G
Guest
Im relatively new to Active Directory. I've been posting questions in here
for the last couple months and things are coming along slowly. Things are
working out well, you guys have been of great help. But before i go too far;
I just want to make sure im running things correctly.
I need advice about my configuration of my Active Directory domain and its
structure. All my Servers are Windows 2003 Server. What im in the process of
doing is, converting our Novell Network (that is used only for File and Print
share) to Active Directory. Im not concerned at the moment about the
conversion; I've already done test runs on this and know how to do this. At
the same time that im building this new Active Directory domain, im also
setting up a Disaster Recovery Site for this domain. We have purchased all
our equipment and are using VMware ESX software to build our servers. Our
Production site and our Disaster Recovery site are in different states and
are connected by way of a T1. Both networks are also in different Subnets. We
have also purchase NSI Double Take software to replicated our file server.
This is what i've done so far. I've built two Active Directory Domain
Controllers in our Production site and a File Server that is a Member Server
of the domain. Both Active Directory Domain Controllers are also Active
Directory Intergrated DNS Servers.
Then I built two additional Active Directory Domain Controllers in our
Disaster Recovery site. I just added them to the same domain. These
additional Active Directory Domain Controller are also Active Directory
Intergrated DNS Severs. Then I also built an additional File Server that is a
member server of the same domain.
All Active Directory Domain Controllers in both my Production site and my
Disaster Recovery site are Global Catalog Servers. I have the NSI Double Take
software installed my both my File Servers for replication. I've also tested
this software and it is working out well.
No roles have been moved from any servers. Therefore, my understanding is
that my first Active Directory Domain Controler is holding all the roles.
I set up the network this way, so in the event of a disaster; my network
will be replicated in my Disaster Recovery site. I've done some test runs
and things worked, but not 100%. After I shutdown my Production Site, the
Double Take software notice the network went down and took over. That part
worked great. But for the Acitve Directory Domain, logins took longer; logon
sctipts seem to take a long time to map and they didn't seem to work
correctly. I used IFMember commands in my scripts and it didn't reconize this
command when the Production site went down, but it did see all the Net Use
commands and Mapped all drives for all groups for one user. Even mapping for
groups the user isn't in.(At the moment everyone has rights to all files on
the File Server. I will change this later). But when the Production site is
up, the IFMember command works and they only get their asigned mappings. When
i placed the IFMember command in the Netlogon folder on the first DC, I did
notice it replicate to the other servers. So way wouldn't this work?
Today i notice that i was getting errors in my event logs of my first domain
controller. These error were posted at times when both sites were up and
everything seemed to be working well. The error ID's were
Type: Error
User: NT Authority\System
Computers: MY First Domain Controller
Source: Userenv
Category: None
Event ID: 1030
Type: Error
User: NT Authority\System
Computer: My First Domain Controller
Source: Userenv
Category: None
Event ID: 1058
Then on a final note. My manager would like to use our Disaster Recovery
site as our only source of redundancy for our VMWare Server. I didn't mention
this before, but All three servers in our Production Site Reside on a Storage
Array connected to only one server running VMWare. So if this server should
fail, then all three servers will go down, and he would like our users in our
production site to connect over the T1 to the remaining two Active Directory
servers and the File server in our Disaster Recovery Site. Another scenario I
can think of would be if only the File Server in the production site went
down, then users would connect to the File Server in our Disaster Recovery
site.
After having all these issues and thoughts; I got to thinking, about Sites;
but im not familar with them. All my server are in the same domain and the
same site. Should i have created two different sites within the same domain.
This is what got me thinking to open this post.
From all my reading about Active Directory, i believe i setup the domain
correctly; but im unsure whether or not i should have created two different
sites under the one domain. I am unfamilar with this.
Any comments on my configuration of my Active Directory Domain and its
structure will be appriciated.
At first our DR site was only in place if a major disaster happened (Users
couldn't work from the Production Site for whatever reason). Now my manager
wants to use it any time there is a disruption at our Production Site. So,
should the VMWare server go down, then all of our Production Servers would go
down and he would like users to connect from the production site to the DR
site. Remember, All the production servers are on one Storage Array connected
to the one VMWare Server. This is the same setup in the DR site. The DR site
only hosts the two Active Directory Servers and One File Server. There are
about 15 workstations sitting there in the event of a major disaster and
users have to work from there. Otherwise, no users should connect to these
server unless one of these situations happen. The file server in the DR site
is only replicating the file server in our Production site using NSI Double
Take.
Therefore, once again, the disaster recovery site is only there to
replicated our Production Site; and to be used when one of the two senerios
happen.
One: a major disaster happens; and users work from the DR site.
Two: the servers in the Production site are not accessible, but users
are still working from the production site, but connect to the servers in the
DR site.
