Re: Taking over Operations Master / DC roles
From: Herb Martin (news_at_LearnQuick.com)
Date: 12/28/04
- Next message: Desmond Lee: "RE: Directory Service Restore Password"
- Previous message: Doug Danco: "How do you tell who created a user account?"
- In reply to: Sonny: "Re: Taking over Operations Master / DC roles"
- Next in thread: Sonny: "Re: Taking over Operations Master / DC roles"
- Reply: Sonny: "Re: Taking over Operations Master / DC roles"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Dec 2004 10:53:51 -0600
"Sonny" <turbovw18@hotmail.com> wrote in message
news:evpYOcP7EHA.1408@TK2MSFTNGP10.phx.gbl...
>
> Thanks for the help Desmo,
>
>
> "> The fact that you have TWO DCs IS A BACKUP. They
> > should both be treated as NEARLY equal."
>
> what do you mean? i just installed the OS on one machine 3 days ago... it
> doesn't have updated tables for dns, no dhcp is being served, ad is
> installed and replicated, but no user profiles or install directories are
> loaded / active. the second dc IS GOING TO BE the backup... thus, the
> reasoning for the post!
I suggested you replicate the DNS service and zones
as well.
Neither DHCP or User Profiles are a "DC" function
and although I agree you should make arrangements
you indicateed "just a DC."
As a DC it is fully backedup by replication, but I
would personally consdider DNS needs to be part
of that.
There is no perfect DHCP backup method except
perhaps for clustering with shared disc space so
best (IF you have enough IP addresses) is to just
put up two DHCP servers with different available
ranges (on the DC.)
Remember that in DHCP you should OVERLAP the
ranges, and use exclusion to avoid distributing
duplicate IPs, rather than completely separate the
scopes (as many of us were taught years ago.)
This avoids one DHCP NAK addresses of the other.
Profile storage is a File Server function, but the
profiles are backed up on the workstations through
locally cached profiles (don't let this stop you from
making another copy.)
> "> There is no reason the second DC cannot do ALL of
> > that with the exception of the Single Master Roles."
>
> i wouldn't understand how the second DC can take role of the logon server
> without being operations master... how can i 'force' my users to logon to
> the secondary DC (dc02) if the original DC is still up and running?
ANY DC can logon a user or computer -- this is
what DCs to -- even BDCs.
In Native Mode+, it requires a GC but you can have
as many of those as you wish and with one domain
or small forests it is common to make ALL DCs into
GCs.
> anyway... my gameplan is to get the server updated and all info copied...
> Get the DNS setup and all my other odds and ends to the point that they
are
> almost identical. I will need to copy all user profiles to DC2 on the
night
> of the migration so that all roaming profiles are updated on the new
server.
Are you migrating?
I thought you were testing disaster recover?
> Should i assume the old DC1's IP address on the new machine and allow DNS
to
> make the name changes accordingly? my old DC1 is a DNS server and a WINS
No. You will probably screw up more than way than
it will help.
> server... so all clients have it's address as the primary dns server as
well
Clients don't understand the concept of "Primary" DNS
server.
They should all have one of the DNS servers as PREFERRED
and the other as SECONDARY.
If one goes down they will use the other.
> as the wins server... to avoid changing those via GP or DHCP, could i
simply
> assume the IP on the new DC2 and allow DNS to take care of name
resolution?
Same for WINS -- give all the clients both WINS server addresses.
> so i can simply change the FSMO roles to DC2 while DC1 is up and then shut
> down DC1. should i dcpromo the DC1 so that the network knows it's out of
> the picture? After all that is when i should probably make my IP changes.
IF DC1 is not expected to return you should DCPromo
it to a non-DC.
(Again, I thought you were testing disaster recovery.)
If you REALLY want to migrate there are better/easier
ways perhaps.
My favorite (for Win2000) is to to do a backup/restore
on the new hardware, followed by a Repair Install from
the OS CDROM to fix hardware differences.
> Any insight?
>
> i do appreciate the help!
>
-- Herb Martin > > > > "Herb Martin" <news@LearnQuick.com> wrote in message > news:ex4OP7H7EHA.3828@TK2MSFTNGP09.phx.gbl... > > "Sonny" <turbovw18@hotmail.com> wrote in message > > news:#P$5UzE7EHA.1452@TK2MSFTNGP11.phx.gbl... > > > Hello, > > > > > > I am a new network admin to a company. I did not get to setup the > domain > > > here, so i don't have 100% of the backround knowledge that makes jobs > like > > > this one easy. > > > > > > What i was asked to do, is to setup a machine to replicate data to for a > > > 'backup' per se... i did this months ago, the machine is a server, > online, > > > replicating AD and we are manually replicating using Robocopy some > info... > > i > > > was asked to plan out and configure this backup as my production DC. > > > > Read what Desmond wrote also. > > > > > My boss suggested that he wanted it to be fast and complete, without too > > > much work. His plan was to down the current DC, start up the other DC > and > > > rename it to that of the old DC, statically setting the name, IP's, DNS, > > > DHCP of the other box. > > > > That is not (usually) a realistic strategy and fights the > > way that AD actually works. > > > > For instance, it is non-trivial (and most times impossible) > > to rename a DC. > > > > The fact that you have TWO DCs IS A BACKUP. They > > should both be treated as NEARLY equal. > > > > All DCs are equal, some are more equal than others.... > > > > > In my mind i would never migrate the Operations Master this way. > > > I was wondering if anyone had some writeups on changing from one DC / > > logon > > > server to another. > > > > Don't even think of it this way. > > > > What you might need to do however is SEIZE the > > Operation Master roles if the other DC cannot be > > returned to the network expeditiously. > > > > Once you SEIZE roles however you CANNOT (must > > not) return the original role holder to the network for > > longer than it takes to DCPromo it to a non-DC. > > > > The gaol is to always TRANSFER the roles when > > working on a DC which holds them -- this solves all > > but the unexpected catastrophic crash (ie., hard drive > > stops spinning.) > > > > > all that is really run on this box is AD, user's roaming profiles, one > > > mapped install directory, and a time server. > > > > What about DNS? Probably should be included and > > the other DC should run it as well (both AD integrated > > and both set in every CLIENT NIC->IP properties.) > > > > Same for GC. (Sites and Services) > > > > There is no reason the second DC cannot do ALL of > > that with the exception of the Single Master Roles. > > > > In a true emergence you seize those roles -- and keep > > on working. > > > > If you have to seize any roles -- you perform a DCPromo > > cycle (i.e., DCPromo to non-DC then back to new DC) > > on the repaired machine when it works again. > > > > > I was going to change the role of the Operations Master to that of the > > other > > > DC while both servers were live... i was also going to swap over RID and > > PDC > > > roles. > > > > That is the right way to TRANSFER roles BEFORE > > you do something to the role holder (if you can.) > > > > Remember that every domain has 3 single master roles, > > and the forest (usually the first domain first dc) has > > 2 more of these for the whole forest. > > > > Forest wide: > > Schema and Domain Naming Masters > > > > Domain specific: > > PDC Emulator, RID and Infracture Masters > > > > > > -- > > Herb Martin > > > > > > > Thanks for any input! > > > > > > > > > > > >
- Next message: Desmond Lee: "RE: Directory Service Restore Password"
- Previous message: Doug Danco: "How do you tell who created a user account?"
- In reply to: Sonny: "Re: Taking over Operations Master / DC roles"
- Next in thread: Sonny: "Re: Taking over Operations Master / DC roles"
- Reply: Sonny: "Re: Taking over Operations Master / DC roles"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
