If you have a single AD domain controller that it’s going to be SPOF (single point of failure) for your infrastructure, you can easily add another DC to the domain and create a secondary DNS in case of failure.
DISCLAIMER: this little how to is for little/medium organizations with a simple Windows infrastructure and with a low budget (it’s plenty of more expensive tools that do a better job). Follow it at your own risk, you have been warned!!
Assuming you’ve already up&running your first DC, follow this steps to enhance yur configuration:
- Install a second copy of Windows 2003 Server on another machine (a virtual machine could be perfect for this purpose)
- Install the second domain controller following these instructions from TechNet
- Install the secondary DNS in the new machine like Microsoft tells you to do
- Create the same DHCP configuration in the second server as the one you have in the first Domain Controller, just let it inactive
- Configure all your clients’ DNS to point to the primary and the secondary ones
- Now, in the primary DNS, create a round robin entry pointing to the two IP’s of the two domain controllers. To do this, simply create to A entries with the same name (in the same domain, obviously), pointing to two different IP’s
- Configure all your thid-party software authenticating against Actide Directory to point to this new entry
So…? What’s happening now?
Ok, your configuration is almost finished. Now, every user validating against the AD will use both domain controllers, in round robin strategy, and both will saty perfectly synchronized all the time (AD forest and DNS as well).
And in case of disaster??
If one of the two DC fails, remember we are in a quasi-HA environment, so we have to act manually to restore a 100% working system. But all we have to do is to delete, in the working DNS, the A entry of the died DC, disabling this way the round robin trick we did, so everything will authenticate against the surviving DC.
The eternal fight between admins and computers 