Re: Global Catalog Failure

"Janelle" <Janelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9DBB88AE-F3EB-4A01-9411-EB746D519E99@xxxxxxxxxxxxxxxx
Yes I have used netdiag and dcdiag before and I have installed the support
tools. But it does nothing when you have a hardware failure. My biggest
issue
is to provide failover at an economical cost


Paul is helping too and this week and next I am teaching (12
hour days) so may respond slowly.

First, you SHOULD have more than one DC if possible.
And for small forests or single domain forest EVERY DC
should be a GC.

You SHOULD be able to make a DC a GC even if their
is no other GC.

Second: You should have an SYSTEM STATE backup of
two or more DCs for recovery.

If you only have one DC, then the SYSTEM STATE backup
is even more critical. (And you likely need a full backup
of the machine as well, but the system state is for recovering
the AD.)

If you are running Win2003 server I would recommend an
ASR backup which is a 'superset' of the System State backup.

If you have a quality backup utility you might have some
feature there that allows for restoring from a bootable CD
but the above is a MINIMUM.




--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


"Paul Bergson" wrote:

You should some tests against your production system if you are concerned
about its helth.

If you need to run diagnostics against your Active Directory domain.
Microsoft has written two good command line utilities that provide
information to help troubleshoot problems you maybe experiencing.
Knowing
which switch options to select may not always be simple, but with this
front
end click and go.

You will still need the two command line tools. If you don't have the
tools
installed, you can install them from your server install disk.

d:\support\tools\setup.exe -or- The links to the files reside on the
script download page listed below.


The script provides the option to run individual tests without having to
learn all the switch options. It automagically outputs the test details
to
a text file and calls this text file up at the completion of the test.
This
makes it much easier to read and save the details for future use and
analysis.

The front end is an hta file that provides check boxes, radio buttons and
dialogue boxes for input. You have the option to select the local server
or
a remote DC via a text box.

This script is customizable. The storage location of the script storage
of
the output logfiles and diagnostic tools are modified by a const
definition
in the working storage section.

The script is at http://pbbergs.dynu.com/windows/windows.htm, click
downloads and then select the DCDiag GUI..., download it and save it to:
c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no
rights.

"Janelle" <Janelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:71B82F5A-9753-48DB-8900-04E314643B66@xxxxxxxxxxxxxxxx
I tried to promote my DC to a GC (in my test domain)and it looked like
it
was
but it didn't work that way.
I lost my GC to a hardware failure and my test domain has not been set
to
backup at this time. But I was never able to disjoin the old GC and
things
never worked right so I rebuilt my test domain. This makes me concerned
about
the real network and disaster recovery. Any ideas?

"Herb Martin" wrote:

"Janelle" <Janelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2A536EEA-4897-451C-BA0E-7D63D75B01AA@xxxxxxxxxxxxxxxx
I have 5 child domains in a single forrest and one global catalog.

With five domains you must EITHER:

1) Make every DC a GC (or)
2) Make sure the INFRASTUCTURE Masters are NOT GCs

(Making an IM a GC interferes with it's function but if every DC
in the forest is a GC that become irrelevant.)

Note: You should NOT make every DC a GC in a LARGE forest,
but you have indicated this is not the case for your network.

Yes I was
instructed that a singular global catalog was fine

In general, that is bad advise you were given.

You should have a MINIMUM of one GC per SITE.

You should have a MINIMUM of two GCs per site for fault tolerance.

Generally this means you want to have 2 x Sites GCs as a working
minimum.

But with small forests you can just make all DCs GCs and get
fault tolerance for practically no cost.

and that BDC were a thing
of the past.

NT-BDCs are still supported but Win2000+ DCs are neither
"Primary" (PDC) nor "Backup" (BDC) - they are just DCs.

You can have as many DCs per domain as you wish (as make
sense, as you can afford.)

So how can I have a global catalog at each? Is this a working
network structure you currently have in place?

Yes. Most everyone with single domain forests or small forests
(or such customers) does this once they understand what GCs
do and the implications.

For large forests, the rule of 2 x Sites = GCs PLUS more for
performance of "network applications" (e.g., Exchange) is used.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


"Herb Martin" wrote:

"Janelle" <Janelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8D7A72AD-C3D7-470D-A3B2-570EBDA9E1B1@xxxxxxxxxxxxxxxx
No misunderstanding we only have one global catalog,

The implication of the SINGULAR is that you believe that
you are to have but one GC....

we are a small company with limited resources.

And since you already have multiple DCs you can have
multiple GCs for free.

Why should there be more than one global catalog?

For fault tolerance. You need a GC for reliable logins
AND for other purposes (e.g., Exchange etc.)

Since you have multiple DC and a SMALL forest of one
domain you should just make EVERY DC a GC.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Herb Martin" wrote:

"Janelle" <Janelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D8F65831-1C90-42D1-9243-F246A3F1ABF1@xxxxxxxxxxxxxxxx
My global catalog failed in my test domain, there is no
inexpensive
way
to
rebuild it so I have opted to buy an new one. This may me
begin
to
question
what I would do if I had a irrepairable failure of the global
catalog
in
my
real network. How do you replace the global catalog in an
active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp.
logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]














.