Configuring a 2nd domain controller capable to fully repla..

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.general,microsoft.public.win2000.networking,microsoft.public.windows.server.general (More info?)

Hi,

In our office we have only one W2K domain controller server attending logins
for Win98, Win2K and WinXP workstations and servers. We want to add a second
domain controller to the domain, but this should be a identical server, it
should be capable to replace 100% the first one. We want to protect us
against a complete failure on the first server.
Initially I thought it would be enought to setup an additional W2K server
and promote it to domain controller on the same domain of the first server
by using dcpromo, and install WINS for supporting Win98 PCs. I did that and
conducted the following test: Disconnected the new domain controller from
the office's LAN and connected it to an independent switch. Then connected a
Win98 PC to that but I couldn't login. The error was "wrong password or
access denied".
Interneting around I was advised I should configure specially the second
domain controller in order to fully replace the first one: I should
"transfer roles" and activate global catalog on the second DC.
Can you point me to some article detailing how to properly configure the
replacement server? The goal is that both servers should be running on pair.
If one of the server fails catastrofically (is lost without any chance to
recover data), the second should be capable of assuming all the work of the
first server automatically and transparent, or at least with minimum user
intervention on the configuration of the server, no intervention on the
configuration of the clients.
Thanks in advance
Sammy
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.general,microsoft.public.win2000.networking,microsoft.public.windows.server.general (More info?)

The best way is to not create a "replacement",...you aren't "replacing"
anything. You simply have two running DCs at the same time,...think in terms
of "redundant" instead of "replacement". All machines (including the DCs)
will have the IP# of both of them intheir DNS Settings. The DNS on both
DCs will have the same Forwarders Setup for the ISP's DNS.

The reason your test failed is because the client would not be aware of the
other DC when the original was down because the client probably did not have
the IP# of that DC in its TCP/IP settings. All of the DC/DNSs must be
listed in the clients DNS Settings,..not just the original DC.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------



"SammyBar" <sammybar@gmail.com> wrote in message
news:ORElqv0oFHA.2156@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> In our office we have only one W2K domain controller server attending
logins
> for Win98, Win2K and WinXP workstations and servers. We want to add a
second
> domain controller to the domain, but this should be a identical server, it
> should be capable to replace 100% the first one. We want to protect us
> against a complete failure on the first server.
> Initially I thought it would be enought to setup an additional W2K server
> and promote it to domain controller on the same domain of the first server
> by using dcpromo, and install WINS for supporting Win98 PCs. I did that
and
> conducted the following test: Disconnected the new domain controller from
> the office's LAN and connected it to an independent switch. Then connected
a
> Win98 PC to that but I couldn't login. The error was "wrong password or
> access denied".
> Interneting around I was advised I should configure specially the second
> domain controller in order to fully replace the first one: I should
> "transfer roles" and activate global catalog on the second DC.
> Can you point me to some article detailing how to properly configure the
> replacement server? The goal is that both servers should be running on
pair.
> If one of the server fails catastrofically (is lost without any chance to
> recover data), the second should be capable of assuming all the work of
the
> first server automatically and transparent, or at least with minimum user
> intervention on the configuration of the server, no intervention on the
> configuration of the clients.
> Thanks in advance
> Sammy
>
>
 

Frankster

Distinguished
Oct 7, 2004
168
0
18,680
Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.general,microsoft.public.win2000.networking,microsoft.public.windows.server.general (More info?)

Additionally, as far as the "replacement" aspect, in case of failure,
assuming you are using this for other things such as user account profile
directories and shares, just create all the same shares and directories on
this box as you have on the original. Make sure all the permissions are the
same. Keep them updated with the original data from the other DC via
replication or simple scheduled xcopy script. Then, if/when necessary due to
a failure, you can make a quick reconfiguration of the client's login
shares/profile directory and be up and running again in no time. That's
what I do. It's not a transparent switchover, but it is a very fast manual
switchover.

