Re: Secondary AD

From: "kj [SBS MVP] \(rookie\)" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx>
Date: Mon, 2 Jul 2007 09:59:24 -0700

Charlie Russel - MVP wrote:

Well, for creating and managing users, that's certainly true. And any
gains might well be offset by the replication cost. But
authentication requests will go to whichever AD answers first, and
should stick with the answering DC for the length of the session, as
I understand it.

To be effective as a authentication source for a SBS server "outage",
there's a few more little steps that must (should) be done.

First the new DC should also be DNS AD integrated. This was probably already
done, but should be verified.
The new DC should also be made a Global Catalog server.

Most importantly, the DHCP scope should be updated so the workstation gets
both DC's as DNS servers in it's IP address lease. If this is not done and
the SBS server goes down, then the workstation can not locate a DNS server
for the zone and can not locate a DC for the domain.

As to the authentication when both servers are running with sysvol shared
and netlogon started (single AD site), it's a workstation selection from the
DC's that answered up. There is a ldap priority setting that changes this
similarly to the way MX records work. Not something one would normaly
change.

"Steve Foster [SBS MVP]" <steve.foster@xxxxxxxxxxxxx> wrote in message
news:xn0f884h35qgqg003@xxxxxxxxxxxxxxxxxxxxxxx

Matt Setters wrote:

I have a SBS Premium without ISA or SQL just the basiscs not even
SP2, i have joined a Server Standard 2003 to the domain and added
it as a second domain controller what does this exactly do, does
SBS off load to the standard if it gets bogged down????

It gives your AD resilience/tolerance for single server failure.
There's no "offload" of any sort.

How valuable that is in a small business environment is open to
question. --
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

--
/kj

.

Follow-Ups:
- Re: Secondary AD
  - From: Charlie Russel - MVP

References:
- Secondary AD
  - From: Matt Setters
- Re: Secondary AD
  - From: Steve Foster [SBS MVP]
- Re: Secondary AD
  - From: Charlie Russel - MVP

Prev by Date: Re: SBS Slow user logons problem
Next by Date: Re: Secondary AD
Previous by thread: Re: Secondary AD
Next by thread: Re: Secondary AD
Index(es):
- Date
- Thread

Relevant Pages

Re: Defining authenticating DC with AD
... > Laura E. Hunter - MCSE, MCT, MVP ... >> clients to use their branch server for both authentication and menu? ...
(microsoft.public.win2000.group_policy)
SBS Slow user logons problem
... I have also disjoined their workstations from the domain and re-joined them ... I have deleted the Reverse DNS zone on the SBS server and recreated it. ... No authentication protocol was available. ...
(microsoft.public.windows.server.sbs)
Re: What the heck are these processes?
... then the Lsass and W3wp all the sudden started to show up, ... > process is performed by using authentication packages such as the default ... > This is normal behaviour for a SBS server. ...
(microsoft.public.windows.server.sbs)
RE: VPN Authentication problem
... the authentication does not work properly. ... if you installed SP2 on the SBS server without ... installing the hotfixes, there will be some problems with VPN. ... Therefore if you installed SP2 on the server, ...
(microsoft.public.windows.server.sbs)
Re: MX record conversion from POP
... First question, do you have a business class, broad band connection coming to your SBS server, with a STATIC IP address? ... Cris Hanna [SBS - MVP] ... Windows Small Business Server 2008 Unleashed ... straight email delivery, ...
(microsoft.public.windows.server.sbs)