Don't forget DNS!! Usually, in an MS environment, DNS is on the DCs.
Always ensure that you have at least two DNS servers as well (ideally AD-I
DNS so that users can register in either) and *always* have two different
(internal) DNS servers configured on all clients (that's DNS clients - so
workstations, member servers and DCs).
--
Paul Williams
_________________________________________
http://www.msresource.net
Join us in our new forums!
http://forums.msresource.net
_________________________________________
I don't fully understand the description of what you tried below. Having
multiple domains does not provide fault tolerance - the new domain doesn't
hold the security principals of the old domain and vice versa so they
cannot authenticate users from one another.
If you are looking for fault tolerance in your domain, simply install a
second domain controller in the domain and make it a GC as well. If one
of the DCs fails, the other will provide authentication to the users in
your domain. You may have to seize the FSMO roles to the remaining DC in
the event the FSMO role holder has a hardware failure, but your users will
be able to logon and function correctly.
238369 HOW TO: Promote and Demote Domain Controllers in Windows 2000
http://support.microsoft.com/?id=238369
For added protection, you could perform a System State backup of each DC.
If one failed, you would not have to seize the roles. You could simply
replaced the failed hardware, perform a clean install of Windows 2000 on
the failed machine and then restore the System State backup to that failed
machine to restore AD and the registry back to the state where it was
backed up.
240363 How To Use the Backup Program to Back Up and Restore the System
State in
http://support.microsoft.com/?id=240363
For detailed information on disaster recovery, check out the following
Microsoft Technet link:
Active Directory Disaster Recovery
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/ac
tivedirectory/support/adrecov.mspx
David Pharr, (e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Reply-To: "Yuval ben-david" <
[email protected]>
| From: "Yuval ben-david" <
[email protected]>
| Subject: Simulate Fail of one AD
| Date: Tue, 20 Jul 2004 13:22:48 +0200
| Lines: 22
| Organization: Telecode Computers
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| Message-ID: <
[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: bzq-219-191-117.dsl.bezeqint.net 62.219.191.117
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:81922
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hi,
|
|
| I have installed one domain controller, and
| Another one as a "domain in the same domain"
| To have a backup to the AD.
| But when I simulate a state where the first domain
| As faile, the users can't logon even If I have
| Configured both domains to be Global catalog.
| and installed on both domain DNS server ,and point
| the stations to the dns servers.
| What are the stapes that I should do to be able
| To have a backup domain for worktation logon
| in case that one of the domain as file?
|
|
| Than'x
|
|
|
|
|
|
