Re: Need Advice
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Tue, 15 Aug 2006 17:42:17 -0400
There is a white paper on Microsoft's site that discusses putting DC's in a
virtualized environment. Worth a read.
As for the DR scenario, that's kind of what I figured the thinking was, but
wanted to be sure. Not to armchair quarterback, but have you considered
what you'd do if there was an outage due to missing data in the AD? For
example, an administrator goofs and deletes the OU vs. the user they meant
to? Or a script goes wild and removes valuable directory information? AD
won't replicate corruption, so that's not an issue, but loss of data might
be to you. It would be a cause of service outage at any rate.
Using the DR site as an second Active Directory site is likely a good idea.
At the very least it shouldn't cause you any issues and is a fairly normal
topology. You read what I said about sites; that's what you'll use to define
the network topology to the clients. Don't forget to take name resolution
into account in your process :)
"SEgerton" <SEgerton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A37E15EA-CEDD-4F36-80B2-F4ACE8E1EA6B@xxxxxxxxxxxxxxxx
Thanks for the reply!
Well, at first our DR site was only in place if a major disaster happened
(Users couldn't work from the Production Site for whatever reason). Now my
manager wants to use it any time there is a disruption at our Production
Site. So, should the VMWare server go down, then all of our Production
Servers would go down and he would like users to connect from the
production
site to the DR site. Remember, All the production servers are on one
Storage
Array connected to the one VMWare Server. This is the same setup in the DR
site. The DR site only hosts the two Active Directory Servers and One File
Server. There are about 15 workstations sitting there in the event of a
major
disaster and users have to work from there. Otherwise, no users should
connect to these server unless one of these situations happen. The file
server in the DR site is only replicating the file server in our
Production
site using NSI Double Take. I hope this answers your question.
When you referred to VMWare and your concerns about replications; im not
sure what you were talking about. We aren't replicating the VMWare servers
using any software if thats what you meant. Are you referring to the
replication that happens amongst the DC themselves and Active Directory.
Therefore, once again, the disaster recovery site is only there to
replicated our Production Site; and to be used when one of the two
senerios
happen.
One: a major disaster happens; and users work from the DR site.
Two: the servers in the Production site are not accessible, but users
are still working from the production site, but connect to the servers in
the
DR site.
Shannon
"Al Mulnick" wrote:
Shannon, sites are used to define local, high-speed networks. i.e. LAN
connected devices, vs WAN connected devices. With sites, you can easily
let
a pc know that it's preferred domain controller is ServerXX so that it
first
tries that before traversing a WAN connection for that data. This
usually
results in faster logon and information retrieval etc.
Something I'm not seeing in your post is information about what your
definition of a DR event is. Conceivably, you could configure the two
site
topology and configure your primary site to be used for all clients. In
the
event of failure, you *could* continue to work because the DR site is the
only site left. In the meantime, it is possible that some clients would
pull from the DR site, but that would be the exception vs. the rule and
would likely indicate a configuration issue you could easily remedy.
However, this does not address issues with data integrity failure. Hence
the question regarding your scenario definition.
One other thing to be aware of: VMWARE and Virtual Server are useful
technologies. However, in the case of Active Directory, you should use
with
caution and completely understand the trade-offs vs. physical machines
and
the implications it will have on replication etc. It can be done, but you
need to ensure you are familiar with and account for the differences.
It's
important.
When you describe your DR scenario, please also talk about the way the
clients are expected to utilize the remote site and resources. That's
also
important to understanding the bigger picture.
Al
"SEgerton" <SEgerton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AA8068BA-A206-46DC-B589-A95A1E08C40B@xxxxxxxxxxxxxxxx
In Addition, All servers are Windows 2003 Servers.
"SEgerton" wrote:
Im relatively new to Active Directory. I've been posting questions in
here
for the last couple months and things are coming along slowly. Things
are
working out well, you guys have been of great help. But before i go
too
far;
I just want to make sure im running things correctly.
