Options
One Domain controller - tombstone lifetime?
higherho
Member Posts: 882
Hello all,
What is the longest time your only domain controller can be offline before your domain starts having issues? I understand if it goes down immediatly you wont be able to log into the domain but what happens after a few days go by? I understand if you have two and replication doesn't happen you can lose your FISMO roles off that DC that went down.
What is the longest time your only domain controller can be offline before your domain starts having issues? I understand if it goes down immediatly you wont be able to log into the domain but what happens after a few days go by? I understand if you have two and replication doesn't happen you can lose your FISMO roles off that DC that went down.
Comments
-
Optionscruwl
Member Posts: 341 ■■□□□□□□□□
If you only had one, everything that relies on AD DS would be down. You may be able to login to the machines if there is a cashed profile. BUt more then likely you dont have DNS either. If you had 2, and the one that went down isnt coming back you could seize the FSMO roles from it if needed.
If you lost a hardware part, you should be able to replace it and bring the DC back only. If the DC Is just turned off ect nothing will happen to it as long as you can boot it up later. example if its offline for a week, when you boot it up 7 days later the AD should still be there ect. I do this all the time with my VMs, entire domains will be offline for a month or 2 until I need to do something. I power them all on and its as if nothing happen.
Hope this helps. -
Options
crrussell3
Member Posts: 561
Your domain controller being offline for an extended amount of time can cause trust issues between member servers/workstations.MCTS: Windows Vista, Configuration
MCTS: Windows WS08 Active Directory, Configuration -
Options
ITMonkey
Member Posts: 200
... not to mention, if the DS is down for a long time, think more about the dwindling amount of trust your boss and co-workers will have in you. lol -
Optionshigherho
Member Posts: 882
Thanks everyone for the info! I thought as much, just wanted to make sure. I appreciate your feedback... not to mention, if the DS is down for a long time, think more about the dwindling amount of trust your boss and co-workers will have in you. lol
O it wasn't me, it was someone who is a tester unplugged a bunch of the servers (including the DC) while I'm on training. Not to mention messed up our MySQL box =/ -
Optionscruwl
Member Posts: 341 ■■□□□□□□□□
I would recommend you guys get atleast a 2nd DC up and running.... just my $0.02
-
Options
cyberguypr
Mod Posts: 6,928 Mod
I didn't say anything before because I wasn't sure If this scenario was hypothetical or actual production. Following Cruwl's comments, why is there only one DC? IS the environment that small?
Another thing, if anyone can go unplug servers then you have a serious physical security issue. -
Optionshigherho
Member Posts: 882
cyberguypr wrote: »I didn't say anything before because I wasn't sure If this scenario was hypothetical or actual production. Following Cruwl's comments, why is there only one DC? IS the environment that small?
Its a lab enviroment, not a high availability development or production evnrioment. The other enviroment we have is a mirroed enviroment of the production which non trained people do not touch (but it looks like I need to state that again). Resources are very limited sadly. I will be checking into if we have anything extra lying around to build another DC.
Another thing, if anyone can go unplug servers then you have a serious physical security issue.
Its a lab theres really good security in terms of how to get into the lab (govt lab). All the racks for anyones racks are right on the floor (this lab is huge and you can fit over 1k racks easily into this. Sharing the space with other projects. The person who did it was a tester doing hardware inventory =/
