Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » 2008 DC and 2003 DC replication
2008 DC and 2003 DC replication [message #159637] Sun, 02 August 2009 19:33 Go to next message
gira  is currently offline gira
Messages: 19
Registered: July 2009
Junior Member
Hello,
Our current forest/domain is 2003. If I add a 2008 DC (not RODC) with
DNS/GC role to our current 2003 domain, does it replicate AD with 2003 DC?
And if 2003 DC fails, does 2008 DC take over and provide AD/DNS service to
users/computers as in 2003?
Re: 2008 DC and 2003 DC replication [message #159639 is a reply to message #159637] Sun, 02 August 2009 20:09 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"gira" <gira@discussions.microsoft.com> wrote in message
news:6BE3523E-8F7E-43DC-8A84-26E8B8F43E44@microsoft.com...
> Hello,
> Our current forest/domain is 2003. If I add a 2008 DC (not RODC) with
> DNS/GC role to our current 2003 domain, does it replicate AD with 2003 DC?
> And if 2003 DC fails, does 2008 DC take over and provide AD/DNS service to
> users/computers as in 2003?
>


Hello gira,

Yes, they will replicate in a co-existing environment. The 2008 server will
act like a replica, just as if there are two 2003 servers. Will it take over
to provide AD/DNS? That's a whole other topic that is governed by the client
side resolver service on the client machines. The resolver service uses an
algorith to query the DNS entries in the list. I can post more info on how
the resolver service works, if you like.

As for installing the 2008 DC, there are a number of steps involved. Please
read the following for more info, and the links.

============================================================ ======
Migrating to 2008 or upgrading to 2008

In a nutshell:
No upgrading required. Just promote it, and transfer the roles to it when
complete. If you only have one domain, make sure all DCs are GCs. Also, the
Domain Name Master should be on the new server as well.

Also install DNS on it. Once replication settles and gets caught up, and you
transfer the roles, adjust your DNS settings so it points to itself as the
first, and the other DC as the second, and vice versa on the other DC.

Migrate to Windows Server 2008
http://technet.microsoft.com/en-us/library/dd443511(WS.10).aspx

Upgrading Active Directory Domains to Windows Server 2008 AD DS Domains
http://technet.microsoft.com/en-us/library/cc731188.aspx

How to add the second domain controller in Active Directory (Windows 2008
R2) part 1
http://eniackb.blogspot.com/2009/02/how-to-create-second-dom ain-controller.html

How to add the second domain controller in Active Directory (Windows 2008
R2) part 2
http://eniackb.blogspot.com/2009/02/how-to-add-second-domain -controller-in.html

Appendix A: Background Information for Upgrading Active Directory Domains to
Windows Server 2008 AD DS Domains
http://technet.microsoft.com/en-us/library/cc732838.aspx
============================================================ ======

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: 2008 DC and 2003 DC replication [message #159642 is a reply to message #159639] Sun, 02 August 2009 22:39 Go to previous messageGo to next message
gira  is currently offline gira
Messages: 19
Registered: July 2009
Junior Member
Hello,

So by adding the IP of the 2003 DC/DNS as the preferred DNS and the IP of
the 2008 DC/DNS as the
alternate DNS on the client doesn't make the failover to the 2008 DC/DNS
automatically when 2003 DC/DNS goes down?

And after adding 2008 DC to the 2003 domain, can the forest and domain
functional level stay at 2003?

