Our CC3 network has 2 DCs both 'now' on 2003, but the FRDC has developed a fault meaning it likes to randomly BSOD and give us grief. (Sadly, we've spent a few days fault finding etc but its contingency time).
Now, I'm not a windows guy but I'm hoping some of my ideas will make a little bit of sense and allow us to move forward.
I'm not concerned overly by the data held on this server being accessible, but I would like to try and offer up 'some' form of network access which is where I ponder what roles I can if possible reallocate to the other DC or a member server.
DHCP - I guess this is the main one as it runs on this server and from looking at MS Technet it can be migrated ... Is this safe? Has anyone done it? Tips?
DNS - Runs on both servers and I figure if DHCP can be moved, we can modify it to not hand out the FRDCs IP as primary DNS. - Worth configuring another member server or so to be DNS?
As SIMS/Staff Shared Area are held on a member server which is accessible.
Haven't come across the FRDC acronym before but hopefully this helps.
DHCP - Yes this can be transfered quite safely either by the procedures outlined on technet or even by simply configuring the same scope and reservations on the secondary server. The existing client leases don't really matter as DHCP checks to see if the IP is in use before giving it out anyway. I would set up the service on the secondary server and leave both running with identical configs as this will give you redundancy and the clients will simply grab an ip off whichever machine answers it first. I would also setup the DNS settings on both to point to your relyable server.
DNS - if this is replicated via active directory then there should be no problem simply pointing all of your clients to the relyable server as the primary option and leaving the dodgy one as a secondary in your DHCP config.
Something that you may want to look into changing if the other server is unrelyiable if the AD master roles. You may want to migrate any major FSMO roles off the unstable server onto your secondary one. These roles are the core services that keep Active directory running and can kick up trouble if they go missing due to an iffy server.
By changing the AD Master Roles (FSMO) will this in old money effectively make the second server act as though its the primary?
Yes pretty much, the roles are all slightly different but they just make sure that the active directory database does not become corrupted and they coordinate any database updates like password changes and the like. Any NT4 or older clients also give this server special status but it does not change the way that win2k or above see it.
If these services are not being carried out things start to break and AD complains a lot. In large AD networks the idea is to have these roles spread out over different servers but in smaller networks the load is negligible.