Replicating Active Directory

This is one of the easiest systems to add redundancy to. Active Directory contains all the information about your customer’s users and machines. If this fails, and you have no backup, they have a problem.


But even if you’re backing up their AD, backups can fail and changes can take place outside of the backup schedule. If those changes include user passwords, this can become a real problem. As well as taking regular (daily) backups, you can protect AD using server replication.

In principle this is simple but much depends on the complexity of your organisation. For a single office you can use a virtual machine on another local server as a backup domain controller.
If you have multiple mid-sized offices where bandwidth between offices is an issue, you might want to have multi-masters where each site is supported by its own domain controller. These are then synchronised so that a failure at one site will be covered by a domain controller on another site.

To create a backup domain controller using a virtual machine:

1. Install Microsoft Virtual Server or VMware Server on an existing computer.

2. Install Windows Server as a member server and join it to the domain.

3. Login as a Domain Administrator.

4. Start Server Manager.

5. Run the Add Roles wizard.

6. Select Active Directory Domain Services which launches the Active Directory Domain Services Installation wizard.

7. On the Deployment Configuration page, go to Existing Forest then Add a domain controller to an existing domain.

8. When asked for credentials, select 'Use existing’.

9. Select the domain from the next page.

10. Select the site – this is very important if you are using multiple sites.

11. By default, the new server will be configured as a DNS Server and a Global Catalog server. With Windows Server 2008, Microsoft added a new capability, Read-Only Domain Controller (RODC).

12. Set the location for the database, log files and Syslog directories.

13. When prompted, enter the Directory Services Restore Mode Administrator Password.

14. Save the settings so that you can use them to create another Domain Controller.

15. Finish and reboot.


If the primary domain controller fails, you can then promote this new domain controller to be the primary until you can repair the original domain controller.

You can then build a virtual machine on your own site and create another backup DC. This will provide the client with both local and remote protection.
Link to a Relevant FeatureClick Here to go to the main feature - Fail over, not fall over

Share |
Write comment
security image
smaller | bigger



Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010



tools If you're trying to solve connectivity problems at a customer site, you can ask a colleague back at your office to use ping and traceroute to see how the network appears to the outside world; or you can use the tools at to do it yourself. There are tools for looking up Mac addresses and calculating subnet masks too. If you need a more detailed trace, has a pathping tool.
read more


Unified communications


The #1 Bestseller for Only 77p

Key resources

Login to view Key Resources