Backup Domain Controller
michael Yuen
allowed, any other way to do the same task as I mention before?
Mal Osborne
You can have a BDC on an SBS network, only it's use is limited. The SBS
server is stuck as a PDC, so the roles cannot change. If you try to promote
the BDC you will cause problems. The BDC will authenticate logins when the
SBS box is down, but usually this means that you have lost a significant
chunk of network functionallity anyway, and logging on may not help. A
member server is usually a preferable way to go.
--
Mal Osborne
MCSE MVP Mensa
"michael Yuen" <micha...@avo.net.au> wrote in message
news:8uapd0$gkl$1...@merki.connect.com.au...
Dave Emberton
you set up DHCP somewhere else, then any workstations not already switched
on won't be able to communicate with the BDC anyway. This may be an argument
for using IPX of course.
I've actually set up a BDC on an SBS network, and it works fine. However,
when it's time to replace the BDC server, I think I'll be setting it up as a
standalone server.
Dave
"Mal Osborne" <malc...@silverfern.com.au> wrote in message
news:#s286EXSAHA.195@cppssbbsa05...
> You can have a BDC on an SBS network, only it's use is limited. The SBS
> server is stuck as a PDC, so the roles cannot change. If you try to
promote
> the BDC you will cause problems. The BDC will authenticate logins when
the
> SBS box is down, but usually this means that you have lost a significant
> chunk of network functionallity anyway, and logging on may not help. A
> member server is usually a preferable way to go.
>
> --
> Mal Osborne
> MCSE MVP Mensa
>
>
> "michael Yuen" <micha...@avo.net.au> wrote in message
> news:8uapd0$gkl$1...@merki.connect.com.au...
Jeff Middleton [SBS-MVP]
A significant consideration for BDC is this: A BDC can never be promoted,
converted, sloshed, or painted as an SBS server....no way to get there. This
means, that the BDC is only useful while the SBS is down. If you find you
cannot recover the original SBS and you chose to reinstall the SBS from
scratch, then you will also have to do a scratch reinstall of the BDC! This
is because SBS doesn't support trusts, therefore there's no way to get the
old BDC to work in the new SBS. As a result, the entire discussion of BDC is
entirely about supporting secondary logon authentication....perhaps in a
remote office, or about keeping authentication going while the SBS is down.
MS discusses needing a BDC for LANs with 100s and 1000s of workstations, not
10s. There is no need in most any SBS network to provide a BDC to support
the number of logons involved. There is probably only the value to have a
BDC in a remote office situation if the link is unreliable and the need for
security in the remote office is high. However, if the link is unreliable,
then you will have problems with replication anyway....yet another technical
issue.
The logon script based deployment and authentication process used by SBS is
not supported in the normal NT manner, therefore the BDC actually can cause
problems by authenticating new stations and users but not connecting them to
the proper shares and software deployments.
I personally do not recommend using a BDC. I find that in most every
situation where you could justify a BDC (like a remote office), you could
also better justify instead placing the same server hardware in use as a
Terminal Server in the home office next to the SBS. The BDC doesn't provide
the domain recovery function commonly expected in an NT LAN, therefore your
focus in disaster recovery needs to be how to avoid losing the SBS by using
a RAID, and how to recovery it quickly from tape backup or imaging. BDC is
not the answer. As a final comment, I think too often people fail to think
about the process of a crisis management when their PDC/Exchange/DHCP/web
connection/SQL server has failed. Any time you spend in "reconfiguring your
network" to run differently without the SBS, such as moving files to a
secondary server or rebuilding share and such....is time you are not
spending on the primary goal.....recovery and restart of the SBS itself.
Nearly every SBS environment needs a solid plan to restore a previous
night's backup in under two hours.....on demand. With SBS, a spare drive is
more valuable than a BDC, as far as I'm concerned. If that spare drive has
anything close to a recent restore of the SBS on it, you can place the drive
in nearly any computer, restore the most recent tape, and be back in a
nearly normal working condition. Anyone who thinks they can make an SBS
failure be totally transparent is kidding themselves....it's not designed
for that concept.....that's a full BackOffice feature. It's more realistic
to expect that you get the SBS back up and running with last night's
backup.....then offline to the now day-old SBS you have running
again.....you do whatever steps are necessary to synchronize data and get a
full recovery accomplished regarding whatever was the crash or data problem
in the first place.
"Dave Emberton" <demberton...@digitalworkshop.co.uk> wrote in message
news:etKTwwXSAHA.245@cppssbbsa05...
Dave Nickason
The short answer is yes. All you have to do is to copy the login scripts
from the sbs to the bdc, or you will have problems when the bdc
authenticates a login.
Here, the data on our 2nd server is at least as important as the data on our
sbs, so we set the 2nd machine up as a bdc in case the sbs is ever down.
The sbs has raid and nightly full backups, but you never know ...
"michael Yuen" <micha...@avo.net.au> wrote in message
news:8uapd0$gkl$1...@merki.connect.com.au...
Ngan Bui
member server the way to go?
I may get a separate server computer to put my SQL server on so could I set
that up as a BDC?
Ngan
"Mal Osborne" <malc...@silverfern.com.au> wrote in message
news:#s286EXSAHA.195@cppssbbsa05...
