Re: Taking over Operations Master / DC roles
From: Sonny (turbovw18_at_hotmail.com)
Date: 12/28/04
- Next message: Doug Danco: "How do you tell who created a user account?"
- Previous message: Tiago: "Directory Service Restore Password"
- In reply to: Herb Martin: "Re: Taking over Operations Master / DC roles"
- Next in thread: Herb Martin: "Re: Taking over Operations Master / DC roles"
- Reply: Herb Martin: "Re: Taking over Operations Master / DC roles"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Dec 2004 11:05:29 -0500
Thanks for the help Desmo,
"> The fact that you have TWO DCs IS A BACKUP. They
> should both be treated as NEARLY equal."
what do you mean? i just installed the OS on one machine 3 days ago... it
doesn't have updated tables for dns, no dhcp is being served, ad is
installed and replicated, but no user profiles or install directories are
loaded / active. the second dc IS GOING TO BE the backup... thus, the
reasoning for the post!
"> There is no reason the second DC cannot do ALL of
> that with the exception of the Single Master Roles."
i wouldn't understand how the second DC can take role of the logon server
without being operations master... how can i 'force' my users to logon to
the secondary DC (dc02) if the original DC is still up and running?
anyway... my gameplan is to get the server updated and all info copied...
Get the DNS setup and all my other odds and ends to the point that they are
almost identical. I will need to copy all user profiles to DC2 on the night
of the migration so that all roaming profiles are updated on the new server.
Should i assume the old DC1's IP address on the new machine and allow DNS to
make the name changes accordingly? my old DC1 is a DNS server and a WINS
server... so all clients have it's address as the primary dns server as well
as the wins server... to avoid changing those via GP or DHCP, could i simply
assume the IP on the new DC2 and allow DNS to take care of name resolution?
so i can simply change the FSMO roles to DC2 while DC1 is up and then shut
down DC1. should i dcpromo the DC1 so that the network knows it's out of
the picture? After all that is when i should probably make my IP changes.
Any insight?
i do appreciate the help!
"Herb Martin" <news@LearnQuick.com> wrote in message
news:ex4OP7H7EHA.3828@TK2MSFTNGP09.phx.gbl...
> "Sonny" <turbovw18@hotmail.com> wrote in message
> news:#P$5UzE7EHA.1452@TK2MSFTNGP11.phx.gbl...
> > Hello,
> >
> > I am a new network admin to a company. I did not get to setup the
domain
> > here, so i don't have 100% of the backround knowledge that makes jobs
like
> > this one easy.
> >
> > What i was asked to do, is to setup a machine to replicate data to for a
> > 'backup' per se... i did this months ago, the machine is a server,
online,
> > replicating AD and we are manually replicating using Robocopy some
info...
> i
> > was asked to plan out and configure this backup as my production DC.
>
> Read what Desmond wrote also.
>
> > My boss suggested that he wanted it to be fast and complete, without too
> > much work. His plan was to down the current DC, start up the other DC
and
> > rename it to that of the old DC, statically setting the name, IP's, DNS,
> > DHCP of the other box.
>
> That is not (usually) a realistic strategy and fights the
> way that AD actually works.
>
> For instance, it is non-trivial (and most times impossible)
> to rename a DC.
>
> The fact that you have TWO DCs IS A BACKUP. They
> should both be treated as NEARLY equal.
>
> All DCs are equal, some are more equal than others....
>
> > In my mind i would never migrate the Operations Master this way.
> > I was wondering if anyone had some writeups on changing from one DC /
> logon
> > server to another.
>
> Don't even think of it this way.
>
> What you might need to do however is SEIZE the
> Operation Master roles if the other DC cannot be
> returned to the network expeditiously.
>
> Once you SEIZE roles however you CANNOT (must
> not) return the original role holder to the network for
> longer than it takes to DCPromo it to a non-DC.
>
> The gaol is to always TRANSFER the roles when
> working on a DC which holds them -- this solves all
> but the unexpected catastrophic crash (ie., hard drive
> stops spinning.)
>
> > all that is really run on this box is AD, user's roaming profiles, one
> > mapped install directory, and a time server.
>
> What about DNS? Probably should be included and
> the other DC should run it as well (both AD integrated
> and both set in every CLIENT NIC->IP properties.)
>
> Same for GC. (Sites and Services)
>
> There is no reason the second DC cannot do ALL of
> that with the exception of the Single Master Roles.
>
> In a true emergence you seize those roles -- and keep
> on working.
>
> If you have to seize any roles -- you perform a DCPromo
> cycle (i.e., DCPromo to non-DC then back to new DC)
> on the repaired machine when it works again.
>
> > I was going to change the role of the Operations Master to that of the
> other
> > DC while both servers were live... i was also going to swap over RID and
> PDC
> > roles.
>
> That is the right way to TRANSFER roles BEFORE
> you do something to the role holder (if you can.)
>
> Remember that every domain has 3 single master roles,
> and the forest (usually the first domain first dc) has
> 2 more of these for the whole forest.
>
> Forest wide:
> Schema and Domain Naming Masters
>
> Domain specific:
> PDC Emulator, RID and Infracture Masters
>
>
> --
> Herb Martin
>
>
> > Thanks for any input!
> >
> >
>
>
- Next message: Doug Danco: "How do you tell who created a user account?"
- Previous message: Tiago: "Directory Service Restore Password"
- In reply to: Herb Martin: "Re: Taking over Operations Master / DC roles"
- Next in thread: Herb Martin: "Re: Taking over Operations Master / DC roles"
- Reply: Herb Martin: "Re: Taking over Operations Master / DC roles"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
