Multiple Domain Controllers
Results 1 to 6 of 6

Thread: Multiple Domain Controllers

  1. #1
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718

    Multiple Domain Controllers

    Hey guys, I need a little help here

    Ok,
    The Setup:
    1 domain with 20-30 users. 1 DC (Windows 2K Server). Functions as the GC and all FSMO roles.
    Not presently connected: New Windows 2003 Standard Server (Dell)
    On order: Another identical Windows 2003 Standard Server (Dell)

    The Plan:
    To upgrade the Windows 2K Server to 2003 Standard Server. To initially bring on the first new 2003 Standard Server as a secondary DC (Replication Partner) for redundancy. Then (when the other new 2003 Server arrives) to eventually phase out the upgraded 2K Server completely and have two brand new 2003 Servers running the whole show.

    The Question:
    Once I have the upgraded 2K Server running as the primary DC, and the new 2003 Server as my Replication Partner, what is the best practice for promoting the new 2003 Server to the Primary DC and demoting the 2K Server to a Replication Partner? (Basically I want to switch the DC's around). The reason is because we want to phase out the 2K (eventually) and ready the other 2003 Server (that's on order) to take over as the Replication Partner.
    The basic topography I'm looking for will go in these steps:
    1) Upgrade 2K to 2003 (keep as primary DC for now)
    2) Add new 2003 Server as secondary DC
    3) Once everything is working, switch DC's around (do I need to do this?)
    4) When other 2003 Server arrives, set that up as the secondary DC and get rid of the upgraded 2K server alltogether.

    More Questions:
    Does it makes sense to do it this way? Should I just keep the upgraded 2K server as the primary DC until the new server arrives and then just make that the primary DC? Will the replication partner be ok, if I remove one primary DC (the upgraded 2K) and replace it with another primary DC (The 2003 Server on order)? I know this all sounds messy but it has to get done. Any help is appreciated. I've been looking at article after article with no exact reference to my issues.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    On NT4 you had to promote a secondary domain controller when the primary went down or else you couldn't make any (useraccount) changes. All this changed with 2K. IIRC from 2K onwards there's no such thing as a primary and secondary domain-controller anymore like you had with NT4. They're basicly all "primary" domain-controllers, changes made to one will be replicated to the others. So, no need to "switch".
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    SirDice,
    Thanks for the response. I'm glad you cleared that up for me. I kept reading articles from various sites that seemed to throw around the terms "secondary DC", "replication partner" and "backup DC". They did emphasize that the PDC and BDC are NT specific and that new servers don't have that setup anymore (like you said).
    That's where my confusion was. I wasn't sure what exactly happened once a replication partner was added. I appreciate the help. This makes life much easier for me.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    In AD all servers are the same... except they aren't...

    You have the part about the FSMO, (Flexible Single Master of Operations(?)). The FSMO maintains the five main AD processes such as Schema Master etc. When you dcpromo a server and answer the question "Is this the first server in the domain?" with "yes" you are creating a FSMO. You can spread out the Master Roles to other servers if you wish but only one server can be the Master of any Role. Without the Masters of these roles the domain won't function correctly.

    Now this can be a real bummer if your FSMO or a role master goes down. So MS allows you to "seize" these roles because you can't say a server is the first in the domain and have the domain work correctly if there are already other servers in the domain.

    I would be inclined to join the 2k3 server to the domain and promptly seize the FSMO role per the procedure laid down in the MS knowledgebase. Then I'd do a clean install of 2k3 on the 2k box and work from there.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by Tiger Shark

    I would be inclined to join the 2k3 server to the domain and promptly seize the FSMO role per the procedure laid down in the MS knowledgebase. Then I'd do a clean install of 2k3 on the 2k box and work from there.
    Hey Hey,

    I like this idea, however depending on the time frame for the new server to come in I'd prolly not bother with a clean install on the 2K box.... I'd leave it..

    i) New 2k3 server comes in, add it to the domain
    ii) Seize the FSMO roles and ensure that 2k3 is responsible for everything.
    iii) Second new 2k3 server comes in, remove the 2k Server and add this server..

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #6
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Tiger,
    That was another issue I was trying to ration. I know that you can change the server roles through the AD snap-in (read that on the MS knowledgebase). Initially I was thinking there would have to be some "down time" but, after some thought and your guys input, that may not be true.
    I was thinking of doing is this way (after what you guys told me):

    1) Setup the new 2003 Server
    2) Add the new 2003 Server (as a replication partner) to the existing domain hosted by the 2K server. (For the time being, let the 2K server handle the GC and all FSMO roles).
    3) Copy whatever files users will need from the 2K Server to the 2003 Server.
    4) Make sure AD was transferred correctly to 2003 Server.
    5) Keep the 2K as the Global Catalog & FMSO roles and make sure the 2003 Server is not taking on any roles. (not sure about how I will setup the FSMO roles at this point)
    5) Add the 2003 Server's IP as the Alternative DNS server for each connecting client.
    6) Power down 2K and check how 2003 Server works. (a.k.a Pray)
    7) If all goes well, then upgrade 2K to 2003 and add it back into the domain.
    8) Establish new GC & FSMO roles.

    No matter what angle I take, I can't seem to simplify this process. What am I missing here? It just seems overly complicated to me.

    Alternative Method (with downtime):
    1) Setup 2003 Server.
    2) Add 2003 Server to Domain.
    3) Copy Files from 2K to 2003 for users.
    4) Add 2003 Server IP to each Client for Primary DNS Server.
    5) Change all roles to 2003 Server (including GC & FSMO roles).
    6) Power down 2K.
    7) Upgrade 2K.
    8) Add upgraded 2K back to Domain as Replication Partner.
    9) Add upgraded 2K Server IP to each Client for alternative DNS Server.

    Sorry about the rambling. I'm just trying to determine the most efficient way to do this. Again, thanks for the help.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •