> http://spaces.msn.com/members/wilwol/Blog/cns!1pJhYIW7R6HVEEKz9wQ2vdnQ!108.entry. A
>>>>> search in Windows 2003 help will surface many other articles and step
>>>>> by step instrctions.
>>>>>
>>>>>
>>>>> --
>>>>> Hope it helps...........
>>>>>
>>>>> dw
>>>>>
>>>>> Don Wilwol
>>>>> Blog - http://spaces.msn.com/members/wilwol/
>>>>> Web - http://capital.net/~wilwol/dw.htm
>>>>> DonWilwol(REMOVE)@yahoo.com
>>>>>
>>>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>>>> news:OjqnN1JKFHA.2784@TK2MSFTNGP09.phx.gbl...
>>>>>>I have a Win2k3 forest in place, with multiple AD Servers for each
>>>>>>domain. I wish to perform a redundancy test of my domain controllers.
>>>>>>But first, I wanted to read up best practices. Basically, I want to
>>>>>>be able to turn off one of my domain controllers, and have no customer
>>>>>>interruption. Anyone know a good document out there on either the best
>>>>>>practices or what to do when a domain controller fails?
>>>>>>
>>>>>> Many thanks
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Many thanks!!!

"Don Wilwol" <donwilwol@yahoo.com> wrote in message
news:ehP%23vbLKFHA.3512@TK2MSFTNGP15.phx.gbl...
> This explains it a little better.
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_ADlocateDC.asp
>
> to log on to the domain microsoft.com, computers running Windows 2000,
> Windows XP, or servers running Windows Server 2003 send a DNS name query
> of the type SRV for the name _ldap._tcp.microsoft.com. The response from
> the DNS server contains the DNS names of the closest domain controllers
> belonging to the microsoft.com domain and their IP addresses.
> Using the list of domain controller IP addresses, computers running
> running Windows 2000, Windows XP, or servers running Windows Server 2003
> attempt to contact each domain controller to ensure that it is
> operational. The first domain controller to respond is the domain
> controller that is used for the logon process. Net Logon then caches the
> domain controller information so that any future requests from that
> computer do not attempt to repeat the same location process.
>
> --
> Hope it helps...........
>
> dw
>
> Don Wilwol
> Blog - http://spaces.msn.com/members/wilwol/
> Web - http://capital.net/~wilwol/dw.htm
> DonWilwol(REMOVE)@yahoo.com
>
> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
> news:ufDr%23RLKFHA.2812@TK2MSFTNGP15.phx.gbl...
>> It will always look to the closest running domain controller. If the DC
>> is down, it will move on. The only time it could be an issue, is if a
>> user has just changed a password, or is trying to change a password.
>> Remember that Windows 2003 uses multi master DC's, which mean they all
>> have equal status in the AD environment. They can all athenticate.
>>
>> --
>> Hope it helps...........
>>
>> dw
>>
>> Don Wilwol
>> Blog - http://spaces.msn.com/members/wilwol/
