Replicating Active Directory

This is one of the easiest systems to add redundancy to. Active Directory contains all the information about your customer’s users and machines. If this fails, and you have no backup, they have a problem.


But even if you’re backing up their AD, backups can fail and changes can take place outside of the backup schedule. If those changes include user passwords, this can become a real problem. As well as taking regular (daily) backups, you can protect AD using server replication.

In principle this is simple but much depends on the complexity of your organisation. For a single office you can use a virtual machine on another local server as a backup domain controller.
If you have multiple mid-sized offices where bandwidth between offices is an issue, you might want to have multi-masters where each site is supported by its own domain controller. These are then synchronised so that a failure at one site will be covered by a domain controller on another site.

To create a backup domain controller using a virtual machine:

1. Install Microsoft Virtual Server or VMware Server on an existing computer.

2. Install Windows Server as a member server and join it to the domain.

3. Login as a Domain Administrator.

4. Start Server Manager.

5. Run the Add Roles wizard.

6. Select Active Directory Domain Services which launches the Active Directory Domain Services Installation wizard.

7. On the Deployment Configuration page, go to Existing Forest then Add a domain controller to an existing domain.

8. When asked for credentials, select 'Use existing’.

9. Select the domain from the next page.

10. Select the site – this is very important if you are using multiple sites.

11. By default, the new server will be configured as a DNS Server and a Global Catalog server. With Windows Server 2008, Microsoft added a new capability, Read-Only Domain Controller (RODC).

12. Set the location for the database, log files and Syslog directories.

13. When prompted, enter the Directory Services Restore Mode Administrator Password.

14. Save the settings so that you can use them to create another Domain Controller.

15. Finish and reboot.


If the primary domain controller fails, you can then promote this new domain controller to be the primary until you can repair the original domain controller.

You can then build a virtual machine on your own site and create another backup DC. This will provide the client with both local and remote protection.
Link to a Relevant FeatureClick Here to go to the main feature - Fail over, not fall over

Share |
Write comment
security image
smaller | bigger



Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010



If you're supporting en users who need to transfer files by FTP occasionally, explaining how to use FTP every time can get frustrating. Map an FTP site as a custom network location and they can do it through the familiar Explorer window. If you only have a couple of machines you can choose Tools >Map Network Drive… in Explorer and click the link 'Connect to a Web site that you can use to store your documents and pictures' to open a wizard that creates a network location. Select 'Choose a custom network location', type in the FTP address and fill in the user name and password. You can also create mapped drives and network places on the Environment tab of the user's Active Directory object - but if you have a lot of users to set up, put it in the logon script for the user profile under Active Directory Users and Computers.
If you're running into problems with Group Policy Objects, check this handy summary of the rules at read more


Unified communications


The #1 Bestseller for Only 77p

Key resources

Login to view Key Resources