Making a redundant windows 2000 AD network?

Z

ZenDragon

[H]ard|Gawd
Joined
Oct 22, 2000
Messages
1,698
I have finally been given the authority to upgrade our antiquated NT4 domain to and AD domain. We do not have the cash to go to 2003 so I have begin our migration to AD using windows 2000. Let me start by detailing our environment a little bit;

We have 3 servers, existing over 2 sites. Servers 1 and 2 are in the main site. Server 1 acts as RID master, PDC emulator, and infrastructure master (which is useless in this case as this is a single domain environment). The second server is the Domain naming master, and schema master. Server 2 is a global catalog server, server 1 is not. The third server exists on a seperate site in a different subnet and has is a global catalog server.

Is this environment sufficient for reduncancy in the event that one server might go down? For example if Server 1 were to crash would server 2 still be able to service logins? And if I were to take server 2 off line would everybody still be able to log in?

Please correct me if Im wrong but I understand that the service on which logins depend on the most is the Global catalog server. If server 3 is a GC and server 2 is a GC and server 1 goes down, will users still be able to log in?

Because server 3 is in a different site does it even store GC info for the main site? Or vice versa. If server 3 were do go down would the other site be able to log in via the main site?

I understand what the FSMO roles, and GC roles are. But I dont fully understand their dependencies on each other.
 
If I remember correctly, you need at least one GC DC to auth against. So, as long as you have at least two (one in each site) you should be fine.
 
Fint said:
If I remember correctly, you need at least one GC DC to auth against. So, as long as you have at least two (one in each site) you should be fine.
Click to expand...

Let me ask you this... MS docs say you shouldnt put a GC on the infrastructure master because it then looks to itself for domain changes and wont update the other GCs. However the infrastucture master is only really relevant in a multi domain environment. So, we have two DCs in our phoenix site, one is the schema master and domain naming master, the other is everything else. Do I need to install another server and make it the GC to have the redundancy or can I put a GC on the infrastucture and expect it to work?
 
As long as you have replication properly setup the other GC will get populated everytime with changes. The main thing you will notice if one goes down is major performance decrease and timeouts depending on how many users you have logging in concurrently.

Not sure about the Infra master, interferring. I'll check my servers now to see how it's setup and get back to you.
 
flboad said:
As long as you have replication properly setup the other GC will get populated everytime with changes. The main thing you will notice if one goes down is major performance decrease and timeouts depending on how many users you have logging in concurrently.

Not sure about the Infra master, interferring. I'll check my servers now to see how it's setup and get back to you.
Click to expand...

Bump...

Just wondering you ever got a chance to look at this.
 
Hey i apologize for not replying. Murphy's law hit here. And yes as the above poster said is a no go.
 
Just a curiosity question, I was under the impression that Win2k and Win2k3 cost the same. MS usually introduces their latest at the same price as the one they are replacing to encourage upgrades. Even Newegg has the price as the same. Was it just an assumption on your part that newest costs the most or are you guys stuck with some kind of buying limitation? Not that Win2k sucks or anything, but it is 5 years old... :)

Server 2003 w/ 5 CALS @ $669
http://www.newegg.com/app/ViewProductDesc.asp?description=32-102-227&depa=6

2000 Server SP4 w/ 5 CALS @ $697
http://www.newegg.com/app/ViewProductDesc.asp?description=32-102-239&depa=6

If its because you can't afford to upgrade current hardware, then I guess that makes sense though Server 2003's requirements are still pretty damn low.

http://www.microsoft.com/windowsserver2003/evaluation/sysreqs/default.mspx

Sorry if thats no help to you, I just know people that assumed and ended up buying 2000 thinking to save a few bucks and ended up going DOH!
 
