Re: DC Query
- From: Arkane <Arkane@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 12 Nov 2005 13:04:01 -0800
KJ: Thanks for that link, it looks like a good arguement I can use to keep
the second DC online, as long as clients don't logon to it then it should do
what we originally wanted it to do.
Paul: A bit of background might help - the first DC was put in place some 2
years ago as a single DC for the entire site. It was never envisaged or
thought that the number of computers and users would grow as it has done.
This DC went belly-up about 2 weeks ago, no-one could logon or do anything,
as a result management got scared of what could happen. They ordered a new
server and wanted it put in so people could logon if the first DC ever went
down again. This was fine up until the clients started to use the secondary
DC last week, sometimes they would use the first DC, sometimes the second. I
couldn't track down a pattern to why it was doing this, the first DC wasn't
under heavy load or anything that I could see. Management ordered the
secondary DC to be shut down or to be crippled so it couldn't log users on
except with manual intervention, in the event that the first DC goes down.
I didn't like this idea entirely, but you know how it goes - so I left the
secondary DC online and changed the login scripts to point everything at the
first DC. Not the way I like to do things. I was told I couldn't have another
server just for the data, it had to stay on the first DC. They didn't want
the data on the second DC (not sure why).
I thought if I could convince them to let me use DFS, I could replicate the
data across both servers, so if the first DC did go down, the secondary could
do it's job and still have copies of important data sets. I didn't want to
approach them with this idea until I knew DFS could cope with disk quotas or
whether I'd have to either remove disk quotas or go for a 3rd party solution.
The link KJ provided lets me do what management want, but it's not a very
robust solution in terms of keeping the data accessible and secure.
So, all I need to know is if I have disk quotas on the first DC and use the
same quotas on the second DC and then install DFS, am I going to have
problems with quotas not being supported by DFS or am I getting somewhat
confused?
Another thought - if I were to replicate the shares and data manually (to
avoid massive amounts of replication when DFS is first setup), would that
cause any problems or should I just let DFS and FRS handle it?
"kj" wrote:
> OK, well I believe this is what I was thinking. Suggest OP research and test
> and consider other opinions as I haven't tested it myself (yet, but I have
> an ideal candidate in mind!).
>
> Quote from the article
> http://support.microsoft.com/default.aspx?scid=kb;en-us;315071
> ===
> "If the setting is applied to one domain controller, reduce the DNS LDAP
> priority on the domain controller so that clients are less likely use the
> server for authentication. On the domain controller with the increase
> priority, use the following registry setting to set LdapSrvPriority:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
> On the Edit menu, click Add Value, and then add the following registry
> value:
> Entry name: LdapSrvPriority
> Data type: REG_DWORD
> Value: Set the value to the value of the priority that you want."
> ===
> More information can be found in
> http://support.microsoft.com/default.aspx?scid=kb;en-us;306602
>
> SRV priority is like MX records and the default priority is 100, so use
> something like 200 on the non preferred DC.
>
> --
> /kj
> "kj" <kj@xxxxxxxxxxx> wrote in message
> news:OQPHaI75FHA.2888@xxxxxxxxxxxxxxxxxxxxxxx
> > If one were to have capability mismatched servers, like say a Virtual
> > Machine or a very low end Server platform providing just a second source
> > for AD. Otherwise, like you said Paul, what's the point?
> >
> > As I recall, there was a way (registery setting?) to have the DC register
> > SRV records with a different (lower) priority. It would keep the second DC
> > online and replication current, yet not be primary target of logons and
> > lookups.
> >
> > I'll dig around and see if I can find it.....
> >
> > --
> > /kj
> > "Paul Bergson" <pbergson@xxxxxxxxxx> wrote in message
> > news:%23QM5$x65FHA.1032@xxxxxxxxxxxxxxxxxxxxxxx
> >> AD is a multi-master DB why would you not want to so you would have a
> >> balanaced work load. If you have set it up so only one responds then you
> >> would have to intervene instead of the system doing it automatically for
> >> you. If you were to shut this dc off and only turn it on in the event of
> >> an
> >> emergency you wouldn't have a proper ad replication (Out of sync and
> >> tombstoned).
> >>
> >> I highly, highly recommend against this.
> >>
> >> --
> >>
> >>
> >> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >>
> >>
> >> "Arkane" <Arkane@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:480E03AD-B929-4793-8E3C-42C2C33F60C9@xxxxxxxxxxxxxxxx
> >>> Hi there,
> >>>
> >>> We have a single DC (AD Win 2003 Native), we added a secondary DC to
> >> provide
> >>> a backup for the AD. However we've found that some clients are logged in
> >> by
> >>> the first DC and some by the second. We thought all clients would be
> >> logged
> >>> in by the first DC unless the first DC was offline.
> >>>
> >>> How can we make the clients logon to the first DC and only logon to the
> >>> second DC if the first one is offline?
> >>>
> >>> Thanks.
> >>
> >>
> >
> >
>
>
>
.
- Follow-Ups:
- Re: DC Query
- From: Paul Bergson
- Re: DC Query
- From: kj
- Re: DC Query
- References:
- Re: DC Query
- From: Paul Bergson
- Re: DC Query
- From: kj
- Re: DC Query
- From: kj
- Re: DC Query
- Prev by Date: Re: security vs. distribution groups?
- Next by Date: Re: DC Query
- Previous by thread: Re: DC Query
- Next by thread: Re: DC Query
- Index(es):
Relevant Pages
|