-Frank

"Phillip Windell" <@.> wrote in message
news:eJPdxc1oFHA.2720@TK2MSFTNGP10.phx.gbl...
> The best way is to not create a "replacement",...you aren't "replacing"
> anything. You simply have two running DCs at the same time,...think in
> terms
> of "redundant" instead of "replacement". All machines (including the DCs)
> will have the IP# of both of them intheir DNS Settings. The DNS on both
> DCs will have the same Forwarders Setup for the ISP's DNS.
>
> The reason your test failed is because the client would not be aware of
> the
> other DC when the original was down because the client probably did not
> have
> the IP# of that DC in its TCP/IP settings. All of the DC/DNSs must be
> listed in the clients DNS Settings,..not just the original DC.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>
> "SammyBar" <sammybar@gmail.com> wrote in message
> news:ORElqv0oFHA.2156@TK2MSFTNGP14.phx.gbl...
>> Hi,
>>
>> In our office we have only one W2K domain controller server attending
> logins
>> for Win98, Win2K and WinXP workstations and servers. We want to add a
> second
>> domain controller to the domain, but this should be a identical server,
>> it
>> should be capable to replace 100% the first one. We want to protect us
>> against a complete failure on the first server.
>> Initially I thought it would be enought to setup an additional W2K server
>> and promote it to domain controller on the same domain of the first
>> server
>> by using dcpromo, and install WINS for supporting Win98 PCs. I did that
> and
>> conducted the following test: Disconnected the new domain controller from
>> the office's LAN and connected it to an independent switch. Then
>> connected
> a
>> Win98 PC to that but I couldn't login. The error was "wrong password or
>> access denied".
>> Interneting around I was advised I should configure specially the second
>> domain controller in order to fully replace the first one: I should
>> "transfer roles" and activate global catalog on the second DC.
>> Can you point me to some article detailing how to properly configure the
>> replacement server? The goal is that both servers should be running on
> pair.
>> If one of the server fails catastrofically (is lost without any chance to
>> recover data), the second should be capable of assuming all the work of
> the
>> first server automatically and transparent, or at least with minimum user
>> intervention on the configuration of the server, no intervention on the
>> configuration of the clients.
>> Thanks in advance
>> Sammy
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.general,microsoft.public.win2000.networking,microsoft.public.windows.server.general (More info?)

Also, there is no need to transfer any of the fsmo roles as it appears you
were alluding too.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Frankster" <Frank@SPAM2TRASH.com> wrote in message
news:XISdncPzeqv8Fp7eRVn-rQ@giganews.com...
> Additionally, as far as the "replacement" aspect, in case of failure,
> assuming you are using this for other things such as user account profile
> directories and shares, just create all the same shares and directories on
> this box as you have on the original. Make sure all the permissions are
> the same. Keep them updated with the original data from the other DC via
> replication or simple scheduled xcopy script. Then, if/when necessary due
> to a failure, you can make a quick reconfiguration of the client's login
> shares/profile directory and be up and running again in no time. That's
> what I do. It's not a transparent switchover, but it is a very fast
> manual switchover.
>
> -Frank
>
> "Phillip Windell" <@.> wrote in message
> news:eJPdxc1oFHA.2720@TK2MSFTNGP10.phx.gbl...
>> The best way is to not create a "replacement",...you aren't "replacing"
>> anything. You simply have two running DCs at the same time,...think in
>> terms
>> of "redundant" instead of "replacement". All machines (including the DCs)
>> will have the IP# of both of them intheir DNS Settings. The DNS on both
>> DCs will have the same Forwarders Setup for the ISP's DNS.
>>
>> The reason your test failed is because the client would not be aware of
>> the
>> other DC when the original was down because the client probably did not
>> have
>> the IP# of that DC in its TCP/IP settings. All of the DC/DNSs must be
>> listed in the clients DNS Settings,..not just the original DC.
>>
>> --
>> Phillip Windell [MCP, MVP, CCNA]
>> www.wandtv.com
>> -----------------------------------------------------
>> Understanding the ISA 2004 Access Rule Processing
>> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>>
>> Microsoft Internet Security & Acceleration Server: Guidance
>> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
>> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>>
>> Microsoft Internet Security & Acceleration Server: Partners
>> http://www.microsoft.com/isaserver/partners/default.asp
>> -----------------------------------------------------
>>
>>
>>
>> "SammyBar" <sammybar@gmail.com> wrote in message
>> news:ORElqv0oFHA.2156@TK2MSFTNGP14.phx.gbl...
>>> Hi,
>>>
>>> In our office we have only one W2K domain controller server attending
>> logins
>>> for Win98, Win2K and WinXP workstations and servers. We want to add a
>> second
>>> domain controller to the domain, but this should be a identical server,
>>> it
>>> should be capable to replace 100% the first one. We want to protect us
>>> against a complete failure on the first server.
>>> Initially I thought it would be enought to setup an additional W2K
>>> server
>>> and promote it to domain controller on the same domain of the first
>>> server
>>> by using dcpromo, and install WINS for supporting Win98 PCs. I did that
>> and
>>> conducted the following test: Disconnected the new domain controller
>>> from
>>> the office's LAN and connected it to an independent switch. Then
>>> connected
>> a
>>> Win98 PC to that but I couldn't login. The error was "wrong password or
>>> access denied".
>>> Interneting around I was advised I should configure specially the second
>>> domain controller in order to fully replace the first one: I should
>>> "transfer roles" and activate global catalog on the second DC.
>>> Can you point me to some article detailing how to properly configure the
>>> replacement server? The goal is that both servers should be running on
>> pair.
>>> If one of the server fails catastrofically (is lost without any chance
>>> to
>>> recover data), the second should be capable of assuming all the work of
>> the
>>> first server automatically and transparent, or at least with minimum
>>> user
>>> intervention on the configuration of the server, no intervention on the
>>> configuration of the clients.
>>> Thanks in advance
>>> Sammy
>>>
>>>
>>
>>
>
>