Re: DC Query
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Sat, 12 Nov 2005 14:45:53 -0700
With all due respect Arkane, your management is really painting themselves
(and you) into a corner seemingly needlessly.
It's important to understand their thinking and the 'why' part of their
requirements before designing a robust solution instead of just creating a
Band-Aid patchwork kludge.
--
/kj
"Arkane" <Arkane@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E520C3A3-1FC9-4201-86A5-6C6E81BD9EF1@xxxxxxxxxxxxxxxx
> KJ: Thanks for that link, it looks like a good arguement I can use to keep
> the second DC online, as long as clients don't logon to it then it should
> do
> what we originally wanted it to do.
>
> Paul: A bit of background might help - the first DC was put in place some
> 2
> years ago as a single DC for the entire site. It was never envisaged or
> thought that the number of computers and users would grow as it has done.
> This DC went belly-up about 2 weeks ago, no-one could logon or do
> anything,
> as a result management got scared of what could happen. They ordered a new
> server and wanted it put in so people could logon if the first DC ever
> went
> down again. This was fine up until the clients started to use the
> secondary
> DC last week, sometimes they would use the first DC, sometimes the second.
> I
> couldn't track down a pattern to why it was doing this, the first DC
> wasn't
> under heavy load or anything that I could see. Management ordered the
> secondary DC to be shut down or to be crippled so it couldn't log users on
> except with manual intervention, in the event that the first DC goes down.
>
> I didn't like this idea entirely, but you know how it goes - so I left the
> secondary DC online and changed the login scripts to point everything at
> the
> first DC. Not the way I like to do things. I was told I couldn't have
> another
> server just for the data, it had to stay on the first DC. They didn't want
> the data on the second DC (not sure why).
>
> I thought if I could convince them to let me use DFS, I could replicate
> the
> data across both servers, so if the first DC did go down, the secondary
> could
> do it's job and still have copies of important data sets. I didn't want to
> approach them with this idea until I knew DFS could cope with disk quotas
> or
> whether I'd have to either remove disk quotas or go for a 3rd party
> solution.
>
> The link KJ provided lets me do what management want, but it's not a very
> robust solution in terms of keeping the data accessible and secure.
>
> So, all I need to know is if I have disk quotas on the first DC and use
> the
> same quotas on the second DC and then install DFS, am I going to have
> problems with quotas not being supported by DFS or am I getting somewhat
> confused?
>
> Another thought - if I were to replicate the shares and data manually (to
> avoid massive amounts of replication when DFS is first setup), would that
> cause any problems or should I just let DFS and FRS handle it?
>
> "kj" wrote:
>
>> OK, well I believe this is what I was thinking. Suggest OP research and
>> test
>> and consider other opinions as I haven't tested it myself (yet, but I
>> have
>> an ideal candidate in mind!).
>>
>> Quote from the article
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;315071
>> ===
>> "If the setting is applied to one domain controller, reduce the DNS LDAP
>> priority on the domain controller so that clients are less likely use the
>> server for authentication. On the domain controller with the increase
>> priority, use the following registry setting to set LdapSrvPriority:
>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
>> On the Edit menu, click Add Value, and then add the following registry
>> value:
>> Entry name: LdapSrvPriority
>> Data type: REG_DWORD
>> Value: Set the value to the value of the priority that you want."
>> ===
>> More information can be found in
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;306602
>>
>> SRV priority is like MX records and the default priority is 100, so use
>> something like 200 on the non preferred DC.
>>
>> --
>> /kj
>> "kj" <kj@xxxxxxxxxxx> wrote in message
>> news:OQPHaI75FHA.2888@xxxxxxxxxxxxxxxxxxxxxxx
>> > If one were to have capability mismatched servers, like say a Virtual
>> > Machine or a very low end Server platform providing just a second
>> > source
>> > for AD. Otherwise, like you said Paul, what's the point?
>> >
>> > As I recall, there was a way (registery setting?) to have the DC
>> > register
>> > SRV records with a different (lower) priority. It would keep the second
>> > DC
>> > online and replication current, yet not be primary target of logons and
>> > lookups.
>> >
>> > I'll dig around and see if I can find it.....
>> >
>> > --
>> > /kj
>> > "Paul Bergson" <pbergson@xxxxxxxxxx> wrote in message
>> > news:%23QM5$x65FHA.1032@xxxxxxxxxxxxxxxxxxxxxxx
>> >> AD is a multi-master DB why would you not want to so you would have a
>> >> balanaced work load. If you have set it up so only one responds then
>> >> you
>> >> would have to intervene instead of the system doing it automatically
>> >> for
>> >> you. If you were to shut this dc off and only turn it on in the event
>> >> of
>> >> an
>> >> emergency you wouldn't have a proper ad replication (Out of sync and
>> >> tombstoned).
>> >>
>> >> I highly, highly recommend against this.
>> >>
>> >> --
>> >>
>> >>
>> >> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>> >>
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> rights.
>> >>
>> >>
>> >> "Arkane" <Arkane@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:480E03AD-B929-4793-8E3C-42C2C33F60C9@xxxxxxxxxxxxxxxx
>> >>> Hi there,
>> >>>
>> >>> We have a single DC (AD Win 2003 Native), we added a secondary DC to
>> >> provide
>> >>> a backup for the AD. However we've found that some clients are logged
>> >>> in
>> >> by
>> >>> the first DC and some by the second. We thought all clients would be
>> >> logged
>> >>> in by the first DC unless the first DC was offline.
>> >>>
>> >>> How can we make the clients logon to the first DC and only logon to
>> >>> the
>> >>> second DC if the first one is offline?
>> >>>
>> >>> Thanks.
>> >>
>> >>
>> >
>> >
>>
>>
>>
.
- References:
- Re: DC Query
- From: Paul Bergson
- Re: DC Query
- From: kj
- Re: DC Query
- From: kj
- Re: DC Query
- From: Arkane
- Re: DC Query
- Prev by Date: Re: DC Query
- Next by Date: Re: Domain Controller Load Testing [URGENT]
- Previous by thread: Re: DC Query
- Next by thread: Re: DC Query
- Index(es):
Relevant Pages
|
