Question about DCs
tomtech22
Member Posts: 1 ■□□□□□□□□□
Hi, I'm a JR Sys admin and am still learning about Servers and AD.
At work, we have a single domain across 2 sites (each site has a dozen computers or so running XP Pro). The 2 sites are connected via a PTP.
Our domain is running in Windows 2000 mixed functional level, and our forest is running Windows 2000 functional level. All our servers and DCs are Server 2003 R2.
I'm planning to raise the domain functional level to 2003.
At Site A, the PDC and a BDC are located here, along with the exchange server (2003).
At Site B, there is another BDC (Virtualized)
All the DCs have the server roles DNS, DHCP, and WINS server.
In case the PTP connection ever goes down, I want to make sure Site B (the side with no PDC) will be still be able to function (log in to domain etc.) They will use webmail since they can't access Site A (where exchange is located).
Currently the PDC at Site A holds all the FSMO roles. My main question is what is the best way to make sure Site B still can login to the domain without any visible problems to the users? Let's say the PTP is down for a few days to a week.
Through my research and limited understanding, my options are:
1. If the PTP goes down, then Site A and B can't talk to each other. Site A will be fine since the PDC is there.
On site B, we can promote the BDC to PDC and seize the FSMO roles. Once the PTP is restored, we remove the BDC and replace it with the original BDC vm.
2. Do nothing really. I read that it is okay if no FSMO roles exist on site B for a short while. Just minimize any changes (password resets etc.) and once link is restored everything will sync up.
3. ??
I know that a DC shouldn't be down more than 60 days (Tombstone) but it shouldn't get to that point. Are there any other concerns I need to worry about?
Thanks in advance. I work in a small company and am still learning (taking classes and learning on the job) etc.
At work, we have a single domain across 2 sites (each site has a dozen computers or so running XP Pro). The 2 sites are connected via a PTP.
Our domain is running in Windows 2000 mixed functional level, and our forest is running Windows 2000 functional level. All our servers and DCs are Server 2003 R2.
I'm planning to raise the domain functional level to 2003.
At Site A, the PDC and a BDC are located here, along with the exchange server (2003).
At Site B, there is another BDC (Virtualized)
All the DCs have the server roles DNS, DHCP, and WINS server.
In case the PTP connection ever goes down, I want to make sure Site B (the side with no PDC) will be still be able to function (log in to domain etc.) They will use webmail since they can't access Site A (where exchange is located).
Currently the PDC at Site A holds all the FSMO roles. My main question is what is the best way to make sure Site B still can login to the domain without any visible problems to the users? Let's say the PTP is down for a few days to a week.
Through my research and limited understanding, my options are:
1. If the PTP goes down, then Site A and B can't talk to each other. Site A will be fine since the PDC is there.
On site B, we can promote the BDC to PDC and seize the FSMO roles. Once the PTP is restored, we remove the BDC and replace it with the original BDC vm.
2. Do nothing really. I read that it is okay if no FSMO roles exist on site B for a short while. Just minimize any changes (password resets etc.) and once link is restored everything will sync up.
3. ??
I know that a DC shouldn't be down more than 60 days (Tombstone) but it shouldn't get to that point. Are there any other concerns I need to worry about?
Thanks in advance. I work in a small company and am still learning (taking classes and learning on the job) etc.
Comments
-
Devilsbane Member Posts: 4,214 ■■■■■■■■□□First, if you are using cached credentials, then users could log in without any dc at all for some time. If you have at least 2 DC's at each location, then you probably don't need to worry about using cached credentials since it is realativly unlikely that
both of those DC's should go down. And if you have both of those implemented, then you are awesome.Decide what to be and go be it. -
Hyper-Me Banned Posts: 2,059While users can log in with cached credentials, if your DCs are unavailable and are also your only listed DNS servers then the clients wont be able to browse the internet.
-
Devilsbane Member Posts: 4,214 ■■■■■■■■□□While users can log in with cached credentials, if your DCs are unavailable and are also your only listed DNS servers then the clients wont be able to browse the internet.
That is very true. You are also going to run into problems with obtaining and renewing leases because the DC's are also your DHCP. (Which is not recommended to do for performance reasons.)
That is why multiple servers is the best route to go. Even on a tight budget you can take an off the shelf desktop pc and put a server os on it. Not great for day to day work, but in a pinch you can get it online to give out IP's and authenticate users.Decide what to be and go be it.