Escrow Server?

We're about to go to native mode from mixed but want to have a rollback plan.
One thought is to create an escrow server that we can reintroduce into our
domain if the native mode configuration fails or causes issues. How do we
setup an Escrow Server for this purpose? We currently have 3 domain
controllers with our FSMO rolls distributed among them.

"Pearl" <(E-Mail Removed)> wrote in message
news:0F29D154-8F90-4DDC-868B-(E-Mail Removed)...
> We're about to go to native mode from mixed but want to have a rollback
plan.
> One thought is to create an escrow server that we can reintroduce into
our
> domain if the native mode configuration fails or causes issues. How do we
> setup an Escrow Server for this purpose? We currently have 3 domain
> controllers with our FSMO rolls distributed among them.

Add another or consolidate the roles so that one can be
taken offline.

But probably better is to just use this as a good time to
do a full backup (including System State) of all your
servers.

Changing modes practically never causes problems.
(Which is NOT a reason to skip the backups.)

Backups (and testing them) are your friend.

Thanks for the reply but the issue is not with workstations but with our
Infrastructure and Domain Controllers. The idea is to have a fallback plan
should Native Mode prove to be incapable of satisfying some of our custom
applications or hardware. As a result, Virtual Server or PC will not suffice.

"Pearl" wrote:

> We're about to go to native mode from mixed but want to have a rollback plan.
> One thought is to create an escrow server that we can reintroduce into our
> domain if the native mode configuration fails or causes issues. How do we
> setup an Escrow Server for this purpose? We currently have 3 domain
> controllers with our FSMO rolls distributed among them.

Thanks to Herb. Makes sense and we're doing normal backups of our existing
DCs, too. So, you are suggesting that we could take one of our DCs and sieze
all the roles onto the single DCs....what about the existing DC accounts on
the computer. They would have to be removed, won't they? How do we do that?

"Herb Martin" wrote:

> "Pearl" <(E-Mail Removed)> wrote in message
> news:0F29D154-8F90-4DDC-868B-(E-Mail Removed)...
> > We're about to go to native mode from mixed but want to have a rollback
> plan.
> > One thought is to create an escrow server that we can reintroduce into
> our
> > domain if the native mode configuration fails or causes issues. How do we
> > setup an Escrow Server for this purpose? We currently have 3 domain
> > controllers with our FSMO rolls distributed among them.
>
> Add another or consolidate the roles so that one can be
> taken offline.
>
> But probably better is to just use this as a good time to
> do a full backup (including System State) of all your
> servers.
>
> Changing modes practically never causes problems.
> (Which is NOT a reason to skip the backups.)
>
> Backups (and testing them) are your friend.
>
>
>

"Pearl" <(E-Mail Removed)> wrote in message
news:4003978E-B659-4CFC-B647-(E-Mail Removed)...
> Thanks to Herb. Makes sense and we're doing normal backups of our
existing
> DCs, too. So, you are suggesting that we could take one of our DCs and
sieze
> all the roles onto the single DCs....

It was only suggested "one DC" because you only
mentioned having two DCs total.

The goal was to make sure you didn't take the roles
offline.

> what about the existing DC accounts on
> the computer.

What DC accounts?

Domain accounts are in AD, common to all DCs.

The local accounts of any DC (for repair and maintenance
purposes) are irrelevant to the others.

The computer accounts of each DC are similar and
presumably when you bring the "escrowed DC*" back
online (because it is going to work fine) then it will
just work.

> They would have to be removed, won't they? How do we do that?

I probably don't understand what you mean by the above
(or likely you have some misunderstanding about accounts.)

Truthfully (as I indicated) I would not take a DC offline for
this upgrade.

*I call such a DC and method, the "DC in the closet" method.

"Pearl" <(E-Mail Removed)> wrote in message
news:9F6BC8A1-6F24-4E15-AE43-(E-Mail Removed)...
> Thanks for the reply but the issue is not with workstations but with our
> Infrastructure and Domain Controllers. The idea is to have a fallback
plan
> should Native Mode prove to be incapable of satisfying some of our custom
> applications or hardware. As a result, Virtual Server or PC will not
suffice.

Native mode has nothing to do with CLIENT computers
(or even NON-DC servers.)

Native mode is STRICTLY about DCs and the capabilities
of the database.

Availability of the GC is the only "gotcha" because in Native
mode logons are disabled if a DC is not available, which is
the reason for single domains (and small forests) making ALL
DCs into GCs.

> "Pearl" wrote:
>
> > We're about to go to native mode from mixed but want to have a rollback
plan.
> > One thought is to create an escrow server that we can reintroduce into
our
> > domain if the native mode configuration fails or causes issues. How do
we
> > setup an Escrow Server for this purpose? We currently have 3 domain
> > controllers with our FSMO rolls distributed among them.