I need advice about my configuration of my Active Directory domain and
its
structure. What im in the process of doing is, converting our Novell
Network
(that is used only for File and Print share) to Active Directory. Im
not
concerned at the moment about the conversion; I've already done test
runs
on
this and know how to do this. At the same time that im building this
new
Active Directory domain, im also setting up a Disaster Recovery Site
for
this
domain. We have purchased all our equipment and are using VMware ESX
software
to build our servers. Our Production site and our Disaster Recovery
site
are
in different states and are connected by way of a T1. Both networks
are
also
in different Subnets. We have also purchase NSI Double Take software
to
replicated our file server.
This is what i've done so far. I've built two Active Directory Domain
Controllers in our Production site and a File Server that is a Member
Server
of the domain. Both Active Directory Domain Controllers are also
Active
Directory Intergrated DNS Servers.
Then I built two additional Active Directory Domain Controllers in our
Disaster Recovery site. I just added them to the same domain. These
additional Active Directory Domain Controller are also Active
Directory
Intergrated DNS Severs. Then I also built an additional File Server
that
is a
member server of the same domain.
All Active Directory Domain Controllers in both my Production site and
my
Disaster Recovery site are Global Catalog Servers. I have the NSI
Double
Take
software installed my both my File Servers for replication. I've also
tested
this software and it is working out well.
No roles have been moved from any servers. Therefore, my understanding
is
that my first Active Directory Domain Controler is holding all the
roles.
I set up the network this way, so in the event of a disaster; my
network
will be replicated in my Disaster Recovery site. I've done some test
runs
and things worked, but not 100%. After I shutdown my Production Site,
the
Double Take software notice the network went down and took over. That
part
worked great. But for the Acitve Directory Domain, logins took longer;
logon
sctipts seem to take a long time to map and they didn't seem to work
correctly. I used IFMember commands in my scripts and it didn't
reconize
this
command when the Production site went down, but it did see all the Net
Use
commands and Mapped all drives for all groups for one user. Even
mapping
for
groups the user isn't in.(At the moment everyone has rights to all
files
on
the File Server. I will change this later). But when the Production
site
is
up, the IFMember command works and they only get their asigned
mappings.
When
i placed the IFMember command in the Netlogon folder on the first DC,
I
did
notice it replicate to the other servers. So way wouldn't this work?
Today i notice that i was getting errors in my event logs of my first
domain
controller. These error were posted at times when both sites were up
and
everything seemed to be working well. The error ID's were
Type: Error
User: NT Authority\System
Computers: MY First Domain Controller
Source: Userenv
Category: None
Event ID: 1030
Type: Error
User: NT Authority\System
Computer: My First Domain Controller
Source: Userenv
Category: None
Event ID: 1058
Then on a final note. My manager would like to use our Disaster
Recovery
site as our only source of redundancy for our VMWare Server. I didn't
mention
this before, but All three servers in our Production Site Reside on a
Storage
Array connected to only one server running VMWare. So if this server
should
fail, then all three servers will go down, and he would like our users
in
our
production site to connect over the T1 to the remaining two Active
Directory
servers and the File server in our Disaster Recovery Site. Another
scenario I
can think of would be if only the File Server in the production site
went
down, then users would connect to the File Server in our Disaster
Recovery
site.
After having all these issues and thoughts; I got to thinking, about
Sites;
but im not familar with them. All my server are in the same domain and
the
same site. Should i have created two different sites within the same
domain.
This is what got me thinking to open this post.
From all my reading about Active Directory, i believe i setup the
domain
correctly; but im unsure whether or not i should have created two
different
sites under the one domain. I am unfamilar with this.
Any comments on my configuration of my Active Directory Domain and its
structure will be appriciated.
Thanks in advance.
Shannon
.
- References:
- Need Advice
- From: SEgerton
- RE: Need Advice
- From: SEgerton
- Re: Need Advice
- From: Al Mulnick
- Re: Need Advice
- From: SEgerton
- Need Advice
- Prev by Date: Re: Domian setup??
- Next by Date: Re: How to down grade server 2003 from pdc to file server
- Previous by thread: Re: Need Advice
- Next by thread: Active Directory - Account Expires Date
- Index(es):
Relevant Pages
|