OldPueblo said:
Just a curiosity question, I was under the impression that Win2k and Win2k3 cost the same. MS usually introduces their latest at the same price as the one they are replacing to encourage upgrades. Even Newegg has the price as the same. Was it just an assumption on your part that newest costs the most or are you guys stuck with some kind of buying limitation? Not that Win2k sucks or anything, but it is 5 years old... :)

Server 2003 w/ 5 CALS @ $669
http://www.newegg.com/app/ViewProductDesc.asp?description=32-102-227&depa=6

2000 Server SP4 w/ 5 CALS @ $697
http://www.newegg.com/app/ViewProductDesc.asp?description=32-102-239&depa=6

If its because you can't afford to upgrade current hardware, then I guess that makes sense though Server 2003's requirements are still pretty damn low.

http://www.microsoft.com/windowsserver2003/evaluation/sysreqs/default.mspx

Sorry if thats no help to you, I just know people that assumed and ended up buying 2000 thinking to save a few bucks and ended up going DOH!
Click to expand...


The problem is that we already have the licenses for 2000, and all the CALs as well. It doesnt make sense for the people that spend the money to upgrade and spend 10k buying new server liscenses and CALs even though its the same price as the 2000 cals they already bought. Even though it may make sense to us, given the additional functionality of 2003. There is state government for you. Hense the reason we are still running exchange 5.5. They adhear to the old addage. if its not broke, dont fix it. Really quite frustrating for me.
 
feigned said:
Here's a bit of reading material for you, buddy:

http://support.microsoft.com/kb/223346
http://www.jsiinc.com/SUBH/tip3600/rh3654.htm

You were right. :) Infrastructure + GC is a no-go.
Click to expand...

I have read those papers already... while re-reading it I found this;
...exceptions to the "do not place the infrastructure master on a global catalog server" rule are:
Single domain forest:
In a forest that contains a single Active Directory domain, there are no phantoms, and so the infrastructure master has no work to do. The infrastructure master may be placed on any domain controller in the domain.
Click to expand...

That leads me to believe that it is ok to have the GC on the infrastructure as long as it is a single domain environment. What do you think?
 
CokeFiend said:
Let me ask you this... MS docs say you shouldnt put a GC on the infrastructure master because it then looks to itself for domain changes and wont update the other GCs. However the infrastucture master is only really relevant in a multi domain environment. So, we have two DCs in our phoenix site, one is the schema master and domain naming master, the other is everything else. Do I need to install another server and make it the GC to have the redundancy or can I put a GC on the infrastucture and expect it to work?
Click to expand...


In a single domain forest, don't worry about it.
 
Just to cap...

Its ok to have the GC on the IM (dont we love the acronyms?) in a single domain environment. And as long as the GC is on two servers it is feasable that I could kill either one of the DCs and expect users to still be able to log on? Or is there something else I am missing here? Its hard to find documentation specifically on these things.
 
I learn something everyday.

I was baseing it off of our servers here we have 3 DC's 2 for doman1 and 1 for domain2 and it makes sense now why it was split up. After reading that i would assume it is safe to proceed.
 
CokeFiend said:
Just to cap...

Its ok to have the GC on the IM (dont we love the acronyms?) in a single domain environment. And as long as the GC is on two servers it is feasable that I could kill either one of the DCs and expect users to still be able to log on? Or is there something else I am missing here? Its hard to find documentation specifically on these things.
Click to expand...

Yes, that is correct. Even without 2 GC's the users should still be able to log in and authenticate, but you will not be able to make "account" changes to AD.
 
mgw24 said:
Yes, that is correct. Even without 2 GC's the users should still be able to log in and authenticate, but you will not be able to make "account" changes to AD.
Click to expand...

But what happens if one of the machines goes down? Im trying to determine whether or not our doman infracture is truely redundant in that it can take a hit to either one of the DCs and keep on working. From what I understand the GC is what actually services the logins, well thats netlogon service literally, but being a Global Catalog is the only requirement of the DC in order for it to service logins regardless of other FMSO roles. Am I correct?
 
CokeFiend said:
But what happens if one of the machines goes down? Im trying to determine whether or not our doman infracture is truely redundant in that it can take a hit to either one of the DCs and keep on working. From what I understand the GC is what actually services the logins, well thats netlogon service literally, but being a Global Catalog is the only requirement of the DC in order for it to service logins regardless of other FMSO roles. Am I correct?
Click to expand...

yes, that's right
 
You must log in or register to reply here.
Back
Top