I've finally been given the go ahead to get quotes for a server, after a stressful - 'is the server broken or not' day, I want to make sure that I've got the option of not going straight into headless chicken mode at the thought of the total failure of the DC.
The new server will be 2008 r2, the current DC is 2003. Total computers on network is 75, 390 pupils, 30 ish staff members.
I would like the new server to be the DC and file server, the old to run wsus, have a copy of certain data and possibly Moodle.
Is it possible to replicate the DC roles so that if either server failed spectacularly the other would allow the network to continue, with the end users not noticing any difference?
Depends on the spec of old and new. Fill the old and new one with Ram, install XEN Server on them, split new one as on DC and one file Server and old server one DC and one roles ie, wsus, antivirus etc.. I always try and seperate services as much as possible
That's the beauty of DCs properly set up, replication is built in. I would never run a domain with only one DC if it was mission critical.
Your new server can probably be used as a virtual host - so installing a VM platform on it and use the flexibility of virtualisation too!
Not sure about virtulisation, just looking for bog standard functionality! Could you run both servers as domain controllers? It's a curriculum network in a junior (7-11) school, so whilst not mission critical I'm looking for the ability to carry on giving users the ability to logon and access the internet, whilst repairs are made to a server that has failed.
Yes you should run 2 servers as a DC at the very minimum.
Personally I would have a dedicated DC though, I had a fileserver on my old DC and it was a nightmare to fix when it went wrong.
You can run both as DC's with automatic replication. Some Master roles can only be held by only one DC (best to use your newer server) but these can be transferred to the other DC should the one holding the master roles fail.
Sorry to be dim here - how are they transferred to the other dc in the event of failure of the first?
Originally Posted by maark
You have to seize them - more information here How to view and transfer FSMO roles in Windows Server 2003
Also you have to think about DHCP and DNS - DNS can run on both but DHCP runs only on one usually so that would have to be setup on the other. If you have a decent spec new server with Raid hopefully you will not have problems - install crucial roles on that.
Yes you can run as two DC's, highly recommended. You will need to use the adprep32 utility on the 2008R2 cd to upgrade your ad first before you promote the 2008 R2 machine as a DC. You basically run:
adprep32 /domainprep /gprep
You will also want to run DNS on both as previosuly said, you could also run DHCP on both for extra resillience by splitting the IP range between the 2 servers, but that can be a bit of a pita.