Replicating Active Directory

This is one of the easiest systems to add redundancy to. Active Directory contains all the information about your customer’s users and machines. If this fails, and you have no backup, they have a problem.


But even if you’re backing up their AD, backups can fail and changes can take place outside of the backup schedule. If those changes include user passwords, this can become a real problem. As well as taking regular (daily) backups, you can protect AD using server replication.

In principle this is simple but much depends on the complexity of your organisation. For a single office you can use a virtual machine on another local server as a backup domain controller.
If you have multiple mid-sized offices where bandwidth between offices is an issue, you might want to have multi-masters where each site is supported by its own domain controller. These are then synchronised so that a failure at one site will be covered by a domain controller on another site.

To create a backup domain controller using a virtual machine:

1. Install Microsoft Virtual Server or VMware Server on an existing computer.

2. Install Windows Server as a member server and join it to the domain.

3. Login as a Domain Administrator.

4. Start Server Manager.

5. Run the Add Roles wizard.

6. Select Active Directory Domain Services which launches the Active Directory Domain Services Installation wizard.

7. On the Deployment Configuration page, go to Existing Forest then Add a domain controller to an existing domain.

8. When asked for credentials, select 'Use existing’.

9. Select the domain from the next page.

10. Select the site – this is very important if you are using multiple sites.

11. By default, the new server will be configured as a DNS Server and a Global Catalog server. With Windows Server 2008, Microsoft added a new capability, Read-Only Domain Controller (RODC).

12. Set the location for the database, log files and Syslog directories.

13. When prompted, enter the Directory Services Restore Mode Administrator Password.

14. Save the settings so that you can use them to create another Domain Controller.

15. Finish and reboot.


If the primary domain controller fails, you can then promote this new domain controller to be the primary until you can repair the original domain controller.

You can then build a virtual machine on your own site and create another backup DC. This will provide the client with both local and remote protection.
Link to a Relevant FeatureClick Here to go to the main feature - Fail over, not fall over

Share |
Write comment
security image
smaller | bigger



Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010



leave When you add a new user and their email address doesn't show up in the Global Address List, work through the tips and suggestions in the ever-useful Exchangepedia Blog:
Bulk-add new users with the script here ( or give existing users mail access ( - this also has details for adding multiple meeting rooms as resources). And when an employee gets replaced, the steps at make it easy to connect the previous user's mailbox to the new user account so that mail for that job role keeps going to the right place. Reject spam with a custom message Just in case the message you're rejecting comes from a real person, you can have Exchange send a less cryptic message that the default error; it will make your customers look more professional. This blog post
explains how - but make sure to keep the 550 error code at the beginning.
read more


Unified communications


The #1 Bestseller for Only 77p

Key resources

Login to view Key Resources