>> Web - http://capital.net/~wilwol/dw.htm
>> DonWilwol(REMOVE)@yahoo.com
>>
>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>> news:e9%236CKLKFHA.2136@TK2MSFTNGP14.phx.gbl...
>>> Understood.
>>> But what happens when the closest AD is down.. How does it know to go to
>>> the alternate one?
>>>
>>> Many Thanks
>>> David
>>>
>>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>>> news:eIfV28KKFHA.2764@tk2msftngp13.phx.gbl...
>>>> The client will look to the closest running DC. All DC's will be listed
>>>> in DNS.
>>>>
>>>> --
>>>> Hope it helps...........
>>>>
>>>> dw
>>>>
>>>> Don Wilwol
>>>> Blog - http://spaces.msn.com/members/wilwol/
>>>> Web - http://capital.net/~wilwol/dw.htm
>>>> DonWilwol(REMOVE)@yahoo.com
>>>>
>>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>>> news:upqtKVKKFHA.3348@TK2MSFTNGP10.phx.gbl...
>>>>> Thanks for the article:
>>>>>
>>>>> My question is as follows:
>>>>> DC1 PDC and GC
>>>>> DC2 RID, GC and Infr
>>>>>
>>>>> If one of the DC's goes down, how does the clien know to authenticate
>>>>> to the live DC? If I do a nslookup to the domain name, it brings back
>>>>> both domain controllers, but if I do a ping to the domain name, it
>>>>> only brings back one domain controller. How can I force the clients
>>>>> to authenticate to the DC that is still up and running?
>>>>>
>>>>>
>>>>>
>>>>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>>>>> news:%23WJRpRKKFHA.2136@TK2MSFTNGP14.phx.gbl...
>>>>>> Once you have multiple domain controllers running, shutting one off
>>>>>> will not effect logons, given the client has good connectivity to the
>>>>>> other DC. There are other considerations with the fsmo roles if the
>>>>>> DC's will be off line for any given amount of time. This is recapped
>>>>>> here
>>>>>> http://spaces.msn.com/members/wilwol/Blog/cns!1pJhYIW7R6HVEEKz9wQ2vdnQ!108.entry. A
>>>>>> search in Windows 2003 help will surface many other articles and step
>>>>>> by step instrctions.
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Hope it helps...........
>>>>>>
>>>>>> dw
>>>>>>
>>>>>> Don Wilwol
>>>>>> Blog - http://spaces.msn.com/members/wilwol/
>>>>>> Web - http://capital.net/~wilwol/dw.htm
>>>>>> DonWilwol(REMOVE)@yahoo.com
>>>>>>
>>>>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>>>>> news:OjqnN1JKFHA.2784@TK2MSFTNGP09.phx.gbl...
>>>>>>>I have a Win2k3 forest in place, with multiple AD Servers for each
>>>>>>>domain. I wish to perform a redundancy test of my domain controllers.
>>>>>>>But first, I wanted to read up best practices. Basically, I want to
>>>>>>>be able to turn off one of my domain controllers, and have no
>>>>>>>customer interruption. Anyone know a good document out there on
>>>>>>>either the best practices or what to do when a domain controller
>>>>>>>fails?
>>>>>>>
>>>>>>> Many thanks
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

