"Spare" Win2k server 1

[DanielUK]

I've seen similar posts regarding this but from administrators with a number of domain controllers on their network. I've also posted to the win2000.networking group.

I have small network (5 machines) with one Dell Win2k server acting as domain controller. We've bought a second Dell server, slightly better spec which I am trying to replace the original server. Once the new server is in place I want the old server to remain offsite as a backup or spare system, so in the eventuality that the main server blows up/gets stolen, we have a machine set up very similar i.e.same machine name etc that we can simply plug into, restore just the data files and carry on as normal.

I've got information relating to two approaches, one being to set up and join the new server to the existing domain and then demoting the original server, and the other being to follow the microsoft instructions of "moving Win2k to different hardware". I have actually tried setting up the second server, joining it to existing domain and synching the records etc but the instructions indicate that the original server then has to be demoted after transfering roles, which I don't want as they essentially need to be a copy of each other, not a replacement as such.

Another issue with introducing it as an extra domain controller is that, because it can't be named the same as the existing server, my mappings that point the "Public" drive on the original server would need changing on the client machines to point to the new server name. Is this normal or acceptable to have to do or am I missing something? With a small network as mine it wouldn't take long to change the mappings on each client to point to the "public" directory on the new server, but what
happens when you have many client machines? Most of the information I've seen pertains to replacing the domain controller, as opposed to what I'm trying to do in setting a "spare" up with the same name.

Any advice?

Thanks

Dan

 

[micronmega]

Well if your users are all logging into the domain that you have on the original domain controller(DC1), replacing it with a machine of the same name will not work. The security ids of the two will be different and users will not be able to authenticate.

Your best bet would be to make the second machine(DC2 we'll call it) a domain controller, transfer the roles and the data, and just leave the original (DC1) online. That way you have some redundancy for authentication. You'll have to restore the data for the shares, and remap people, but at least you have a server up and running to do that on.

If you really want to get fancy, setup a dfs tree. With DFS you can setup a replication between DC1 and DC2, users will no longer connect to the \\dc1\shares area, they now connect to the tree \\yourtreenamehere\shares. If either machine goes down users are still able to access shares without admin intervention. There are some drawbacks to running DFS on a domain controller, but as long as you don't have hundreds of gigs of info you should be fine.

 

[AJP69]

Micronmega is quite right, you should just build the old server as another domain controller.

If you are going to do DFS make sure you have enough disk space on that old server.

A good idea for a weekend would be to do some disaster recovery testing. Test each scenario, e.g. Temp Dead Server, destroyed server, Damaged Windows etc.

If a server is truly dead you have to seize the roles of ther operations masters. The worst scenario is a stolen server, because you then have to change all the security and seize all the roles.

One of the most overlooked area's is printers.

One way to get a server back up very quickly is to ghost a good config to a hidden partition, then if Windows dies, you can bring the server back up quickly and update it from other DC's. You need to take these Ghosts regularly, you can now burn them to CD so a CDwriter in the server is a good option.

Have fun!

Aj

 

[DanielUK]

Thanks AJP69,

Well the second server is really just in case the primary one does get stolen, which as you say is the worst case scenario. I'll have to look a bit more in depth at this I think -I need to do a bit of reading up on FMSO roles I think!

Thanks

Dan

 

[AlexIT]

You want to keep the spare server online to keep its authetication up-to-date, otherwise you will have a bunch of users complaining that their passwords don't work...because they changed them after you took the "spare" offline. Set up a second DC and if your other box goes missing you can easily change the FMSO roles to make the spare server king. Regular backups are always a good idea!

 

[DanielUK]

Thanks again. Hmmm, I'm wondering what to do now. The whole idea is to get a backup server off the premises i.e. not have one hanging around just in case both are stolen/a fire/earthquake/avalanche/flood etc. Is the passwords the only issue with talking it offline? We have so few users that it wouldn't take me long to reset 5/6 user passwords. I was about to attempt Micronmega's idea of setting it up as a domain controller and transferring the roles and then disconnecting, leaving only passwords to change and data to restore if the wrst happens. Does this sound like a good idea?

Thanks for everyone's help and advice so far,

Dan

 

[micronmega]

If you are really that worried about having a backup server off site, then yeah you can just transfer the roles to your new machine that you want to leave there, then take the old one offline. If you ever need to bring it online(like if your other DC got stolen) you'll need to go in and reset some passwords, restore the data, and remap the users.

 

[DanielUK]

Thanks to everyone who responded, I am now a lot clearer on this.

 

[DanielUK]

I'm setting our "spare" offsite second server up now after a delay of a couple of months.

I understood what everyone suggested about setting up this spare server as a domain controller, transferring the roles from the existing server and then taking the spare offline and offsite (which is it's purpose -a spare to literally plug in, in the event of the first one dying/being stolen etc).

BUT, should I be transferring the roles from the first server if I want it to stay online? From what I've read only one domain controller can perform these tasks -what I seem to be asking is for the existing one to perform the FSMO tasks AS WELL AS the spare server. If I don't want to be transferring roles from the existing server, in the eventuality that I need to plug this spare in, would I then need to seize the roles, as it clearly won't be set up to perform the FSMO tasks for the domain?

