2003 child domain behavior
mikearama
Member Posts: 749
Alright techies... let's see who's got a handle on this one.
I have set up a lab scenerio to match of hot DR setup. In it I've created a child domain connected and trusted to our root domain.
In the lab, if I physically disconnect the child domain from the root, the child DC's continue to provide all services to the child domain without issue. However, if I reboot the child DC's while disconnected from the parent domain, the DC's take somewhere in the area of 40 minutes to an hour before they begin offering AD services. I find that we cannot even log into the child domain during this phase.
From what I've read, this is the period of time when the DC's try continually to locate and connect to the forest root domain.
In a DR situation, I cannot afford to have a 40-60 minute window of non-service if I have to reboot the DC out there. Anyone know of a workaround... a way to speed up the process... perhaps an option somewhere to change the amount of time required before giving up on locating the parent domain?
Preciate any thoughts,
Mike
I have set up a lab scenerio to match of hot DR setup. In it I've created a child domain connected and trusted to our root domain.
In the lab, if I physically disconnect the child domain from the root, the child DC's continue to provide all services to the child domain without issue. However, if I reboot the child DC's while disconnected from the parent domain, the DC's take somewhere in the area of 40 minutes to an hour before they begin offering AD services. I find that we cannot even log into the child domain during this phase.
From what I've read, this is the period of time when the DC's try continually to locate and connect to the forest root domain.
In a DR situation, I cannot afford to have a 40-60 minute window of non-service if I have to reboot the DC out there. Anyone know of a workaround... a way to speed up the process... perhaps an option somewhere to change the amount of time required before giving up on locating the parent domain?
Preciate any thoughts,
Mike
There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
Comments
Our child domain runs AD-integrated DNS. All four of our DC's, including the DR-DC, are GC's. And DNS first does recursion to the root. In the event of a T1 failure to the root, then the built-in default internet DNS servers are used.
I don't know what that tells you, except that if the MPLS link connecting HO to DR were to be down, and the backup T1 from DR to the root is brought up, the root would then be able to see the DC's/GC's both at HO from one path, and the DC/GC at DR from another path. All DC's would then look to the root for DNS recursion and authorization.
Thoughts?
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.