Server

Replicating Active Directory

This is one of the easiest systems to add redundancy to. Active Directory contains all the information about your customer’s users and machines. If this fails, and you have no backup, they have a problem.

 
 


But even if you’re backing up their AD, backups can fail and changes can take place outside of the backup schedule. If those changes include user passwords, this can become a real problem. As well as taking regular (daily) backups, you can protect AD using server replication.

In principle this is simple but much depends on the complexity of your organisation. For a single office you can use a virtual machine on another local server as a backup domain controller.
If you have multiple mid-sized offices where bandwidth between offices is an issue, you might want to have multi-masters where each site is supported by its own domain controller. These are then synchronised so that a failure at one site will be covered by a domain controller on another site.

To create a backup domain controller using a virtual machine:

1. Install Microsoft Virtual Server or VMware Server on an existing computer.

2. Install Windows Server as a member server and join it to the domain.

3. Login as a Domain Administrator.

4. Start Server Manager.

5. Run the Add Roles wizard.

6. Select Active Directory Domain Services which launches the Active Directory Domain Services Installation wizard.

7. On the Deployment Configuration page, go to Existing Forest then Add a domain controller to an existing domain.

8. When asked for credentials, select 'Use existing’.

9. Select the domain from the next page.

10. Select the site – this is very important if you are using multiple sites.

11. By default, the new server will be configured as a DNS Server and a Global Catalog server. With Windows Server 2008, Microsoft added a new capability, Read-Only Domain Controller (RODC).

12. Set the location for the database, log files and Syslog directories.

13. When prompted, enter the Directory Services Restore Mode Administrator Password.

14. Save the settings so that you can use them to create another Domain Controller.

15. Finish and reboot.

 

If the primary domain controller fails, you can then promote this new domain controller to be the primary until you can repair the original domain controller.

You can then build a virtual machine on your own site and create another backup DC. This will provide the client with both local and remote protection.
Link to a Relevant FeatureClick Here to go to the main feature - Fail over, not fall over


 
Banner
Share |
Write comment
security image
smaller | bigger

busy

Download


Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010

 
FREE SUBSCRIPTION!
Banner

IT EXPERT TOP TIP

If Autoruns, Processor Explorer, FileMon, RegMon and the other SysInternals tools aren't already in your arsenal, then you need to take a look at the instructions for these invaluable free utilities on the Sysinternals site. If you already know, love and tote them around on a USB stick, memorise http://live.sysinternals.com instead; this hosts the full set of tools as EXEs files, complete with help files, so you can run them from any machine you need to work on without needing to install them or even unpack a ZIP file. read more

TAKE THE POLL

Unified communications

Banner

The #1 Bestseller for Only 77p

Key resources

Login to view Key Resources

RECENT COMMENTS