Thanks for any advice, I thought I had this clear in my head until now!

Thanks

Dan

 

[funkygibbon]

You'd need to leave the roles on the first server, and then seize them if you ever put in the second server as a replacement. But I'm not sure that I would set up the second server and then just unplug it and lock it away somewhere. The first server will continue to try to replicate with server 2 and there'll be all sorts of carnage in your Event Logs. It might all be OK long term, but I'd be wary of doing this - I suspect that way lies DS corruption and other Bad Things.

I would be inclined to image the first server onto a disk or CD as AJP69 suggests. Assuming the hardware of your second server is similar you'll probably get away with just plugging the imaged disk into it, and then you've got a clone of server1. You'd need to restore data from backup, but if you took the image on a regular basis it should be pretty quick. Have to confess I haven't tried it though, but you could test all this out offline without any risk to your first server.

 

[DanielUK]

Thanks Funkygibbon, that's what I suspected.

This server needs to be offsite as it's a backup against anything physically happening to the main server or the building it's in (either fire/stolen etc), that allows us to quickly resume our business with mimimum downtime. I was hoping to literally be able to plug the spare in, transfer the backup data onto it and remap the clients and continue as normal.

I didn't think about replication and the Event Logs. I was planning on bringing in the spare at regular intervals to replicate with the main server, so things like accounts and passwords were fairly up to date. Can I not set the first server up to NOT replicate with the second server if it's not there, but reintroduce replication when I do bring it in?

Thanks again

Dan

 

[funkygibbon]

Q214678 describes changing the replication interval within a site, but I doubt MS were thinking of intra-site replication intervals of days/weeks when they implemented this, so "interesting" things might well happen.

If your second site is wired up you could have the second server there online, and configure it in a separate AD site in Sites & Services. But I'm guessing this isn't the case?

Bear in mind though that you won't be able to rename server2 as server1 in this scenario, so you'd need to transfer printers, edit login scripts, make sure drive permissions were consistent across the two servers etc. I think I'd be going for the imaging option were it me.

 

[DanielUK]

Thanks again,

The second server is not meant to be wired up, just as a standby "ready to go" if need be.

I am ok with the fact I can't call it the same name as the existing server. As it stands, all that's needed is a remapping of the "public" drive which contains the important data.

I've been through a couple of test runs and can log on/connect to either server at any one time with the clients with minimum fuss, if I transfer the roles and take the other offline. It's just this replication business that's worrying, as the first server tries to synchronise/update the second server that won't be there most of the time!

Initially, I was planning on ghosting the first server but that didn't go very well -I guess the slighly different server architecture was the reason. Maybe I should have a retry at that again. Seemed to me that the present method would be quickest to get a server reinstated!

Thanks

Dan

 

[DanielUK]

Just been thinking (bad idea..) trying to get my head round this replication business. What would you normally do if, say, a domain controller had to be taken away -for example it had to go away for a couple of weeks to be repaired so wouldn't be physically attached to the domain. What would you normally do in this scenario? Surely you could possibly run into problems with the replication intervals. Just thinking out loud.

Thanks

Dan

 

[funkygibbon]

I wouldn't really want this happening on my DCs, hence RAID arrays / redundant PSUs / 4 hour hardware callout contracts and all the rest of it. But if I knew that my server was going offline for an extended period, I would dcpromo it out of the picture and put another one in instead, even if it was just some spare workstation. If my server had crashed irreparably I'd put another one in with a different name, and clean the old one out of the AD via ntdsutil.

To be honest Active Directory is pretty resilient and using the scenario you suggested, you might never have any problems apart from a lot of activity in your Event Logs. But it just sounds a bit risky to me.

What problems did you encounter with Ghost?

 

[DanielUK]

I remember now, I couldn't get sysprep 1.1 to work properly -"Incompatibility between this tool and the current operating system" message that I couldn't resolve.

Then I started reading about trying to apply ghosts onto servers with different hardware and possible problems, so I thought it a better idea to set up a secondary server and be in a situation where all I'd need to do is restore the data to be up and running quickly, without having to worry about hardware conflicts etc Seems to of gotten a bit more complicated than I anticipated!

Having had a look at my event viewer I can see it's looking for the second server for replication. And it seems I can only set the interval to a maximum of a week. Pity I can't temporarily turn the replication off!

Thanks for all your replies.

Dan

 

[DanielUK]

I'm having difficulty finding the maximum time settings for replication intervals (I can find the minimums easy enough). Also, are the maximum values for "notify pause between DSAs" and "notify pause after modify" different ?

Thanks

Dan

 

[funkygibbon]

I *think* the Notify Pause After Modify maximum value is 9999 minutes, i.e. about a week, but I wouldn't put any money on it. This seems to be how it was in Exchange 5.5's DS, which is what AD is based on, but I suspect you're well into unchartered territory here!

 

[DanielUK]

Thanks, I've currently got it on a "safe" 48 hours just to stop these Event Logs piling up. I did see a week being bandied around yesterday but I lost the link and can't find it. I could give it a try...what's the worst that could happen..?!

Dan