Re: Need Advice
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Sat, 12 Aug 2006 12:11:40 -0400
Shannon, sites are used to define local, high-speed networks. i.e. LAN
connected devices, vs WAN connected devices. With sites, you can easily let
a pc know that it's preferred domain controller is ServerXX so that it first
tries that before traversing a WAN connection for that data. This usually
results in faster logon and information retrieval etc.
Something I'm not seeing in your post is information about what your
definition of a DR event is. Conceivably, you could configure the two site
topology and configure your primary site to be used for all clients. In the
event of failure, you *could* continue to work because the DR site is the
only site left. In the meantime, it is possible that some clients would
pull from the DR site, but that would be the exception vs. the rule and
would likely indicate a configuration issue you could easily remedy.
However, this does not address issues with data integrity failure. Hence
the question regarding your scenario definition.
One other thing to be aware of: VMWARE and Virtual Server are useful
technologies. However, in the case of Active Directory, you should use with
caution and completely understand the trade-offs vs. physical machines and
the implications it will have on replication etc. It can be done, but you
need to ensure you are familiar with and account for the differences. It's
important.
When you describe your DR scenario, please also talk about the way the
clients are expected to utilize the remote site and resources. That's also
important to understanding the bigger picture.
Al
"SEgerton" <SEgerton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AA8068BA-A206-46DC-B589-A95A1E08C40B@xxxxxxxxxxxxxxxx
In Addition, All servers are Windows 2003 Servers.
"SEgerton" wrote:
Im relatively new to Active Directory. I've been posting questions in
here
for the last couple months and things are coming along slowly. Things are
working out well, you guys have been of great help. But before i go too
far;
I just want to make sure im running things correctly.
I need advice about my configuration of my Active Directory domain and
its
structure. What im in the process of doing is, converting our Novell
Network
(that is used only for File and Print share) to Active Directory. Im not
concerned at the moment about the conversion; I've already done test runs
on
this and know how to do this. At the same time that im building this new
Active Directory domain, im also setting up a Disaster Recovery Site for
this
domain. We have purchased all our equipment and are using VMware ESX
software
to build our servers. Our Production site and our Disaster Recovery site
are
in different states and are connected by way of a T1. Both networks are
also
in different Subnets. We have also purchase NSI Double Take software to
replicated our file server.
This is what i've done so far. I've built two Active Directory Domain
Controllers in our Production site and a File Server that is a Member
Server
of the domain. Both Active Directory Domain Controllers are also Active
Directory Intergrated DNS Servers.
Then I built two additional Active Directory Domain Controllers in our
Disaster Recovery site. I just added them to the same domain. These
additional Active Directory Domain Controller are also Active Directory
Intergrated DNS Severs. Then I also built an additional File Server that
is a
member server of the same domain.
All Active Directory Domain Controllers in both my Production site and my
Disaster Recovery site are Global Catalog Servers. I have the NSI Double
Take
software installed my both my File Servers for replication. I've also
tested
this software and it is working out well.
No roles have been moved from any servers. Therefore, my understanding is
that my first Active Directory Domain Controler is holding all the roles.
I set up the network this way, so in the event of a disaster; my network
will be replicated in my Disaster Recovery site. I've done some test
runs
and things worked, but not 100%. After I shutdown my Production Site, the
Double Take software notice the network went down and took over. That
part
worked great. But for the Acitve Directory Domain, logins took longer;
logon
sctipts seem to take a long time to map and they didn't seem to work
correctly. I used IFMember commands in my scripts and it didn't reconize
this
command when the Production site went down, but it did see all the Net
Use
commands and Mapped all drives for all groups for one user. Even mapping
for
groups the user isn't in.(At the moment everyone has rights to all files
on
the File Server. I will change this later). But when the Production site
is
up, the IFMember command works and they only get their asigned mappings.
When
i placed the IFMember command in the Netlogon folder on the first DC, I
did
notice it replicate to the other servers. So way wouldn't this work?
Today i notice that i was getting errors in my event logs of my first
domain
controller. These error were posted at times when both sites were up and
everything seemed to be working well. The error ID's were
Type: Error
User: NT Authority\System
Computers: MY First Domain Controller
Source: Userenv
Category: None
Event ID: 1030
Type: Error
User: NT Authority\System
Computer: My First Domain Controller
Source: Userenv
Category: None
Event ID: 1058
Then on a final note. My manager would like to use our Disaster Recovery
site as our only source of redundancy for our VMWare Server. I didn't
mention
this before, but All three servers in our Production Site Reside on a
Storage
Array connected to only one server running VMWare. So if this server
should
fail, then all three servers will go down, and he would like our users in
our
production site to connect over the T1 to the remaining two Active
Directory
servers and the File server in our Disaster Recovery Site. Another
scenario I
can think of would be if only the File Server in the production site went
down, then users would connect to the File Server in our Disaster
Recovery
site.
After having all these issues and thoughts; I got to thinking, about
Sites;
but im not familar with them. All my server are in the same domain and
the
same site. Should i have created two different sites within the same
domain.
This is what got me thinking to open this post.
From all my reading about Active Directory, i believe i setup the domain
correctly; but im unsure whether or not i should have created two
different
sites under the one domain. I am unfamilar with this.
Any comments on my configuration of my Active Directory Domain and its
structure will be appriciated.
Thanks in advance.
Shannon
.
- Follow-Ups:
- Re: Need Advice
- From: SEgerton
- Re: Need Advice
- References:
- Need Advice
- From: SEgerton
- RE: Need Advice
- From: SEgerton
- Need Advice
- Prev by Date: Re: Add server in AD sites and services
- Next by Date: RE: Password expires for no apparent reason
- Previous by thread: RE: Need Advice
- Next by thread: Re: Need Advice
- Index(es):
Relevant Pages
|
