Taking a DC offline for maintenance

[Franc v/d Westelaken]

Hi,

I've a single domain AD with 2 domain controllers. This week I have to
do maintenance to one of the DC's and have to take it offline during
buisness hours. Whar are the precoutions I must take in order to keep
the network running. I've tried it today to shut the DC down, but as
soon as the DC is offline all requests to Exchange from outlook and
access to shares accross the network fail. The client just hangs or
internet explorer prompts for a username and password. Both DC are
global catalogs.... And the DC I'm taking offline temporarily holds al
the FSMO roles. The DC I have to take offline is also a DNS server but
the second DC is also a DNS server and all clients have both DNS
servers configured.

Franc.

 

[Laura E. Hunter \(MVP\)]

You should transfer the PDC Emulator role to the remaining DC, since
down-level clients and certain applications need to be able to access it at
all times in order to log on and function on the network:

http://www.microsoft.com/resources/...prise/proddocs/en-us/sag_adTransPDCMaster.asp

The remaining FSMO roles are not critical to transfer if the original DC
will be coming back online within a reasonable timeframe. You can transfer
the PDC Emulator role back to the original DC using the same process when it
comes back online - unlike some of the other FSMO roles, PDC Emulator is
designed to be transferred pretty easily and without repercussion to the
network.

 

[Paul Bergson {MCT, MCSE}]

Although transferring roles may seem like a solution it isn't going to
provide anything for you in the real short term. If it is down for a day I
wouldn't worrying about it. We had a small wan w/o any of the fsmo roles
available for almost a month with no loss of service. Look at where your
remaining dc's dns points to when the second dc is down as well as your
exchange server. I would make sure the primary dns definition points to the
dns server that is active. As a matter of fact I would point all servers to
the active dns before I brought down the secondary machine.


Paul Bergson MCT, MCSE, CNE, CNA, CCA

 

[David Ingleahrt]

Your problem is due to the fact that Outlook caches the
name of the GC that it talks to. If the GC becomes
unavailable, Outlook will hang, forcing users to have to
kill and restart Outlook.

 

[Franc v/d Westelaken]

Ok, so I can solve this to remove the global catalog fom the DC I'm
taking down so outlook can't connect to it ? Or is it sufficient for
the client to kill outlook and restart it and then it picks up the
online GC ?

Strange thing though that outlook doesn't redirect to the other GC
automatically, now people will have problems when I take the DC
offline.

Franc.

 

[Franc v/d Westelaken]

Ok, I can do that, but since we are running 20 server I must change
them individually or is it possible to 'push' the change of the DNS
servers using group policy and if possible how long does it for the
servers to pick it up ? Do I have to reboot those servers ? That isn't
an option...

All servers already have the secondary DNS set to the other server.
But will I have time outs if the primary server is not available ? Or
is windows smart enough that when it detects that the primary server
is not available after the first query it uses the secondary server
consequently ? And what if the primary comes online again ? When will
windows start using that one again ? Is there a time frame in which
windows checks for the available DNS server ? Sorry for all these
questions but I want to trie to have the impact of taking down a DC as
minimal as possible.

Franc

 

[gjb]

Take a look at this document. It descibes in some detail the interaction
between Outlook, Exchange servers, AD and GCs.

http://www.microsoft.com/downloads/...3f-f979-4745-b7a6-9d8446ef6409&displaylang=en

In particular it deals with how Exchange and outlook decide on which DCs and
GCs will be selected and used and what happens when one becomes unavailable.

 

[Paul Bergson {MCT, MCSE}]

As far as I know there is no gpo to manage it. If you are running windows
2000 then there is no need to reboot, just change the dns and move on. Time
outs will occur and all will work, but you may experience some slight delays
here and there. NT can have the ip service restarted so you wouldn't have
to reboot either. It will all work if you change nothing but I definetly
would change your dc to point to itself while the other is down. What would
happen if the second dc crashed I have seen problems when it is trying to
contact the first machine when booting up. This was a couple of years ago
but I still would at least change the dc.

 

[Franc v/d Westelaken]

Hi all,

thanks for the usefull info... I'll give it a go the end of the week.

Franc.