Thanks in advance. Sorry so long.
Shannon
for the last couple months and things are coming along slowly. Things are
working out well, you guys have been of great help. But before i go too far;
I just want to make sure im running things correctly.
I need advice about my configuration of my Active Directory domain and its
structure. All my Servers are Windows 2003 Server. What im in the process of
doing is, converting our Novell Network (that is used only for File and Print
share) to Active Directory. Im not concerned at the moment about the
conversion; I've already done test runs on this and know how to do this. At
the same time that im building this new Active Directory domain, im also
setting up a Disaster Recovery Site for this domain. We have purchased all
our equipment and are using VMware ESX software to build our servers. Our
Production site and our Disaster Recovery site are in different states and
are connected by way of a T1. Both networks are also in different Subnets. We
have also purchase NSI Double Take software to replicated our file server.
This is what i've done so far. I've built two Active Directory Domain
Controllers in our Production site and a File Server that is a Member Server
of the domain. Both Active Directory Domain Controllers are also Active
Directory Intergrated DNS Servers.
Then I built two additional Active Directory Domain Controllers in our
Disaster Recovery site. I just added them to the same domain. These
additional Active Directory Domain Controller are also Active Directory
Intergrated DNS Severs. Then I also built an additional File Server that is a
member server of the same domain.
All Active Directory Domain Controllers in both my Production site and my
Disaster Recovery site are Global Catalog Servers. I have the NSI Double Take
software installed my both my File Servers for replication. I've also tested
this software and it is working out well.
No roles have been moved from any servers. Therefore, my understanding is
that my first Active Directory Domain Controler is holding all the roles.
I set up the network this way, so in the event of a disaster; my network
will be replicated in my Disaster Recovery site. I've done some test runs
and things worked, but not 100%. After I shutdown my Production Site, the
Double Take software notice the network went down and took over. That part
worked great. But for the Acitve Directory Domain, logins took longer; logon
sctipts seem to take a long time to map and they didn't seem to work
correctly. I used IFMember commands in my scripts and it didn't reconize this
command when the Production site went down, but it did see all the Net Use
commands and Mapped all drives for all groups for one user. Even mapping for
groups the user isn't in.(At the moment everyone has rights to all files on
the File Server. I will change this later). But when the Production site is
up, the IFMember command works and they only get their asigned mappings. When
i placed the IFMember command in the Netlogon folder on the first DC, I did
notice it replicate to the other servers. So way wouldn't this work?
Today i notice that i was getting errors in my event logs of my first domain
controller. These error were posted at times when both sites were up and
everything seemed to be working well. The error ID's were
Type: Error
User: NT Authority\System
Computers: MY First Domain Controller
Source: Userenv
Category: None
Event ID: 1030
Type: Error
User: NT Authority\System
Computer: My First Domain Controller
Source: Userenv
Category: None
Event ID: 1058
Then on a final note. My manager would like to use our Disaster Recovery
site as our only source of redundancy for our VMWare Server. I didn't mention
this before, but All three servers in our Production Site Reside on a Storage
Array connected to only one server running VMWare. So if this server should
fail, then all three servers will go down, and he would like our users in our
production site to connect over the T1 to the remaining two Active Directory
servers and the File server in our Disaster Recovery Site. Another scenario I
can think of would be if only the File Server in the production site went
down, then users would connect to the File Server in our Disaster Recovery
site.
After having all these issues and thoughts; I got to thinking, about Sites;
but im not familar with them. All my server are in the same domain and the
same site. Should i have created two different sites within the same domain.
This is what got me thinking to open this post.
From all my reading about Active Directory, i believe i setup the domain
correctly; but im unsure whether or not i should have created two different
sites under the one domain. I am unfamilar with this.
Any comments on my configuration of my Active Directory Domain and its
structure will be appriciated.
At first our DR site was only in place if a major disaster happened (Users
couldn't work from the Production Site for whatever reason). Now my manager
wants to use it any time there is a disruption at our Production Site. So,
should the VMWare server go down, then all of our Production Servers would go
down and he would like users to connect from the production site to the DR
site. Remember, All the production servers are on one Storage Array connected
to the one VMWare Server. This is the same setup in the DR site. The DR site
only hosts the two Active Directory Servers and One File Server. There are
about 15 workstations sitting there in the event of a major disaster and
users have to work from there. Otherwise, no users should connect to these
server unless one of these situations happen. The file server in the DR site
is only replicating the file server in our Production site using NSI Double
Take.
Therefore, once again, the disaster recovery site is only there to
replicated our Production Site; and to be used when one of the two senerios
happen.
One: a major disaster happens; and users work from the DR site.
Two: the servers in the Production site are not accessible, but users
are still working from the production site, but connect to the servers in the
DR site.
Thanks in advance. Sorry so long.
Shannon