> You can have a BDC on an SBS network, only it's use is limited. The SBS
> server is stuck as a PDC, so the roles cannot change. If you try to
promote
> the BDC you will cause problems. The BDC will authenticate logins when
the
> SBS box is down, but usually this means that you have lost a significant
> chunk of network functionallity anyway, and logging on may not help. A
> member server is usually a preferable way to go.
>
> --
> Mal Osborne
> MCSE MVP Mensa
>
>
> "michael Yuen" <micha...@avo.net.au> wrote in message
> news:8uapd0$gkl$1...@merki.connect.com.au...
Jeff Middleton [SBS-MVP]
copy of NT Server, that simply joins the domain like a workstations does. A
BDC is an NT server which doesn't just join that domain, it actually
establishes a duplicate copy of the PDC's SAM (Security Access Management)
database and has the ability to fully replace the PDC in mastering the
domain. In order for the BDC to keep synchronized with changing account
information on the PDC, the BDC must replicate information (accounts and
such) with the PDC on a very regular basis. With this job, a BDC can act in
the place of the PDC (if it is absent from the network), or can supplement
by supporting tasks normally handled exclusively by the PDC, such as
authenticating logons and file access request from other workstations and
users.
Reflecting back on the member server, it's really nothing more than a
computer with resources to offer.....a BDC is part of the domain management.
If you look at a BDC, you find there is no "local User Manager" or accounts,
just like with the PDC. A member server maintains its own local accounts, in
addition to having a participation in allowing access to domain
authenticated computers. This is the reason that a BDC would have to be
replaced if the PDC is replace with a new PDC.....because the BDC would no
longer be in the same domain, such as if you replace an SBS from scratch. By
comparison, the member server is nothing more than a more powerful
"workstation" and can easily bounce into another domain, because it's not
actually a manager for the domain it's in, just a resource server.
"Ngan Bui" <nb...@solidconcepts.com> wrote in message
news:uOkqVEpSAHA.171@cppssbbsa04...
> Could you explain the difference between a member server vs a BDC? Why is
a
> member server the way to go?
> I may get a separate server computer to put my SQL server on so could I
set
> that up as a BDC?
>
> Ngan
>
> "Mal Osborne" <malc...@silverfern.com.au> wrote in message
> news:#s286EXSAHA.195@cppssbbsa05...
> > You can have a BDC on an SBS network, only it's use is limited. The SBS
> > server is stuck as a PDC, so the roles cannot change. If you try to
> promote
> > the BDC you will cause problems. The BDC will authenticate logins when
> the
> > SBS box is down, but usually this means that you have lost a significant
> > chunk of network functionallity anyway, and logging on may not help. A
> > member server is usually a preferable way to go.
> >
> > --
> > Mal Osborne
> > MCSE MVP Mensa
> >
> >
> > "michael Yuen" <micha...@avo.net.au> wrote in message
> > news:8uapd0$gkl$1...@merki.connect.com.au...
nwar...@my-deja.com
Sent via Deja.com http://www.deja.com/
Before you buy.
Kevin Robinson
former company where I was the admin., we started out with an SBS 4.5
server. The admin. who was there before me installed this either not
knowing or not thinking of how this could affect a business with the
potential for large growth. Our company grew exponentially in a matter of
months. Because SBS 4.5 has a maximum of 50 concurrent connections, this
had to be rectified. I loaded an NT server, demoted the SBS server and
promoted the NT server. The SBS server remained as a backup server and
print server. We had no problems with the configuration at all. Now, I am
not suggesting that this would go without a hitch everytime. But it did
work in this situation. However, with my experience with SBS, which is
somewhat limited, it would not surprise me if this were to be a problem.
Kevin Robinson
MCSE
"Jeff Middleton [SBS-MVP]" <je...@cfisolutions.com> wrote in message
news:#RQ$ziYSA...@cppssbbsa02.microsoft.com...
Jeff Middleton [SBS-MVP]
all of the security account settings from a PDC.
If you mean you want to later move it to an office without a link to the
original, what will happen is the BDC, after a period of failing to connect
and sync (replicate) to the PDC, eventually the BDC will push itself into
the role of PDC. At that point, it will be rather unhappy if you connect the
two PDCs together again. An administrator will need to ensure that one gets
demoted and the replication issues are resolved. It's not a good idea to
plan for a situation where you expect a BDC to be routinely out of contact
with the PDC......very bad design.
<nwar...@my-deja.com> wrote in message news:8uh8hb$6uh$1...@nnrp1.deja.com...
Jeff Middleton [SBS-MVP]
described is possible on a properly installed and configured SBS. An
unequivocal statement by MS is that and SBS cannot be demoted to BDC. If you
succeed in accomplishing it, you have violated the license agreement because
MS has taken steps to prevent this from happening. As with all things, if
the SBS was not setup according to the MS design, or if it has been tweaked
afterward, it may be possible to force it to move to a BDC role, but that's
not a legal use of the product. I'm not intending to sound like the license
police, but this is what MS says. The only way that you can move an SBS to
other roles legally is to upgrade the system is to purchase an upgrade of
the SBS to make it a conventional NT server and BackOffice Server. At this
point, it's not an SBS, even if that's what was originally purchased. If
that's what happened in your situation, no worries.
"Kevin Robinson" <ke...@urbanjungle.com> wrote in message
news:umZDMizSAHA.196@cppssbbsa04...