Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Concept clarification of user authentication

Status
Not open for further replies.
HKNinja

HKNinja

MIS
Nov 17, 2002
148
US
Just wanna clarify an concept:

I have Server A and Server B setup as following:

Server A - DC,AD, DHCP,P-DNS,FISMO host, Print Server, Backup Server, File Server
Server B - DC, AD, S-DNS, Exchange Server

Server B replicates data from Server A.

Question to clarify:
When Server A is down, should Server B picks up the role to authenticate users login and respond to DNS requests even it is not the FISMO role host? If not, what good does it do to have a 2nd DC?
 
Sort by date Sort by votes
Ok. Assuming that this environment is 2003 AD, I would say the following:

Server B should definitely authenticate users just fine. This is also assuming that your sites/services are setup correctly. If they are, it is likely authenticating people now.

As for FSMO roles, supposedly if a FSMO role holder is down for so long, it is supposed to transfer the role to an available DC. In my experience, if a FSMO role holder DC goes down and you notice service changes, it is best to manually transfer the roles to other DC's. This is quick, easy, and should mean zero downtime.

As for DNS, it all depends on your DNS client configs. If your clients only point to server A and it goes down, it will not "failover". If Server B is set to be the secondary DNS client IP, then it should failover. Do the DNS servers have any forwarders to each other? If they are integrated to AD, then records should be the same on both machines.

I hope this helps.
 
Upvote 0 Downvote
Hey djtech2k,

First of all, thanks for the reply.

Here is some more info and challenges that I'm facing.

Facts:
- Yes, both servers are 2003 AD.
- Server A is FSMO role holder.
- Both servers are DC
- Server A is the primary DNS and Server B is the secondary DNS on all workstations.
- Server B has identical AD and DNS info as Server A.
- Server A is the ONLY DHCP Server

Challenges:
- Server A is an old server and not as reliable as Server B.
- No, failover doesn't work. When Server A is down, users are not able to log into the network.
- Network become extremely slow when server A goes down even Server B is running totally fine.

Goals:
- Server A failover to Server B when down so users can continue logging in/out of the network while Server B is being fixed.

I'm thinking maybe I should change the FSMO role and DHCP to Server B since it's a much stabler server than Server A. Anymore opinions?
 
Upvote 0 Downvote
HKNinja,

ServerB should authenticate AD logons just fine, given it is setup properly. Meaning, unless there are some other underlying issues, by default this should be seamless.

Depending on the length of time ServerA is down, you could have issues. One problem will reside in creating new objects in AD, as the RID Master FSMO role will not exists. Also, time sync's will not happen as this is the role of the PDC Emulator.

Essentially, if ServerA is not a stable server, I would suggest transferring all FSMO roles (all five) over to ServerB. This is an easy task and can be done any time.

On another note, you may want to consider splitting your DHCP scope between the 2 servers. So that if one goes down, you'll still be able to obtain addresses from the other.

Hope This Helps,

Good Luck!
 
Upvote 0 Downvote
Your biggest issue right now is that you need more DHCP redundancy. If Server A goes offline, your clients cannot get an IP, so they are dead unless you static IP them.

As for the rest, as I mentioned before, if ServerA goes offline you should still be able to use DNS and authenticate. All you would then need to do is to transfer FSMO roles to ServerB, which you may want to go ahead and do if Server A is not stable.

If Server A went down and you were not able to transfer the roles, you could force them to transfer while its offline too, but then Server A would not be able to come back online. So thats why I said its better to transfer the roles while both servers are healthy.

And again, all of these statements are dependant on everything being setup correctly. Multiple DC's are great for redundancy.
 
Upvote 0 Downvote
Thanks for all the reply, I have transferred the FSMO role to ServerB and everything seems to work fine. Thanks!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
781
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
307
penguinroundup
penguinroundup
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
320
mikehook
mikehook
Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
279
Scparks
Scparks

Part and Inventory Search

Sponsor

Back
Top