RE: Need Advice (Repost)
- From: SEgerton <SEgerton@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 15 Aug 2006 09:15:02 -0700
Brian,
Thanks agiain!!!
Just one more thing. Sorry if im reading too much into what you wrote; but I
just want to make sure i have things right. When you wrote "In your current
configuration there is no preference to the prod DCs over the DR DCs" Is
there a way to setup preference to the prod DCs over the DR DCs, and if there
is, how can i check; just to make sure that in my configuration there is no
preference to the prod DCs over the DR DCs.
Shannon
"Brian Delaney [MSFT]" wrote:
Hi Shannon,.
It is fine if the DR DNS servers are after the secondary DNS, as long as
the clients do have them configured.
Yes, if the DR servers are in a different AD site the users will be able to
connect to them if all the production servers are down. The difference is
that all the DCs in the production site will be tried first before trying a
DC in the DR site. In your current configuration there is no preference to
the prod DCs over the DR DCs
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Need Advice (Repost)<io02D6BwGHA.2004@xxxxxxxxxxxxxxxxxxxxx>
thread-index: AcbAaMQNl8+S5k1tQICV0nhrLvtO5Q==
X-WBNR-Posting-Host: 216.223.52.99
From: =?Utf-8?B?U0VnZXJ0b24=?= <SEgerton@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <00F481E0-09F7-4D56-AFEC-C1F003461B1E@xxxxxxxxxxxxx>
Subject: RE: Need Advice (Repost)addresses
Date: Tue, 15 Aug 2006 05:46:02 -0700
Hey Brian,
Thanks for the reply! It was very helpful.
The clients machines have been configured with the DNS Servers ip
from the Disaster Recovery site, but these addresses have been placedafter
the secondary DNS Server. Currently their secondary DNS Server is theSecond
DNS Server in the production site. Should I move a DNS Servers IP Addressthe
from the Disaster Recovery site into the Secondary DNS Server spot on the
clients machines?
I have an additional question. If I configure Active Directory Sites, and
the Production Site goes down and users can't connected to the Production
Site, will the the users from the Production Site be able to connect to
Disaster Recovery site that would then be in another site?you
Thanks again,
Shannon
"Brian Delaney [MSFT]" wrote:
Hi Shannon,
I will try to address as many of your concerns as I can. If i miss any
points or you need further clarification please reply with the details
shouldneed.
Active Directory Sites should be configured in this scenario. You
ahave a site for your production servers with the associated subnets and
thatsite for your DR site with the associated subnets. This will ensure
domainduring normal production the users are authenticated by the correct
whichcontrollers and will not need to go across the WAN connection as some of
them are likely doing right now.
Regarding your failover test when you shutdown your production servers.
Have your client machines been configured with a secondary DNS server
theis located in the DR site? If the clients are only pointed at local DNS
servers and you have shut them down then logons will become slow. These
machines will need to point to a DNS server in the DR site as well as
atproduction site. Regarding your logon scripts, did you try to run these
whatthe desktop to see if any errors were generated by the scripts? If so
yourwere the errors? Ensure that any references to the netlogon share in
aslogon scripts are \\domain\netlogon instead of \\dc\netlogon
In regards to "My manager would like to use our Disaster Recovery site
backour only source of redundancy": I would hope and recommend that regular
backups are also part of your DR planl. Although your DR site will help
you if your local DCs go down, it will not help you in the case of an
accidental deletion of user/computer accounts or data. In this case a
restore from backup may be required. Also, please note that rolling
Thisthe hard disks is not supported by Microsoft on Domain Controllers.
andfeature is known as Undo Disks in Virtual Server but I believe has a
different name in VMWare. Rolling back disks on a DC will cause a USN
rollback (http://support.microsoft.com/kb/885875/en-us).
As for the userenv 1030 and 1058 errors on your domain controllers. If
these are occuring every 5 minutes on DCs then there is a legitimate
problem but if they have only occured once then it was probably just a
temporary condition. These errors are fairly generic and can mean
different things. If you are experiencing them regularly please copy
rights.paste the entire event description so I can see the actual error code.
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers no
here--------------------
Thread-Topic: Need Advice (Repost)
thread-index: Aca/vjGT6tG6WyQ6Qpa++JlP7JZ5Cw==
X-WBNR-Posting-Host: 216.223.52.99
From: =?Utf-8?B?U0VnZXJ0b24=?= <SEgerton@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Need Advice (Repost)
Date: Mon, 14 Aug 2006 09:25:02 -0700
Im relatively new to Active Directory. I've been posting questions in
arefor the last couple months and things are coming along slowly. Things
itsworking out well, you guys have been of great help. But before i go toofar;
I just want to make sure im running things correctly.
