How domain controller failover works.

[Guest]

Hi,

I have 7 domain controllers all residing in single site. we have 500 users
accessing them. All DC's are DNS and GC. Our DHCP is configured to point to
DC1 and DC7 as the primary and secondary DNS for these users. Users get
dynamic IP from this DHCP server. Recently, after the patching activity one
of my DC (DC-5) did not come up due to certain hardware issue and few users
faced issues in logging in and few in accessing their mail server.
Theoritically these clients are supposed to get authenticated to next
available DC in this site as a part of DC failover mechanism, but i wonder
why this didnt happen. After a restart of these client computers it started
to work. [Here i'm nt sure if these affected user have shutdown their system
the previous day]

Could someone help me "how to check if my DC failover is working correctly"
What is the mechanism used??

Thanks in adavance

 

[Myweb]

Hello jeethu,

Run dcdiag and netdiag against your dc's and check the result for errors.

Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

 

[Paul Bergson [MVP-DS]]

My guess is the users who were experiencing trouble were logged on and
authenticated via dc5 and had been using this dc for GC services. You
didn't express what type of specific problems your users had but I have seen
this type of problem when relating to Exchange.

As my web suggested you may want to run some diagnostics against your domain
to verify that all things are ok.

Run diagnostics against your Active Directory domain.

If you don't have the support tools installed, install them from your server
install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.

When complete search for fail, error and warning messages.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.