Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

backup domain controller

6 views
Skip to first unread message

Marcia

unread,
May 11, 2005, 10:43:43 AM5/11/05
to
Hi! I'm trying to propose some network redundancy options for our servers.
We have our member server (file, print, and database) being ghosted to
another server in the event that it fails, we can easily recover.

I want to do something similar for our sbs 2k3 premium box. My concern is
if it goes down, hardware or other, there is no login authentication. The
terms PDC and BDC went away with SBS2000.

Is there a solution, like implementing a win2k3 bdc within our network? If
I could do that, something to replicate AD to, then the users could still
authenticate on logon, etc. They would just be without email for awhile.

Marcia


BoboTWG

unread,
May 11, 2005, 10:46:10 AM5/11/05
to
You can only have one domain controller on an SBS network. Sorry.

Aaron

"Marcia" <mkpo...@zoominternet.net> wrote in message
news:uggFUdjV...@tk2msftngp13.phx.gbl...

Jeff Middleton [SBS-MVP]

unread,
May 11, 2005, 11:17:39 AM5/11/05
to
No, this is incorrect.

You can have as many DCs in an SBS domain as you want to have, up to the
maximum machine count for an SBS domain. Additional DCs have always been
supported by SBS, but this misconception about SBS remains remarkably slow
to die off the rumor list.

What you can't have more than one of is SBS in a single domain.

Regarding the original post concerns for BDCs and PDCs, it's only those
terms that became antique with Active Directory, but the concept of having
additional DCs remains a key part of domain fault tolerance. In NT domains,
there was a role called a PDC, and all other DCs in the domain were called
BDCs. The difference now is that there are 5 FSMO roles that can be
associated with up to 5 different DCs, or held on just one DC as the root of
the domain....which is the case in SBS.

Therefore, if you want more DCs in your SBS domain, you can do that. Any DC
in your domain that is added can be referred to as a Replica DC, meaning it
is maintaining a replicated copy of the AD information. If you make a
Replica DC also a Global Catalog server, now you have everything you need to
survive that disaster strike against your SBS server, or for that matter,
any of the FSMO role holders if you have those spread around in a non-SBS
domain.

With SBS, what remains the challenge is that an SBS is typically both a DC
and an Exchange Server. When you take that combination, and then make the
server a file/print server, you have defined a lot about this machine that
makes it's function in the domain very critically tied to the name of the
server, the namespace of the Exchange Server role included. That means that
while you can use a Replica DC to act as a survival and operations
authentication DC if the SBS goes down, the only way you get back to a
transparent recovery is to bring the SBS back online with a restore from
backup, or by reintroducing an SBS with the same name again in the same
domain. Anything else is going to cause a ripple of frustration in the
domain by either breaking the domain accounts (if you do a scratch install
of the SBS server for a new domain), or a break in the namespace that breaks
all the user profiles at the workstations....plus Outlook and Exchange
rules.

The idea of a BDC in an SBS network, even if the name doesn't apply anymore,
it remains a consistent concept that you can use another DC to ensure that
users can logon, and can still access whatever resources are still
operational in the network (with the SBS down). That means that the SBS
shared folders, shared printers, Exchange support, and possibly the Internet
connectivity would be down unless you do things to address all of that as
well....which is not common in SBS scale deployments.

The best recovery of an SBS server is going to be to have a drive image of
that server, but that requires a license with SA in order to be legal. You
have another option to do a bare metal recovery of an SBS 2003 Server with
an ASR disk and a current full backup. This makes a recovery possible to the
same hardware within about 2 hrs, plus whatever time it takes to restore the
data as well. Recovery to a different server is somewhat more complicated,
and moves into a cloudy area that is harder to explain in brief.

If you visit my website www.SBSmigration.com, you can review the concept of
Swing Migration, which is both a migration/upgrade strategy, as well as a
template for how you can recovery an SBS domain on different hardware.

Finally, if you want to add a Replica DC to your SBS domain, you still need
to obtain the OS server license for that new DC, but you don't need
additional CALs for the workstations to access it, that's included in the
SBS licensing.


--
Jeff Middleton SBS-MVP
YC...@SBSmigration.com

"BoboTWG" <aaron....@excite.com> wrote in message
news:SUoge.1098$j17...@newssvr33.news.prodigy.com...

Marcia

unread,
May 11, 2005, 11:24:40 AM5/11/05
to
I guess I'm really looking for a way to replicate AD in case the SBS box
goes down. Something like this article within our site:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/0ac09f72-a790-48a9-a72f-d7328f9d937f.mspx

I think you can have more than one DC, SBS just has to be the root of the
Domain.

See this snip taken from
http://www.microsoft.com/windowsserver2003/sbs/techinfo/overview/generalfaq.mspx
under Networking and security.

Q. What number and types of servers can exist in the Windows Small
Business Server 2003 domain?

A. There are no limits on the number or type of servers that can exist
in a Windows Small Business Server 2003 domain, with the following
exceptions:

. Only one computer in a domain can be running Windows Small
Business Server 2003.

. Windows Small Business Server 2003 must be the root of the
Active Directory forest.

. Windows Small Business Server 2003 cannot trust any other
domains.

. A Windows Small Business Server 2003 domain cannot have any
child domains.

. Each additional computer running Windows Server 2003 must have
a Windows Small Business Server 2003 client access license (CAL).

. A Windows Small Business Server 2003 domain can have no more
than 75 CALs. You can use CALs for each user or for each device.

Marcia

"BoboTWG" <aaron....@excite.com> wrote in message
news:SUoge.1098$j17...@newssvr33.news.prodigy.com...

BoboTWG

unread,
May 11, 2005, 12:19:55 PM5/11/05
to
I'm sorry for the wrong information.

Aaron

"Jeff Middleton [SBS-MVP]" <je...@cfisolutions.com> wrote in message
news:%23lRTTyj...@TK2MSFTNGP14.phx.gbl...

Marcia

unread,
May 11, 2005, 12:34:51 PM5/11/05
to
Aaron,

No problem. This is why the MVP's are here. Jeff and many others, are
wonderful. Jeff, thanks for the info. Ironically, I was just checking out
your tour of Swing in Boston and NY. Every come closer to Pittsburgh, PA?
Would you be interested in talking as a "start-off" speaker for our UG--soon
to debut?

Marcia

"BoboTWG" <aaron....@excite.com> wrote in message

news:Lgqge.919$Lu6...@newssvr19.news.prodigy.com...

Jeff Middleton [SBS-MVP]

unread,
May 11, 2005, 5:06:53 PM5/11/05
to
MVP or not, it's really just the value of having community based discussion
where everyone helps with what they can, or what they no. There's no shame
in making a mistake. Better to try helping and learn where you're needing
more accurate details yourself so that everyone gets the benefit. :)

I never realized how widely misunderstood this particular issue on DCs was
until I started getting this question from about 1 in 10 people I talk to
about migrations with SBS.

"Marcia" <mkpo...@zoominternet.net> wrote in message

news:%23QnkTbk...@TK2MSFTNGP14.phx.gbl...

Jeff Middleton [SBS-MVP]

unread,
May 12, 2005, 8:21:17 AM5/12/05
to
Macia,

Can you contact me offline at YC...@SBSmigration.com so I can talk with you
about your new user group?


--
Jeff Middleton SBS-MVP
YC...@SBSmigration.com

"Marcia" <mkpo...@zoominternet.net> wrote in message
news:%23QnkTbk...@TK2MSFTNGP14.phx.gbl...

0 new messages