I need advice about my configuration of my Active Directory domain and
processstructure. All my Servers are Windows 2003 Server. What im in the
this.of
doing is, converting our Novell Network (that is used only for File andPrint
share) to Active Directory. Im not concerned at the moment about the
conversion; I've already done test runs on this and know how to do
alsoAt
the same time that im building this new Active Directory domain, im
allsetting up a Disaster Recovery Site for this domain. We have purchased
Ourour equipment and are using VMware ESX software to build our servers.
andProduction site and our Disaster Recovery site are in different states
Subnets.are connected by way of a T1. Both networks are also in different
server.We
have also purchase NSI Double Take software to replicated our file
thatServer
This is what i've done so far. I've built two Active Directory Domain
Controllers in our Production site and a File Server that is a Member
of the domain. Both Active Directory Domain Controllers are also Active
Directory Intergrated DNS Servers.
Then I built two additional Active Directory Domain Controllers in our
Disaster Recovery site. I just added them to the same domain. These
additional Active Directory Domain Controller are also Active Directory
Intergrated DNS Severs. Then I also built an additional File Server
myis a
member server of the same domain.
All Active Directory Domain Controllers in both my Production site and
DoubleDisaster Recovery site are Global Catalog Servers. I have the NSI
isTake
software installed my both my File Servers for replication. I've alsotested
this software and it is working out well.
No roles have been moved from any servers. Therefore, my understanding
roles.that my first Active Directory Domain Controler is holding all the
network
I set up the network this way, so in the event of a disaster; my
runswill be replicated in my Disaster Recovery site. I've done some test
theand things worked, but not 100%. After I shutdown my Production Site,
partDouble Take software notice the network went down and took over. That
reconizeworked great. But for the Acitve Directory Domain, logins took longer;logon
sctipts seem to take a long time to map and they didn't seem to work
correctly. I used IFMember commands in my scripts and it didn't
Usethis
command when the Production site went down, but it did see all the Net
mappingcommands and Mapped all drives for all groups for one user. Even
filesfor
groups the user isn't in.(At the moment everyone has rights to all
siteon
the File Server. I will change this later). But when the Production
mappings.is
up, the IFMember command works and they only get their asigned
andWhen
i placed the IFMember command in the Netlogon folder on the first DC, Idid
notice it replicate to the other servers. So way wouldn't this work?domain
Today i notice that i was getting errors in my event logs of my first
controller. These error were posted at times when both sites were up
Recoveryeverything seemed to be working well. The error ID's were
Type: Error
User: NT Authority\System
Computers: MY First Domain Controller
Source: Userenv
Category: None
Event ID: 1030
Type: Error
User: NT Authority\System
Computer: My First Domain Controller
Source: Userenv
Category: None
Event ID: 1058
Then on a final note. My manager would like to use our Disaster
insite as our only source of redundancy for our VMWare Server. I didn'tmention
this before, but All three servers in our Production Site Reside on aStorage
Array connected to only one server running VMWare. So if this servershould
fail, then all three servers will go down, and he would like our users
wentour
production site to connect over the T1 to the remaining two ActiveDirectory
servers and the File server in our Disaster Recovery Site. Anotherscenario I
can think of would be if only the File Server in the production site
Recoverydown, then users would connect to the File Server in our Disaster
thesite.Sites;
After having all these issues and thoughts; I got to thinking, about
but im not familar with them. All my server are in the same domain and
domainsame site. Should i have created two different sites within the samedomain.
This is what got me thinking to open this post.
From all my reading about Active Directory, i believe i setup the
(Userscorrectly; but im unsure whether or not i should have created twodifferent
sites under the one domain. I am unfamilar with this.
Any comments on my configuration of my Active Directory Domain and its
structure will be appriciated.
At first our DR site was only in place if a major disaster happened
So,couldn't work from the Production Site for whatever reason). Now mymanager
wants to use it any time there is a disruption at our Production Site.
wouldshould the VMWare server go down, then all of our Production Servers
DRgo
down and he would like users to connect from the production site to the
aresite. Remember, All the production servers are on one Storage Arrayconnected
to the one VMWare Server. This is the same setup in the DR site. The DRsite
only hosts the two Active Directory Servers and One File Server. There
andabout 15 workstations sitting there in the event of a major disaster
theseusers have to work from there. Otherwise, no users should connect to
server unless one of these situations happen. The file server in the DRsite
is only replicating the file server in our Production site using NSI
- Follow-Ups:
- RE: Need Advice (Repost)
- From: Brian Delaney [MSFT]
- RE: Need Advice (Repost)
- References:
- Need Advice (Repost)
- From: SEgerton
- RE: Need Advice (Repost)
- From: Brian Delaney [MSFT]
- RE: Need Advice (Repost)
- From: SEgerton
- RE: Need Advice (Repost)
- From: Brian Delaney [MSFT]
- Need Advice (Repost)
- Prev by Date: Re: AD Search Help
- Next by Date: Normal for DC 2003 to stuck in "Preparing for Network Connection" for more than 10 mins
- Previous by thread: RE: Need Advice (Repost)
- Next by thread: RE: Need Advice (Repost)
- Index(es):
Relevant Pages
|
