Back up Active directory domain controller? 1

[todesengel]

Hi all,

Currently, my network only has one AC domain controller. I have been assigned with the task of making a backup DC for redundancy. My question is, how do I do this? Basically, I need a duplicate of the first Domain controller that will automatically take over if the first was to fail.

Any help on how to do this would be greatly appreciated, thanks.

 

[FredUG]

Assuming your existing DC is in good shape, basically, all you need to do is:

Install Win2k server
Run DCPROMO (follow the instructions)

Done...

Good luck,

FredUG

 

[todesengel]

dcpromo is it? I've read about using that, but I wasn't sure if that was the only step... seems too easy. But, if I run DCPROMO, set the server to be on an existing domain, and answer all of the wizard questions correctly, it will automatically copy settings and whatnot?

 

[dgarner58]

it will essentially turn the new server into a replication server. set the new dc up as a dc in an existing domain. active directory will then begin to replicate among the new and existing dc.

 

[GlenJohnson]

The fine folks are correct. What you really need is not a machine that sets in the corner waiting for the main machine to die, you want 2 domain controlers for redundancy. Once you have at least 2 dc's, they will replicate all AD, DNS, DHCP, WINS, whatever your using. This way, you can re-boot one of them all day long, and it won't affect users unless there are files or printers installed on that server. Good luck.

Glen A. Johnson
"To fear the worst oft cures the worse."
William Shakespeare (1564-1616); English dramatist, poet.

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[lukedowning]

Just to let you know even with two dc's you can't just take the original out of commission. Although Microsoft says there are no more primary domain controllers if you ever want to get rid of the original you have to move physical roles to another domain controller. Just a heads up for the future.

 

[gazzanewpy]

Also, running DCPROMO only creates a second AD server, that uses replication to mirror the primary DC (which is not the term meant for an AD environment). Replication itself has errors and needs watching and takes time (up to 90 minutes to copy one item from the PDC to another system, according to the documentation).

If you are looking for a reliable backup system then we have recently moved to imaging and in particular Deploy Center. Unlike normal backup, if a server does blow (and we have UPS, backup PSUs and RAID) then we do not have to reinstall Windows 2000 Server and then recover from a backup tape (taking hours), we simply run the image file and recover in under half an hour. It also works with workstations!

 

[LeafyJellyFish]

Could you elaborate a little on moving physical roles? I have two dc's and have been trying to take 1st one offline for maintenance purposes, and whenever I do, it takes all the user accounts with it. Users cannot login, or if they are logged in, cannot access any part of the network.

Thanks
LeafyJellyFish

 

[abrannon]

I believe your problem is caused by either not having the second server setup as a Global Catalog Server (GC), use the Ad Sites and Services mmc, Sites/(Site Name)/Server/(server Name)/NTDS Settings. At NTDS Settings right click on it and go to properties. Place a check in the "Global Catalog" box, allow this to replicate and you should be able to take the orginal server down for maintenance. This does not mean that you can take it down indefinetly, or wipe it clean to do that you will have to switch physcal role such as FSMO to the second server.

 

[LeafyJellyFish]

I transferred all the roles, with the exception of Active Directory Schema. I get an error message that says I don't have ADS installed, and I have to install the adminpak off the server cd. So when I am halfway through the adminpak install I get another message that is asking me for the windows cd???

Thanks
LeafyJellyFish