>
>
> Hello gira,
>
> Yes, they will replicate in a co-existing environment. The 2008 server will
> act like a replica, just as if there are two 2003 servers. Will it take over
> to provide AD/DNS? That's a whole other topic that is governed by the client
> side resolver service on the client machines. The resolver service uses an
> algorith to query the DNS entries in the list. I can post more info on how
> the resolver service works, if you like.
>
> As for installing the 2008 DC, there are a number of steps involved. Please
> read the following for more info, and the links.
>
> ============================================================ ======
> Migrating to 2008 or upgrading to 2008
>
> In a nutshell:
> No upgrading required. Just promote it, and transfer the roles to it when
> complete. If you only have one domain, make sure all DCs are GCs. Also, the
> Domain Name Master should be on the new server as well.
>
> Also install DNS on it. Once replication settles and gets caught up, and you
> transfer the roles, adjust your DNS settings so it points to itself as the
> first, and the other DC as the second, and vice versa on the other DC.
>
> Migrate to Windows Server 2008
> http://technet.microsoft.com/en-us/library/dd443511(WS.10).aspx
>
> Upgrading Active Directory Domains to Windows Server 2008 AD DS Domains
> http://technet.microsoft.com/en-us/library/cc731188.aspx
>
> How to add the second domain controller in Active Directory (Windows 2008
> R2) part 1
> http://eniackb.blogspot.com/2009/02/how-to-create-second-dom ain-controller.html
>
> How to add the second domain controller in Active Directory (Windows 2008
> R2) part 2
> http://eniackb.blogspot.com/2009/02/how-to-add-second-domain -controller-in.html
>
> Appendix A: Background Information for Upgrading Active Directory Domains to
> Windows Server 2008 AD DS Domains
> http://technet.microsoft.com/en-us/library/cc732838.aspx
> ============================================================ ======
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum to benefit from collaboration
> among responding engineers, and to help others benefit from your resolution.
>
> Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
Re: 2008 DC and 2003 DC replication [message #159643 is a reply to message #159642] Sun, 02 August 2009 23:45 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

gira schrieb:
> So by adding the IP of the 2003 DC/DNS as the preferred DNS and the IP of
> the 2008 DC/DNS as the
> alternate DNS on the client doesn't make the failover to the 2008 DC/DNS
> automatically when 2003 DC/DNS goes down?

Having both DCs (the 2003 and the 2008-DC) as DNS servers configured on
the client side should to the trick and things should fail over.

> And after adding 2008 DC to the 2003 domain, can the forest and domain
> functional level stay at 2003?

Yes. You actually cannot raise it. In order to raise it to 2008, you'd
need to remove all 2003-DCs and run on 2008-only.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: 2008 DC and 2003 DC replication [message #159644 is a reply to message #159643] Mon, 03 August 2009 00:18 Go to previous messageGo to next message
Syed Khairuddin  is currently offline Syed Khairuddin  Saudi Arabia
Messages: 77
Registered: June 2009
Member
Hello,

Yes they will replicate each other and its true that when 2003
dc fails 2008 dc will take over if the other 2008 server will funtion
as a DNS server as well, the dns should be integrated and the cliients
should also have primary and secondry dns pointed.

Thanks
Re: 2008 DC and 2003 DC replication [message #159646 is a reply to message #159637] Mon, 03 August 2009 00:55 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello gira,

If everything wen't well during promotion, they will replicate as with 2003
DCs, no problem. Also if installed and the clients are configured to use
the 2008 on the NIC, they will use that DNS server.

There is not a direct failover between the DNS servers. As Ace already described
there are some 'rules' about name resolving.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello,
> Our current forest/domain is 2003. If I add a 2008 DC (not RODC) with
> DNS/GC role to our current 2003 domain, does it replicate AD with 2003
> DC?
> And if 2003 DC fails, does 2008 DC take over and provide AD/DNS
> service to
> users/computers as in 2003?
Re: 2008 DC and 2003 DC replication [message #159653 is a reply to message #159642] Mon, 03 August 2009 04:38 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"gira" <gira@discussions.microsoft.com> wrote in message
news:A014D7AA-0F06-480E-B444-7BAC9E72EA95@microsoft.com...
> Hello,
>
> So by adding the IP of the 2003 DC/DNS as the preferred DNS and the IP of
> the 2008 DC/DNS as the
> alternate DNS on the client doesn't make the failover to the 2008 DC/DNS
> automatically when 2003 DC/DNS goes down?


Well, as I said, there are stipulations with DNS resolution failover. ANd
it's not the domain controller's fault, and it happens no matter which
Active Directory version, 2000, 2003 and 2008. It is ALL due to the client
side resolver, as I mentioned.

The following is my article on it... Please read carefully.

============================================================ ======
If one DC is down, why does it not logon to the other DC?

Or

If first DNS is down, will it use the second DNS to find another DC to
logon?
---
Which begs the eternal philosophical question:
If a Domain goes down in a forest, and there's nobody there, did it crash?
---
By Ace Fekay, updated 7/1/09
---

Keep in mind that if any of the DCs are multihomed (more than one NIC and/or
IP), you are using your ISP's DNS, or the domain is a single label name
('domain' versus the recommended minimum of 'domain.com,' domain.local,'
etc),
other problems will occur, and you will get unexpected and undesireable
results whether there is one DC down or not.

As for the second DC responding, this all depends on the DNS settings on the
client side, as well as if the previous logon server and record was cached.

