Second domain controller failed, urgent.

[Neal]

We have two Windows 2003 domain controllers. The backup one (second domain
controller) has failed. Until I can get that replaced (three days) I need
to make one of the other servers a domain controller.

I have three bad choices. Which is the least bad?

Windows 2000 Exchange 2003 server.
Windows 2000 SQL and IIS.
Windows 2000 Terminal Server.

As you can see, I really don't want to put it on any of them. Which one
should I make the new (temporary) DC?

Thanks, Neal.

 

[SaltPeter]

We have two Windows 2003 domain controllers. The backup one (second domain
controller) has failed. Until I can get that replaced (three days) I need
to make one of the other servers a domain controller.

I have three bad choices. Which is the least bad?

Windows 2000 Exchange 2003 server.
Windows 2000 SQL and IIS.
Windows 2000 Terminal Server.

As you can see, I really don't want to put it on any of them. Which one
should I make the new (temporary) DC?

Thanks, Neal.

Nobody knows, depends of the load on each member server. Whats perhaps more
important is whether you've seized any lost FSMO roles and whether your
backups are up to date.

Most organisations with that kind of critical scenario rely on 4-hour
recovery plan on replacing a server or related hardware. Its a base-line
industry-wide standard when it comes to server hardware failures(in other
words, its a common feature of service contracts).

Lets face it, the SQL database probably has a value that far exceeds the
hardware its sitting in. Exchange...ditto. Multiply the number of lost TS
time per employee and the cost of the TS server's hardware is reached before
you've finished your morning coffee. Try calculating the loss of 60 minutes
worth of domain down time in your company and, if you haven't fainted at the
result, throw the report on the boss's desk along with the proposal for a
standby, recovery server + the needs for a real service contract.

 

[Neal]

Thanks for your input.

In the good old days of NT 4 domains and Exchange 5.5 it wasn't so critical
that the domain controller was offline. Now with the AD, it's a different
ball game.

It was the second DC that went down, so I didn't have to worry about the
roles. However I do have to say that having to seize them is daunting and I
can't for the life of me understand why this can't be done easily and even
automatically. Make it well hidden and pop up a couple of warnings so it
can't be done accidentally.

Thanks, Neal

 

[SaltPeter]

Thanks for your input.

In the good old days of NT 4 domains and Exchange 5.5 it wasn't so critical
that the domain controller was offline. Now with the AD, it's a different
ball game.

It was the second DC that went down, so I didn't have to worry about the
roles. However I do have to say that having to seize them is daunting and I
can't for the life of me understand why this can't be done easily and even
automatically. Make it well hidden and pop up a couple of warnings so it
can't be done accidentally.

I agree completely, a W2K domain infrastructure should provide self-healing
capabilities, not just an Event. Are you sure the dead DC didn't have any
roles? It should have in order to dissipate the load on the DCs. This
includes placement of the Global Catalog.

In the meantime, dumpfsmos might help in quickly identifying the roles:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/dumpfsmo
s-o.asp
or
dcdiag /test:Knowsofroleholders /v

to seize:

ntdsutil

- roles
- connections
- connect to server (e-mail address removed)
- quit
- fsmo maintenance: - seize domain naming master (or infrastructure master ,
etc)
- quit

 

[SaltPeter]

Thanks for your input.

In the good old days of NT 4 domains and Exchange 5.5 it wasn't so critical
that the domain controller was offline. Now with the AD, it's a different
ball game.

It was the second DC that went down, so I didn't have to worry about the
roles. However I do have to say that having to seize them is daunting and I
can't for the life of me understand why this can't be done easily and even
automatically. Make it well hidden and pop up a couple of warnings so it
can't be done accidentally.

I agree completely, a W2K domain infrastructure should provide self-healing
capabilities, not just an Event. Are you sure the dead DC didn't have any
roles? It should have in order to dissipate the load on the DCs. This
includes placement of the Global Catalog.

In the meantime, dumpfsmos might help in quickly identifying the roles:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/dumpfsmo
s-o.asp
or
dcdiag /test:Knowsofroleholders /v

to seize:

ntdsutil

- roles
- connections
- connect to server (e-mail address removed)
- quit
- fsmo maintenance: - seize domain naming master (or infrastructure master ,
etc)
- quit