We are still using WINS as well.. Can that cause any problem with the client
authentication w/ a failed domain controller.

"Don Wilwol" <donwilwol@yahoo.com> wrote in message
news:ehP%23vbLKFHA.3512@TK2MSFTNGP15.phx.gbl...
> This explains it a little better.
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_ADlocateDC.asp
>
> to log on to the domain microsoft.com, computers running Windows 2000,
> Windows XP, or servers running Windows Server 2003 send a DNS name query
> of the type SRV for the name _ldap._tcp.microsoft.com. The response from
> the DNS server contains the DNS names of the closest domain controllers
> belonging to the microsoft.com domain and their IP addresses.
> Using the list of domain controller IP addresses, computers running
> running Windows 2000, Windows XP, or servers running Windows Server 2003
> attempt to contact each domain controller to ensure that it is
> operational. The first domain controller to respond is the domain
> controller that is used for the logon process. Net Logon then caches the
> domain controller information so that any future requests from that
> computer do not attempt to repeat the same location process.
>
> --
> Hope it helps...........
>
> dw
>
> Don Wilwol
> Blog - http://spaces.msn.com/members/wilwol/
> Web - http://capital.net/~wilwol/dw.htm
> DonWilwol(REMOVE)@yahoo.com
>
> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
> news:ufDr%23RLKFHA.2812@TK2MSFTNGP15.phx.gbl...
>> It will always look to the closest running domain controller. If the DC
>> is down, it will move on. The only time it could be an issue, is if a
>> user has just changed a password, or is trying to change a password.
>> Remember that Windows 2003 uses multi master DC's, which mean they all
>> have equal status in the AD environment. They can all athenticate.
>>
>> --
>> Hope it helps...........
>>
>> dw
>>
>> Don Wilwol
>> Blog - http://spaces.msn.com/members/wilwol/
>> Web - http://capital.net/~wilwol/dw.htm
>> DonWilwol(REMOVE)@yahoo.com
>>
>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>> news:e9%236CKLKFHA.2136@TK2MSFTNGP14.phx.gbl...
>>> Understood.
>>> But what happens when the closest AD is down.. How does it know to go to
>>> the alternate one?
>>>
>>> Many Thanks
>>> David
>>>
>>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>>> news:eIfV28KKFHA.2764@tk2msftngp13.phx.gbl...
>>>> The client will look to the closest running DC. All DC's will be listed
>>>> in DNS.
>>>>
>>>> --
>>>> Hope it helps...........
>>>>
>>>> dw
>>>>
>>>> Don Wilwol
>>>> Blog - http://spaces.msn.com/members/wilwol/
>>>> Web - http://capital.net/~wilwol/dw.htm
>>>> DonWilwol(REMOVE)@yahoo.com
>>>>
>>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>>> news:upqtKVKKFHA.3348@TK2MSFTNGP10.phx.gbl...
>>>>> Thanks for the article:
>>>>>
>>>>> My question is as follows:
>>>>> DC1 PDC and GC
>>>>> DC2 RID, GC and Infr
>>>>>
>>>>> If one of the DC's goes down, how does the clien know to authenticate
>>>>> to the live DC? If I do a nslookup to the domain name, it brings back
>>>>> both domain controllers, but if I do a ping to the domain name, it
>>>>> only brings back one domain controller. How can I force the clients
>>>>> to authenticate to the DC that is still up and running?
>>>>>
>>>>>
>>>>>
>>>>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>>>>> news:%23WJRpRKKFHA.2136@TK2MSFTNGP14.phx.gbl...
>>>>>> Once you have multiple domain controllers running, shutting one off
>>>>>> will not effect logons, given the client has good connectivity to the
>>>>>> other DC. There are other considerations with the fsmo roles if the
>>>>>> DC's will be off line for any given amount of time. This is recapped
>>>>>> here
>>>>>> http://spaces.msn.com/members/wilwol/Blog/cns!1pJhYIW7R6HVEEKz9wQ2vdnQ!108.entry. A
>>>>>> search in Windows 2003 help will surface many other articles and step
>>>>>> by step instrctions.
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Hope it helps...........
>>>>>>
>>>>>> dw
>>>>>>
>>>>>> Don Wilwol
>>>>>> Blog - http://spaces.msn.com/members/wilwol/
>>>>>> Web - http://capital.net/~wilwol/dw.htm
>>>>>> DonWilwol(REMOVE)@yahoo.com
>>>>>>
>>>>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>>>>> news:OjqnN1JKFHA.2784@TK2MSFTNGP09.phx.gbl...
>>>>>>>I have a Win2k3 forest in place, with multiple AD Servers for each
>>>>>>>domain. I wish to perform a redundancy test of my domain controllers.
>>>>>>>But first, I wanted to read up best practices. Basically, I want to
>>>>>>>be able to turn off one of my domain controllers, and have no
>>>>>>>customer interruption. Anyone know a good document out there on
>>>>>>>either the best practices or what to do when a domain controller
>>>>>>>fails?
>>>>>>>
>>>>>>> Many thanks
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

It could cause a problem if there were false entries. I would verify that no
entry pointing to the wrong place.

--
Hope it helps...........

