Re: DC Query

There wouldn't have been a problem had you always had two dc's up and
running the problem happen since you only had ONE up and running. Forget
all other arguments, you lose one dc and even if the other is on the side
(Unless you have replication going, I haven't look at the article kj came up
with but that sounds like it might work) you are just like you were before.

They should make management decisions and you should make IT decisions.
Keep both online all the time. If they can't follow your guidance I think
it is time you started looking for another job. If there is a disaster you
will be held respondsible.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Arkane" <Arkane@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E520C3A3-1FC9-4201-86A5-6C6E81BD9EF1@xxxxxxxxxxxxxxxx
> KJ: Thanks for that link, it looks like a good arguement I can use to keep
> the second DC online, as long as clients don't logon to it then it should
do
> what we originally wanted it to do.
>
> Paul: A bit of background might help - the first DC was put in place some
2
> years ago as a single DC for the entire site. It was never envisaged or
> thought that the number of computers and users would grow as it has done.
> This DC went belly-up about 2 weeks ago, no-one could logon or do
anything,
> as a result management got scared of what could happen. They ordered a new
> server and wanted it put in so people could logon if the first DC ever
went
> down again. This was fine up until the clients started to use the
secondary
> DC last week, sometimes they would use the first DC, sometimes the second.
I
> couldn't track down a pattern to why it was doing this, the first DC
wasn't
> under heavy load or anything that I could see. Management ordered the
> secondary DC to be shut down or to be crippled so it couldn't log users on
> except with manual intervention, in the event that the first DC goes down.
>
> I didn't like this idea entirely, but you know how it goes - so I left the
> secondary DC online and changed the login scripts to point everything at
the
> first DC. Not the way I like to do things. I was told I couldn't have
another
> server just for the data, it had to stay on the first DC. They didn't want
> the data on the second DC (not sure why).
>
> I thought if I could convince them to let me use DFS, I could replicate
the
> data across both servers, so if the first DC did go down, the secondary
could
> do it's job and still have copies of important data sets. I didn't want to
> approach them with this idea until I knew DFS could cope with disk quotas
or
> whether I'd have to either remove disk quotas or go for a 3rd party
solution.
>
> The link KJ provided lets me do what management want, but it's not a very
> robust solution in terms of keeping the data accessible and secure.
>
> So, all I need to know is if I have disk quotas on the first DC and use
the
> same quotas on the second DC and then install DFS, am I going to have
> problems with quotas not being supported by DFS or am I getting somewhat
> confused?
>
> Another thought - if I were to replicate the shares and data manually (to
> avoid massive amounts of replication when DFS is first setup), would that
> cause any problems or should I just let DFS and FRS handle it?
>
> "kj" wrote:
>
> > OK, well I believe this is what I was thinking. Suggest OP research and
test
> > and consider other opinions as I haven't tested it myself (yet, but I
have
> > an ideal candidate in mind!).
> >
> > Quote from the article
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;315071
> > ===
> > "If the setting is applied to one domain controller, reduce the DNS LDAP
> > priority on the domain controller so that clients are less likely use
the
> > server for authentication. On the domain controller with the increase
> > priority, use the following registry setting to set LdapSrvPriority:
> > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
> > On the Edit menu, click Add Value, and then add the following registry
> > value:
> > Entry name: LdapSrvPriority
> > Data type: REG_DWORD
> > Value: Set the value to the value of the priority that you want."
> > ===
> > More information can be found in
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;306602
> >
> > SRV priority is like MX records and the default priority is 100, so use
> > something like 200 on the non preferred DC.
> >
> > --
> > /kj
> > "kj" <kj@xxxxxxxxxxx> wrote in message
> > news:OQPHaI75FHA.2888@xxxxxxxxxxxxxxxxxxxxxxx
> > > If one were to have capability mismatched servers, like say a Virtual
> > > Machine or a very low end Server platform providing just a second
source
> > > for AD. Otherwise, like you said Paul, what's the point?
> > >
> > > As I recall, there was a way (registery setting?) to have the DC
register
> > > SRV records with a different (lower) priority. It would keep the
second DC
> > > online and replication current, yet not be primary target of logons
and
> > > lookups.
> > >
> > > I'll dig around and see if I can find it.....
> > >
> > > --
> > > /kj
> > > "Paul Bergson" <pbergson@xxxxxxxxxx> wrote in message
> > > news:%23QM5$x65FHA.1032@xxxxxxxxxxxxxxxxxxxxxxx
> > >> AD is a multi-master DB why would you not want to so you would have a
> > >> balanaced work load. If you have set it up so only one responds then
you
> > >> would have to intervene instead of the system doing it automatically
for
> > >> you. If you were to shut this dc off and only turn it on in the
event of
> > >> an
> > >> emergency you wouldn't have a proper ad replication (Out of sync and
> > >> tombstoned).
> > >>
> > >> I highly, highly recommend against this.
> > >>
> > >> --
> > >>
> > >>
> > >> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > >>
> > >> This posting is provided "AS IS" with no warranties, and confers no
> > >> rights.
> > >>
> > >>
> > >> "Arkane" <Arkane@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > >> news:480E03AD-B929-4793-8E3C-42C2C33F60C9@xxxxxxxxxxxxxxxx
> > >>> Hi there,
> > >>>
> > >>> We have a single DC (AD Win 2003 Native), we added a secondary DC to
> > >> provide
> > >>> a backup for the AD. However we've found that some clients are
logged in
> > >> by
> > >>> the first DC and some by the second. We thought all clients would be
> > >> logged
> > >>> in by the first DC unless the first DC was offline.
> > >>>
> > >>> How can we make the clients logon to the first DC and only logon to
the
> > >>> second DC if the first one is offline?
> > >>>
> > >>> Thanks.
> > >>
> > >>
> > >
> > >
> >
> >
> >


.

Relevant Pages

  • Re: DFS with Win2k3 R2 & Win2k3 SBS SP1
    ... I understand the issue is that you want to use DFS to ... 1.you should not have the data moved to the 2K3 R2 server. ... folder that you want to replicate,share the folder. ... any issues as per replication between windows SBS 2K3 Sp1 & Windows ...
    (microsoft.public.windows.server.sbs)
  • Re: DFS Replication Topology
    ... We have one replication group for each yard server (currently ... central server in Cincinnati. ... .jpgs and removes them from the DFS share on the central server. ...
    (microsoft.public.windows.server.active_directory)
  • Corrupt folder - advice needed
    ... running 2003 server R2 and DFS file replication. ... I have noticed i have a corrupt folder within a folder that is ... Then reboot the server and run a chkdsk d: ...
    (microsoft.public.windows.server.general)
  • Re: DFS Upgrade
    ... We only removed DFS on that server. ... Because replication was very slow, we decided to upgrade both DC's to ... Windows Server 2003 OEM -> we installed a new domain controller ...
    (microsoft.public.windows.server.general)
  • Re: SBS 2003 and Replication Errors with Remote DC
    ... I just promoted the remote DC last week, so I still have time to solve the replication issues. ... Domain Controller Diagnosis ... Connecting to directory service on server alpha. ... Performing upstream analysis. ...
    (microsoft.public.windows.server.sbs)