Server Redundancy & Ghosting Domain Controllers.

BoomAM

BoomAM

BoomAM

Soldato
Joined
5 Jul 2003
Posts
16,206
Location
Atlanta, USA
Hi.
How easy is it to have two servers acting in redundancy?

Im thinking of investigating in the idea of a 3rd server here, to act as a redundant server to our domain controller.

Feasible to do to an existing setup?

----------
And is there any software around that'll allow me to ghost our domain controller to a NAS on our network?
As ive heard that ghosting domain controllers causes problems.


Thanks in advance all.
 
Are you wanting to use a virtual server? Setting up a backup domain controller is very easy. Not sure about the ghosting thing though.

What's your current setup?
 
You can just add another DC to your domain and then share the roles between the servers. If you lose a server you'll still need to seize whatever roles it had to the other one.

It doesn't really give you redundancy, but it does mean that you have a server ready to seize all the roles you have lost. If you want it to be fully redundant then you need to looks at Microsoft Clustering Services to get the servers working as a single entity.

Ghosting a DC probably isn't the best of ideas, as you'll have issues if anything changes after the image is used (new users, computers, etc). Best bet is to use a proper backup solution like Backup Exec to save the information from the server.
 
I'm using Backup Exec 11d at the moment there IDR setup is awful!

Having to restore things twice even 3 times before you get the server back online!
 
Not used 11d yet. We use a combo of 9 and 10d and we've not had too many problems restoring anything. Not done a full DR test in a while though :eek:
 
TheKnat said:
Best bet is to use a proper backup solution like Backup Exec to save the information from the server.
Click to expand...
Backup Exec annoys me.
It doesnt function as it should.


I'd ideally like to be able to take the DC offline every half term and then ghost it all to our NAS. But i dont think thats possible is it? :confused:.
 
TheKnat said:
Not used 11d yet. We use a combo of 9 and 10d and we've not had too many problems restoring anything. Not done a full DR test in a while though :eek:
Click to expand...


You try doing a full DR then with out the dr floppy disk. Backup exec guides says install Windows then backup exec then start restoring!

:mad:

The dr disk files changes daily so you need to run the dr wizard for all the dr files then have last nights tape and keep safe. If you lose all servers you have to restore that master copy then restore the latest backup after that.

SQL doesnt seem to restore on its own so you have to restore that on its own. So for a DR you could be restoring a server 3 times before it fully works!!!!!
 
Last time we did a DR trial we had to install Windows first and then backup exec like the guide says. Then it takes about 2 restores to get it back to the state it should be in.
 
Is there any software out there that'll allow me to Image the server and restore it without problems?

Ive been refered to Ultrabac, but it doesnt seem the most professional piece of software (going off the website?).

Ideas.:).
 
You can't really do this, and it's not supported or recommended.

If you have only one DC (not recommended), then simply add another. Depending on your needs it doesn't have to be a meaty box by any stretch of the imagination, even a desktop PC with a server OS will do this for you happily in most cases.

In the case of one failing the second can still peform the functions of the other (authentication, policy processing etc etc), have DHCP point each clients relative IP settings (DNS and WINS) to both DC's.

There's not a lot to it in all honesty.

If you did GHOST a DC, then restored it's image from an earlier date (say 3 months), imagine the havoc it would play with it's out-of-date information.

This is one of the main reasons MS's default Active Directory install has a DC tombstone life of 60 days, if a DC is not contactable in AD for within that time period, it's theoretically 'finished'.
 
Do you believe clustering a DC would be easier than adding a second?

Not being rude (seriously), I'm just curious as to how you would find this easier?
 
Well the OP wanted redundancy and I think the only real way of doing that would be clustering.

This would give the fail-over he needed without really (other than the initial setup) doing anything else. As soon as the server fails the other one kicks in.

It's not the easiest thing in the world to setup but once you've done it there's nothing really to do other than to keep an eye on both servers every now and again in case it does fail.




M.
 
When people mention clustering, it's due to a requirement for HA (often very serious, very expensive, and quite complex). If your systems are critical enough to be HA then yes, but DC's are in essence the tin soldiers of your network. The redundancy for a DC (AD) is to have more than one and take good backups.

Have two or twenty on a site, it doesn't matter, one of the last things you should even be trying to do with them is cluster. They are what they are and each perform the exact same function (for the most). When one dies, the other(s) just continue, that's the idea of a common replicated database (AD) model.

At most your main office may have one or two DC's with mirrored disks, if they are a serious outfit.

Does your company cluster DC's? Or have you worked for someone before that does?

Again, not being rude, but I'm interested in under what circumstances you've found this to be applicable. :)
 
I doubt clustering domain controllers would even work, if one node fails, what happens to the FSMO roles held by the failed DC? Wouldn't you still have to seize them?

Standard practice would be to add additional domain controllers into the domain, that should provide ample redundancy.
 
Although all the DC's share the same information, there are 5 (6 if you include GC) roles which are only held by one server at once. If you lose the server which holds these roles you will be looking at having serious problems with your domain.

We've not clustered our domain controller yet, but we are going to do it when they are rebuilt on our virtual servers. Mainly looking at this because we're a bit worried about loosing our DHCP server, as we have the AD roles spread over multiple server already.
 
aix0 said:
I doubt clustering domain controllers would even work, if one node fails, what happens to the FSMO roles held by the failed DC? Wouldn't you still have to seize them?
Click to expand...

Surely if you have clustered DC's they act as a single entity so if you lose a physical machine then the other should spring to life as the same machine.

If you separate DC's running as stand along boxes then you would need to Seize the FSMO roles
 
TheKnat said:
Although all the DC's share the same information, there are 5 (6 if you include GC) roles which are only held by one server at once. If you lose the server which holds these roles you will be looking at having serious problems with your domain.

We've not clustered our domain controller yet, but we are going to do it when they are rebuilt on our virtual servers. Mainly looking at this because we're a bit worried about loosing our DHCP server, as we have the AD roles spread over multiple server already.
Click to expand...

Not entirely true. Any number of DC's can be a GC, as many as you want. Three of the five master roles are forest wide, and there can only be one instance (owner) of them at any one time (PDC Emulator, Schema master, Domain naming master). The other two roles (RID master and Infrastructure master) have one owner per domain, so it's usual to have more than one 'owner' in a multiple domain environment, not that this helps here.

The OP asked what the 'easiest' way was to provide DC redundancy. The answer is to add one or more DC's and take regular backups (system state minimum, system drive aswell is better pracitce). If the OP even had to ask this question, why advise clustering as a potential solution?
 
You must log in or register to reply here.
Back
Top Bottom