dw

Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol(REMOVE)@yahoo.com

"Wallace, David K." <dwallace72@comcast.net> wrote in message
news:eKbe4nWKFHA.3652@TK2MSFTNGP10.phx.gbl...
> We are still using WINS as well.. Can that cause any problem with the
> client authentication w/ a failed domain controller.
>
> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
> news:ehP%23vbLKFHA.3512@TK2MSFTNGP15.phx.gbl...
>> This explains it a little better.
>> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_ADlocateDC.asp
>>
>> to log on to the domain microsoft.com, computers running Windows 2000,
>> Windows XP, or servers running Windows Server 2003 send a DNS name query
>> of the type SRV for the name _ldap._tcp.microsoft.com. The response from
>> the DNS server contains the DNS names of the closest domain controllers
>> belonging to the microsoft.com domain and their IP addresses.
>> Using the list of domain controller IP addresses, computers running
>> running Windows 2000, Windows XP, or servers running Windows Server 2003
>> attempt to contact each domain controller to ensure that it is
>> operational. The first domain controller to respond is the domain
>> controller that is used for the logon process. Net Logon then caches the
>> domain controller information so that any future requests from that
>> computer do not attempt to repeat the same location process.
>>
>> --
>> Hope it helps...........
>>
>> dw
>>
>> Don Wilwol
>> Blog - http://spaces.msn.com/members/wilwol/
>> Web - http://capital.net/~wilwol/dw.htm
>> DonWilwol(REMOVE)@yahoo.com
>>
>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>> news:ufDr%23RLKFHA.2812@TK2MSFTNGP15.phx.gbl...
>>> It will always look to the closest running domain controller. If the DC
>>> is down, it will move on. The only time it could be an issue, is if a
>>> user has just changed a password, or is trying to change a password.
>>> Remember that Windows 2003 uses multi master DC's, which mean they all
>>> have equal status in the AD environment. They can all athenticate.
>>>
>>> --
>>> Hope it helps...........
>>>
>>> dw
>>>
>>> Don Wilwol
>>> Blog - http://spaces.msn.com/members/wilwol/
>>> Web - http://capital.net/~wilwol/dw.htm
>>> DonWilwol(REMOVE)@yahoo.com
>>>
>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>> news:e9%236CKLKFHA.2136@TK2MSFTNGP14.phx.gbl...
>>>> Understood.
>>>> But what happens when the closest AD is down.. How does it know to go
>>>> to the alternate one?
>>>>
>>>> Many Thanks
>>>> David
>>>>
>>>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>>>> news:eIfV28KKFHA.2764@tk2msftngp13.phx.gbl...
>>>>> The client will look to the closest running DC. All DC's will be
>>>>> listed in DNS.
>>>>>
>>>>> --
>>>>> Hope it helps...........
>>>>>
>>>>> dw
>>>>>
>>>>> Don Wilwol
>>>>> Blog - http://spaces.msn.com/members/wilwol/
>>>>> Web - http://capital.net/~wilwol/dw.htm
>>>>> DonWilwol(REMOVE)@yahoo.com
>>>>>
>>>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>>>> news:upqtKVKKFHA.3348@TK2MSFTNGP10.phx.gbl...
>>>>>> Thanks for the article:
>>>>>>
>>>>>> My question is as follows:
>>>>>> DC1 PDC and GC
>>>>>> DC2 RID, GC and Infr
>>>>>>
>>>>>> If one of the DC's goes down, how does the clien know to authenticate
>>>>>> to the live DC? If I do a nslookup to the domain name, it brings
>>>>>> back both domain controllers, but if I do a ping to the domain name,
>>>>>> it only brings back one domain controller. How can I force the
>>>>>> clients to authenticate to the DC that is still up and running?
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Don Wilwol" <donwilwol@yahoo.com> wrote in message
>>>>>> news:%23WJRpRKKFHA.2136@TK2MSFTNGP14.phx.gbl...
>>>>>>> Once you have multiple domain controllers running, shutting one off
>>>>>>> will not effect logons, given the client has good connectivity to
>>>>>>> the other DC. There are other considerations with the fsmo roles if
>>>>>>> the DC's will be off line for any given amount of time. This is
>>>>>>> recapped here
>>>>>>> http://spaces.msn.com/members/wilwol/Blog/cns!1pJhYIW7R6HVEEKz9wQ2vdnQ!108.entry. A
>>>>>>> search in Windows 2003 help will surface many other articles and
>>>>>>> step by step instrctions.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Hope it helps...........
>>>>>>>
>>>>>>> dw
>>>>>>>
>>>>>>> Don Wilwol
>>>>>>> Blog - http://spaces.msn.com/members/wilwol/
>>>>>>> Web - http://capital.net/~wilwol/dw.htm
>>>>>>> DonWilwol(REMOVE)@yahoo.com
>>>>>>>
>>>>>>> "Wallace, David K." <dwallace72@comcast.net> wrote in message
>>>>>>> news:OjqnN1JKFHA.2784@TK2MSFTNGP09.phx.gbl...
>>>>>>>>I have a Win2k3 forest in place, with multiple AD Servers for each
>>>>>>>>domain. I wish to perform a redundancy test of my domain
>>>>>>>>controllers. But first, I wanted to read up best practices.
>>>>>>>>Basically, I want to be able to turn off one of my domain
>>>>>>>>controllers, and have no customer interruption. Anyone know a good
>>>>>>>>document out there on either the best practices or what to do when a
>>>>>>>>domain controller fails?
>>>>>>>>
>>>>>>>> Many thanks
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>