It will use the second address, but only after a timeout period the client
is waiting for a response from the server. You need to understand how the
client side resolver works. If the query sent to the first entry in the DNS
list responds with an NXDOMAIN response, meaning it is an actual response,
but there is no record from the server it asked, then it will look no
further because it is a response. however if it receives a NULL response,
meaning the DNS server is down and there is no response, it will remove the
first entry from the 'eligible resolvers list' for a certain amount of time
(depending on the OS version and SP level), then send the query to the
second one. However, if the record is already cached, it won' even ask the
first entry. Hence why the possibility that the client machine is asking a
DC that is down.

As I mentioned, this is ALL based on the client side resolver, not the DNS
server. This time out period can be perceived as by someone sitting there
waiting as 'it's not working' because it appears to be taking so long. Also,
if it is already cached locally by the client side service, it will not ask
and will send the connection request to the cached record, which if it is
the server that is down, then it can't connect anyway, and no response, but
you may be sitting there expecting it to go to the other DC that is up. The
way to reset the list is to restart the DHCP Client service (not the DHCP
server) on the workstation, and the way to delete the cache on the client is
to run ipconfig /flushdns, or simply restart the machine.

I hope that makes sense.

Also I am providing some links on it, however, sorry about all the links,
but they will give you a better understanding of it and how it applies. They
all give

little but in some cases not the whole picture. The DNS Whitepaper is pretty
good to start with.

How DNS Works: DNS Resolution, Client Side Resolver (Time out period,
devolution, and much more)
http://technet.microsoft.com/en-us/library/cc772774.aspx#w2k 3tr_dns_how_gaxc

DNSQueryTimeouts - How to control the client side resolver time out value
in the registry)
http://technet.microsoft.com/en-gb/library/cc977482.aspx

W2k DNS White Paper- search thru for Fully-Qualified Query and Disabling the
Caching Resolver:
http://www.microsoft.com/windows2000/techinfo/howitworks/com munications/nameadrmgmt/w2kdns.asp

How DNS query works Domain Name System(DNS):
http://www.microsoft.com/technet/prodtechnol/windowsserver20 03/library/ServerHelp/0bcd97e6-b75d-48ce-83ca-bf470573ebdc.m spx

DNS Resolver Cache Service [incvluding NetFailureCacheTime and
NegativeCacheTime reg entries]:
http://www.microsoft.com/resources/documentation/Windows/200 0/server/reskit/en-us/cnet/cnbc_imp_qxht.asp

286834 - DNS Client Service Doesn't Revert to Using First Server in List
[explained in the DNS white papers] reg to alter it too:
http://support.microsoft.com/default.aspx?scid=kb;en-us;286834

261968 - Explanation of the Server List Management Feature in the Domain
Name Resolver Client:
http://support.microsoft.com/?id=261968

SP4 Changes DNS Name Resolution - Actual Query Timeout settings the resolver
uses - (XP too):
http://support.microsoft.com/default.aspx?scid=kb;en-us;198550
============================================================ ======

Ace
Re: 2008 DC and 2003 DC replication [message #159657 is a reply to message #159637] Mon, 03 August 2009 06:35 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Before you go adding a 2008 DC to your 2003 domain, you have to extend the
schema and properly populate the new attributes. This is handled by adprep
/forestprep (Creates new attributes) and adprep /domainprep populates the
newly added attributes as well as security changes and new containers in the
specific domain you want to add the new 2008 dc. If you want to install a
Read Only DC (RODC) to your domain then you will have to prep dns adprep
/rodcprep. Since you are already on 2003 (I assume you aren't in 2000
forest mode) you won't need to run adprep /gpprep.

http://www.petri.co.il/windows-server-2008-adprep.htm


--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"gira" <gira@discussions.microsoft.com> wrote in message
news:6BE3523E-8F7E-43DC-8A84-26E8B8F43E44@microsoft.com...
> Hello,
> Our current forest/domain is 2003. If I add a 2008 DC (not RODC) with
> DNS/GC role to our current 2003 domain, does it replicate AD with 2003 DC?
> And if 2003 DC fails, does 2008 DC take over and provide AD/DNS service to
> users/computers as in 2003?
>
Previous Topic:SPAM
Next Topic:Implementing AD sites
Goto Forum:
  


Current Time: Tue Jan 16 04:23:14 MST 2018

Total time taken to generate the page: 0.04079 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software