Login Redundancy

[jwmoody]

Is there a preferred procedure to setup login redundancy with Windows
2003 Active Directory so that in the event that one DC is down,
clients can authenticate to another DC? I saw a group policy that
potentially referred to this, but can’t remember where it is exactly.

Thanks,

JWM

 

[Simon Geary]

Such redundancy is fairly well built in to the whole system, so long as your
forest is properly configured your clients should be able to find an
available DC in the event that one goes down.

So what do I mean by properly configured? Well you first of all have to have
your Sites & Subnets properly configured, a client tries by default to find
a DC to authenticate to that's in it's own site. If it cannot find one, it
will try to find any DC in the domain. The way it finds the DCs is by using
DNS, so clients must be configured with at least two DNS server addresses
for redundancy. Lastly, a Global Catalogue must be available at logon so the
GC role should be fairly widespread. If you have a single domain, make all
DCs a GC.

(This doesn't really relate to Group Policy by the way.)

Is there a preferred procedure to setup login redundancy with Windows
2003 Active Directory so that in the event that one DC is down,
clients can authenticate to another DC? I saw a group policy that
potentially referred to this, but can't remember where it is exactly.

Thanks,

JWM

--
Posted using the http://www.windowsforumz.com interface, at author's
request
Articles individually checked for conformance to usenet standards
Topic URL:
http://www.windowsforumz.com/Active-Directory-Login-Redundancy-ftopict365357.html
Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=1177703

 

[Cary Shultz [A.D. MVP]]

JWM,

I think that Simon pretty much summed it up nicely. Make sure that you have
set up Sites and Services ( in that you have created a Site for each
location - assuming that this is what you want to do....by default there is
already one Site created for you - the much beloved
Default-First-Site-Name ) and that you create a Subnet for each Subnet in
your environment and associate each Subnet with the appropriate Site.

I would have two Domain Controllers - this is the redundancy that you are
looking to find. I would also make sure that both Domain Controllers are
running Active Directory Integrated DNS ( or Dynamic DNS or simply DDNS )
and that both Domain Controllers are - as Simon stated - Global Catalog
Servers. Additionally, make sure that DHCP gives out the IP Address of both
DNS Servers as part of the Scope Options. This way the DHCP Clients will
have both....

You do not mention what your environment is. So, this suggestion might or
might not completely apply.

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

Is there a preferred procedure to setup login redundancy with Windows
2003 Active Directory so that in the event that one DC is down,
clients can authenticate to another DC? I saw a group policy that
potentially referred to this, but can't remember where it is exactly.

Thanks,

JWM

--
Posted using the http://www.windowsforumz.com interface, at author's
request
Articles individually checked for conformance to usenet standards
Topic URL:
http://www.windowsforumz.com/Active-Directory-Login-Redundancy-ftopict365357.html
Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=1177703