RE: Need Advice (Repost)
- From: briandel@xxxxxxxxxxxxxxxxxxxx (Brian Delaney [MSFT])
- Date: Tue, 15 Aug 2006 03:54:20 GMT
Hi Shannon,
I will try to address as many of your concerns as I can. If i miss any
points or you need further clarification please reply with the details you
need.
Active Directory Sites should be configured in this scenario. You should
have a site for your production servers with the associated subnets and a
site for your DR site with the associated subnets. This will ensure that
during normal production the users are authenticated by the correct domain
controllers and will not need to go across the WAN connection as some of
them are likely doing right now.
Regarding your failover test when you shutdown your production servers.
Have your client machines been configured with a secondary DNS server which
is located in the DR site? If the clients are only pointed at local DNS
servers and you have shut them down then logons will become slow. These
machines will need to point to a DNS server in the DR site as well as the
production site. Regarding your logon scripts, did you try to run these at
the desktop to see if any errors were generated by the scripts? If so what
were the errors? Ensure that any references to the netlogon share in your
logon scripts are \\domain\netlogon instead of \\dc\netlogon
In regards to "My manager would like to use our Disaster Recovery site as
our only source of redundancy": I would hope and recommend that regular
backups are also part of your DR planl. Although your DR site will help
you if your local DCs go down, it will not help you in the case of an
accidental deletion of user/computer accounts or data. In this case a
restore from backup may be required. Also, please note that rolling back
the hard disks is not supported by Microsoft on Domain Controllers. This
feature is known as Undo Disks in Virtual Server but I believe has a
different name in VMWare. Rolling back disks on a DC will cause a USN
rollback (http://support.microsoft.com/kb/885875/en-us).
As for the userenv 1030 and 1058 errors on your domain controllers. If
these are occuring every 5 minutes on DCs then there is a legitimate
problem but if they have only occured once then it was probably just a
temporary condition. These errors are fairly generic and can mean
different things. If you are experiencing them regularly please copy and
paste the entire event description so I can see the actual error code.
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Need Advice (Repost)far;
thread-index: Aca/vjGT6tG6WyQ6Qpa++JlP7JZ5Cw==
X-WBNR-Posting-Host: 216.223.52.99
From: =?Utf-8?B?U0VnZXJ0b24=?= <SEgerton@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Need Advice (Repost)
Date: Mon, 14 Aug 2006 09:25:02 -0700
Im relatively new to Active Directory. I've been posting questions in here
for the last couple months and things are coming along slowly. Things are
working out well, you guys have been of great help. But before i go too
I just want to make sure im running things correctly.of
I need advice about my configuration of my Active Directory domain and its
structure. All my Servers are Windows 2003 Server. What im in the process
doing is, converting our Novell Network (that is used only for File andPrint
share) to Active Directory. Im not concerned at the moment about theAt
conversion; I've already done test runs on this and know how to do this.
the same time that im building this new Active Directory domain, im alsoWe
setting up a Disaster Recovery Site for this domain. We have purchased all
our equipment and are using VMware ESX software to build our servers. Our
Production site and our Disaster Recovery site are in different states and
are connected by way of a T1. Both networks are also in different Subnets.
have also purchase NSI Double Take software to replicated our file server.Server
This is what i've done so far. I've built two Active Directory Domain
Controllers in our Production site and a File Server that is a Member
of the domain. Both Active Directory Domain Controllers are also Activeis a
Directory Intergrated DNS Servers.
Then I built two additional Active Directory Domain Controllers in our
Disaster Recovery site. I just added them to the same domain. These
additional Active Directory Domain Controller are also Active Directory
Intergrated DNS Severs. Then I also built an additional File Server that
member server of the same domain.Take
All Active Directory Domain Controllers in both my Production site and my
Disaster Recovery site are Global Catalog Servers. I have the NSI Double
software installed my both my File Servers for replication. I've alsotested
this software and it is working out well.logon
No roles have been moved from any servers. Therefore, my understanding is
that my first Active Directory Domain Controler is holding all the roles.
I set up the network this way, so in the event of a disaster; my network
will be replicated in my Disaster Recovery site. I've done some test runs
and things worked, but not 100%. After I shutdown my Production Site, the
Double Take software notice the network went down and took over. That part
worked great. But for the Acitve Directory Domain, logins took longer;
sctipts seem to take a long time to map and they didn't seem to workthis
correctly. I used IFMember commands in my scripts and it didn't reconize
command when the Production site went down, but it did see all the Net Usefor
commands and Mapped all drives for all groups for one user. Even mapping
groups the user isn't in.(At the moment everyone has rights to all fileson
the File Server. I will change this later). But when the Production siteis
up, the IFMember command works and they only get their asigned mappings.When
i placed the IFMember command in the Netlogon folder on the first DC, Idid
notice it replicate to the other servers. So way wouldn't this work?domain
Today i notice that i was getting errors in my event logs of my first
controller. These error were posted at times when both sites were up andmention
everything seemed to be working well. The error ID's were
Type: Error
User: NT Authority\System
Computers: MY First Domain Controller
Source: Userenv
Category: None
Event ID: 1030
Type: Error
User: NT Authority\System
Computer: My First Domain Controller
Source: Userenv
Category: None
Event ID: 1058
Then on a final note. My manager would like to use our Disaster Recovery
site as our only source of redundancy for our VMWare Server. I didn't
this before, but All three servers in our Production Site Reside on aStorage
Array connected to only one server running VMWare. So if this servershould
fail, then all three servers will go down, and he would like our users inour
production site to connect over the T1 to the remaining two ActiveDirectory
servers and the File server in our Disaster Recovery Site. Anotherscenario I
can think of would be if only the File Server in the production site wentSites;
down, then users would connect to the File Server in our Disaster Recovery
site.
After having all these issues and thoughts; I got to thinking, about
but im not familar with them. All my server are in the same domain and thedomain.
same site. Should i have created two different sites within the same
This is what got me thinking to open this post.different
From all my reading about Active Directory, i believe i setup the domaincorrectly; but im unsure whether or not i should have created two
sites under the one domain. I am unfamilar with this.manager
Any comments on my configuration of my Active Directory Domain and its
structure will be appriciated.
At first our DR site was only in place if a major disaster happened (Users
couldn't work from the Production Site for whatever reason). Now my
wants to use it any time there is a disruption at our Production Site. So,go
should the VMWare server go down, then all of our Production Servers would
down and he would like users to connect from the production site to the DRconnected
site. Remember, All the production servers are on one Storage Array
to the one VMWare Server. This is the same setup in the DR site. The DRsite
only hosts the two Active Directory Servers and One File Server. There aresite
about 15 workstations sitting there in the event of a major disaster and
users have to work from there. Otherwise, no users should connect to these
server unless one of these situations happen. The file server in the DR
is only replicating the file server in our Production site using NSIDouble
Take.senerios
Therefore, once again, the disaster recovery site is only there to
replicated our Production Site; and to be used when one of the two
happen.the
One: a major disaster happens; and users work from the DR site.
Two: the servers in the Production site are not accessible, but users
are still working from the production site, but connect to the servers in
DR site.
Thanks in advance. Sorry so long.
Shannon
.
- Follow-Ups:
- RE: Need Advice (Repost)
- From: SEgerton
- RE: Need Advice (Repost)
- References:
- Need Advice (Repost)
- From: SEgerton
- Need Advice (Repost)
- Prev by Date: Re: Cannot create users with mailbox
- Next by Date: Help with failed Actrive Directory Server
- Previous by thread: Need Advice (Repost)
- Next by thread: RE: Need Advice (Repost)
- Index(es):
Relevant Pages
|
Loading
