Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Server 2000 as standby AD controller

Status
Not open for further replies.
jamesbird

jamesbird

Technical User
Jun 4, 2003
216
GB
I'm sure I'm making this to complicated for myself, but brain has stopped working. What’s wrong with this picture?
Customer has server2k machine as single server running AD (and file sharing and and )
With critical apps running including IP PABX, needs a reserve server, which is located off site on the end of a VPN. Plan is if prime server breaks/stolen/sat on/etc. rush replacement device round, and in 1hr(ish) up and running again. We've done it this way, because whilst keeping server on site nominally gives faster swap over, if one gets stolen/burnt down etc. They both go.
At present the 2nd server when waiting is VPNed to the main site to run a nightly file sync.
PROBLEM
To stop the spare server interfering, I've DCPROMed the 2nd server down to a basic machine. When the bell rings, I'll DCPROMO it up again, but then have to ADMT the AD setting in, and reset the PBX software etc etc. This takes to long/liable to be error prone etc.
Is there something simple (bit of an oxymoron WRT Microsoft I realise) I should do/ have missed?
Don’t snigger to much at my ignorance!
 
Sort by date Sort by votes
What is/was the second DC interfering with?

The plan doesn't make much sense to me. After you promote the server how do you plan on using ADMT with no source for AD? ADMT is a migration tool. Even if you were somehow successful once the down DC comes back online all hell really breaks loose. It might be faster and dare I say safer to take care of whatever problem happens to the original DC and restore from a GOOD backup.

I'd keep the second DC as the DC and work on whatever it is interfering with.



FRCP
 
Upvote 0 Downvote
Trying not to do this by restoring a back up - I'd like the 'spare' server to be on hot standby - located on a remote but VPNed site, ready to be physicaly moved onto the prime site when the prime server fails.
Not worried about the prime server comming back up - I can make sure that doesn't happen.
Should I be setting the 'spare' machine up as an 'Additional domain controller'? Now I get lost! Over an ADSL VPN with an upstream capacity of 256k out of the 'prime' site and 128k out of the 'spare' site is it desirable to make the additional DC think it's on the same site? but if I set it up on a seperate IP range, AD assumes it's off site, but then how can I bring it on site?
Ho hum
 
Upvote 0 Downvote
jamesbird,

the offsite server should be a DC for the domain. AD will replicate per how you schedule it in the NTDS settings of each
Site--> Server-->NTDS settings---> transport ... schedule. 256/128 should suffice for replication if there are no other issues to contend with. You want this server as a DC for both Active Directory database and DNS. DNS should be AD integrated. This will keep both servers up to date. If you bring the "off-site" server online in the "home-site", yes, you will need to re-address it for that network. If you re-boot, DNS should (should) catch up with the SRV records, but you may need to make some manual adjustments in DNS as well as clients will need to know about this "new" DNS server. And DHCP? Will this be on the list of services that will need to port over to the "home-network"? WINS too?

There are many things to consider with this situation, but it is a pretty straight forward task.

scottie
 
Upvote 0 Downvote
Thanks Scottie, this is starting to look like a plan!
I'm trying this at the moment, get most of the way through setting the slave up as an additional DC with the VPN up, can browse and sellect the 'prime' site domain name, but then get a 'domain is not contactable' message when I try and complete the AD wizard on the 'slave'. You mention DHCP, guess it'll stay tuned off on the 'slave' untill I bring it on site.
Thanks for the input.
 
Upvote 0 Downvote
I have used Double Take from NSI software for server replication for workgroup server(works great) but Active directory is another matter. As far as I know there is no replication software which will work with active directory and create a fail over FSMO server.

If both server have the same hardware...
I think the best you can do is continue replicating the data to a server across the WAN, maintain backups of the FSMO at the office, including the system state, rotate tapes off site. Should the office server fail, you would need to do a Full non authoritative restore to the second machine. Making the second machine a DC would only complicate matters, unless it was located at the main office site.

Also with the bandwidth you have, at this point you are lucky you can complete the sync.





 
Upvote 0 Downvote
if you back up your dhcp database winnt\system32\dhcp, you can restore this on another authorized dhcp server (the 'new' primary) and you will retain the present addressing, scopes, ect... just a thought
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
968
suncit
suncit
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
552
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
735
Aquiles Vidal
Aquiles Vidal
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
687
fightaccording
fightaccording
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
439
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top