Additional DC not functioning if the Primary DC is down !!
-
Hello ML guys
As you may know, i had a plan to virtualize my Primary DC, therefor i want to install Additional DC in case of something wrong happen during this transition ( that time the ADC can serve my network)
i promote the ADC,and made it global catalog and DNS server without ceasing FSMO Roles (no need because the PDC is still functioning)
the issue is : when i disconnect the ADC from the network, if i open active directory users and computers i get an error message, but if i connect it back to network, i can open active directory users and computers
as far as i can see the ADC is like a mirror of the PDC even if it is a GC and DNS
any thoughts how to make ADC working fine even if PDC is down
thanks
-
Have you updated DHCP to give out both DNS servers?
And once you do, you'll need to renew your lease to get the new information, or wait for the half life so it renews on it's own.
-
Also instead of virtualizing your primary DC, virtualize the Additional DC. Then let it take over the FSMO roles and such, effectively making it the new primary DC.
You'll avoid some complex problems if you just virtualize the additional DC first.
-
but my issue is not related with clients, i didn't test that yet, my issue now is why i cannot open active directory users and computers if ADC is offline ??
after fixing this issue i will test whether the clients can authenticate against ADC or not, i'm going step by step
-
@dafyre said:
Also instead of virtualizing your primary DC, virtualize the Additional DC. Then let it take over the FSMO roles and such, effectively making it the new primary DC.
You'll avoid some complex problems if you just virtualize the additional DC first.
i fear that if i cease the FSMO Roles from the PDC, i will cause some issue in the PDC, i do not want to touch PDC if it is possible
i want to solve this issue: why the ADC not working if it is offline, is it normal or do i have an issue -
is it normal for the ADC not to work if it is offline and do not have FSMO or is it only me who have this issue ???!!!
-
@IT-ADMIN said:
@dafyre said:
Also instead of virtualizing your primary DC, virtualize the Additional DC. Then let it take over the FSMO roles and such, effectively making it the new primary DC.
You'll avoid some complex problems if you just virtualize the additional DC first.
i fear that if i cease the FSMO Roles from the PDC, i will cause some issue in the PDC, i do not want to touch PDC if it is possible
i want to solve this issue: why the ADC not working if it is offline, is it normal or do i have an issueYou need to stand up another DC and migrate the FSMo roles to it. Then you can demote the physical DC.
-
@IT-ADMIN said:
is it normal for the ADC not to work if it is offline and do not have FSMO or is it only me who have this issue ???!!!
Have you tried pointing ADUC at the other DC? Sometimes it becomes locked on one and you need to manually change it.
-
@coliver said:
@IT-ADMIN said:
@dafyre said:
Also instead of virtualizing your primary DC, virtualize the Additional DC. Then let it take over the FSMO roles and such, effectively making it the new primary DC.
You'll avoid some complex problems if you just virtualize the additional DC first.
i fear that if i cease the FSMO Roles from the PDC, i will cause some issue in the PDC, i do not want to touch PDC if it is possible
i want to solve this issue: why the ADC not working if it is offline, is it normal or do i have an issueYou need to stand up another DC and migrate the FSMo roles to it. Then you can demote the physical DC.
i do not want to demote the PDC, i want to keep them both
-
Where are you running active directory users and computers (ADUC) from when you get the error?
Are you getting the error on the new AD box you made? -
@IT-ADMIN said:
@coliver said:
@IT-ADMIN said:
@dafyre said:
Also instead of virtualizing your primary DC, virtualize the Additional DC. Then let it take over the FSMO roles and such, effectively making it the new primary DC.
You'll avoid some complex problems if you just virtualize the additional DC first.
i fear that if i cease the FSMO Roles from the PDC, i will cause some issue in the PDC, i do not want to touch PDC if it is possible
i want to solve this issue: why the ADC not working if it is offline, is it normal or do i have an issueYou need to stand up another DC and migrate the FSMo roles to it. Then you can demote the physical DC.
i do not want to demote the PDC, i want to keep them both
Ah, Ok I misunderstood. You should check replication on the second DC.
-
@Dashrender said:
Where are you running active directory users and computers (ADUC) from when you get the error?
Are you getting the error on the new AD box you made?yes i get the error in the second BOX (ADC)
-
@IT-ADMIN said:
@Dashrender said:
Where are you running active directory users and computers (ADUC) from when you get the error?
Are you getting the error on the new AD box you made?yes i get the error in the second BOX (ADC)
OK, in the network adapter settings, what are the DNS entries?
for the sake of your testing, you should set the primary DNS to the IP of that second ADC.
Then if you still get errors, do what Coliver suggested and make sure the ADUC is pointing to the new DC, because as he mentioned, it doesn't always move over automatically.
-
@coliver said:
@IT-ADMIN said:
is it normal for the ADC not to work if it is offline and do not have FSMO or is it only me who have this issue ???!!!
Have you tried pointing ADUC at the other DC? Sometimes it becomes locked on one and you need to manually change it.
do you mean that ADUC in the ADC still locked with the PDC?? if yes how i can change to read from the ADC database ??
-
@IT-ADMIN Right-click Active Directory Users and Computers and click Change Domain Controller.
-
@Dashrender said:
@IT-ADMIN said:
@Dashrender said:
Where are you running active directory users and computers (ADUC) from when you get the error?
Are you getting the error on the new AD box you made?yes i get the error in the second BOX (ADC)
OK, in the network adapter settings, what are the DNS entries?
for the sake of your testing, you should set the primary DNS to the IP of that second ADC.
but let us suppose the PDC is down, how the ADC see it ??
-
You also have some term confusion here.
There is no more PDC. Sure there is a FSMO role called PDC emulator, but it's just that - an emulator.
Assuming your other domain controller is Windows 2000 or newer, both DCs are equal in the eyes of the domain.
It's better to call them old DC and new DC or DC1 and DC2.. you pick a name that is meaningful for you. -
What version of AD/Windows Server are you running?
-
@IT-ADMIN said:
@Dashrender said:
@IT-ADMIN said:
@Dashrender said:
Where are you running active directory users and computers (ADUC) from when you get the error?
Are you getting the error on the new AD box you made?yes i get the error in the second BOX (ADC)
OK, in the network adapter settings, what are the DNS entries?
for the sake of your testing, you should set the primary DNS to the IP of that second ADC.
but let us suppose the PDC is down, how the ADC see it ??
Windows will eventually time out on the primary DNS and switch over to using the secondary DNS that you list.
So if you want, you can have the Primary point to your old Domain Controller, and have the secondary DNS point to your new Domain Controller. It should still work, though you might have some lag until the switch takes place internally.
-
@Dashrender said:
You also have some term confusion here.
There is no more PDC. Sure there is a FSMO role called PDC emulator, but it's just that - an emulator.
Assuming your other domain controller is Windows 2000 or newer, both DCs are equal in the eyes of the domain.
It's better to call them old DC and new DC or DC1 and DC2.. you pick a name that is meaningful for you.sorry i mean by PDC: primary DC
