HELP: managing 2 Domain Controllers (Active Directory woes)

I tried using the Active Directory Migration Tool 2 but it requires me to
have two accessible domains. Don't know how to connect two different domains
together.

1. I created an additional Domain Controller, added to an existing domain. I
saw it replicated the Active Directory so I believe there is a backup of the
Active Directory on the secondary Domain Controller. I will format/reinstall
the primary Domain Controller. What steps do I need to take to be able to
replicate back the original Active Directory which is currently on the 2nd
DC?

2. We have four external different IP addresses. Current our Small Business
Server is the only PC with two NICs to be our proxy/firewall/router/etc and
ofcourse our primary Domain Controller. How easy would it be to create a 2nd
DC (plain Server) also with 2 NICs and connected to the internet as well as
internal LAN.

I managed to setup a 2nd DC (as in 1. above) inside the internal LAN however
when primary DC went down, 2nd DC did nothing. The DHCP/DNS server were
useless. Is there a certain setup required to get 2nd DC to
kick-in/fail-over-backup?





Andrew Wan

>I tried using the Active Directory Migration Tool 2 but it requires me to
>have two accessible domains. Don't know how to connect two different
>domains together.


You tried using ADMT to do what? What are you trying to do?

> 1. I created an additional Domain Controller, added to an existing domain.
> I saw it replicated the Active Directory so I believe there is a backup of
> the Active Directory on the secondary Domain Controller. I will
> format/reinstall the primary Domain Controller. What steps do I need to
> take to be able to replicate back the original Active Directory which is
> currently on the 2nd DC?

Add it to the domain as a member server then run dcpromo to make it a DC and
the AD info will replicate to the new DC.

> 2. We have four external different IP addresses. Current our Small
> Business Server is the only PC with two NICs to be our
> proxy/firewall/router/etc and ofcourse our primary Domain Controller. How
> easy would it be to create a 2nd DC (plain Server) also with 2 NICs and
> connected to the internet as well as internal LAN.


Do you want a second domain? SBS is an animal of it's own. There are
limitations in SBS that are not in the regular version of Windows server.
You should ask this in an SBS news group.
Try Microsoft.public.windows.sbs

hth
DDS

"Andrew Wan" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>I tried using the Active Directory Migration Tool 2 but it requires me to
>have two accessible domains. Don't know how to connect two different
>domains together.
>
> 1. I created an additional Domain Controller, added to an existing domain.
> I saw it replicated the Active Directory so I believe there is a backup of
> the Active Directory on the secondary Domain Controller. I will
> format/reinstall the primary Domain Controller. What steps do I need to
> take to be able to replicate back the original Active Directory which is
> currently on the 2nd DC?
>
> 2. We have four external different IP addresses. Current our Small
> Business Server is the only PC with two NICs to be our
> proxy/firewall/router/etc and ofcourse our primary Domain Controller. How
> easy would it be to create a 2nd DC (plain Server) also with 2 NICs and
> connected to the internet as well as internal LAN.
>
> I managed to setup a 2nd DC (as in 1. above) inside the internal LAN
> however when primary DC went down, 2nd DC did nothing. The DHCP/DNS server
> were useless. Is there a certain setup required to get 2nd DC to
> kick-in/fail-over-backup?
>
>
>

Danny asked you a good question: What are you trying to do?
Before you can answer that question, please STOP from whatever you are doing
there. I have seen some things in your post that can make you loose your
entire AD domain. Please check http://www.microsoft.com/activedirectory and
start reading about how AD uses DNS and stuff ... how can you make an
additional DC .. basic things, but things that can make you understand how
AD works.

--
Regards,
Cristian Leonte
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader...lt2.asp?ref=au

"Danny Sanders" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> >I tried using the Active Directory Migration Tool 2 but it requires me to
> >have two accessible domains. Don't know how to connect two different
> >domains together.
>
>
> You tried using ADMT to do what? What are you trying to do?
>
>> 1. I created an additional Domain Controller, added to an existing
>> domain. I saw it replicated the Active Directory so I believe there is a
>> backup of the Active Directory on the secondary Domain Controller. I will
>> format/reinstall the primary Domain Controller. What steps do I need to
>> take to be able to replicate back the original Active Directory which is
>> currently on the 2nd DC?
>
> Add it to the domain as a member server then run dcpromo to make it a DC
> and the AD info will replicate to the new DC.
>
>> 2. We have four external different IP addresses. Current our Small
>> Business Server is the only PC with two NICs to be our
>> proxy/firewall/router/etc and ofcourse our primary Domain Controller. How
>> easy would it be to create a 2nd DC (plain Server) also with 2 NICs and
>> connected to the internet as well as internal LAN.
>
>
> Do you want a second domain? SBS is an animal of it's own. There are
> limitations in SBS that are not in the regular version of Windows server.
> You should ask this in an SBS news group.
> Try Microsoft.public.windows.sbs
>
> hth
> DDS
>
> "Andrew Wan" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>>I tried using the Active Directory Migration Tool 2 but it requires me to
>>have two accessible domains. Don't know how to connect two different
>>domains together.
>>
>> 1. I created an additional Domain Controller, added to an existing
>> domain. I saw it replicated the Active Directory so I believe there is a
>> backup of the Active Directory on the secondary Domain Controller. I will
>> format/reinstall the primary Domain Controller. What steps do I need to
>> take to be able to replicate back the original Active Directory which is
>> currently on the 2nd DC?
>>
>> 2. We have four external different IP addresses. Current our Small
>> Business Server is the only PC with two NICs to be our
>> proxy/firewall/router/etc and ofcourse our primary Domain Controller. How
>> easy would it be to create a 2nd DC (plain Server) also with 2 NICs and
>> connected to the internet as well as internal LAN.
>>
>> I managed to setup a 2nd DC (as in 1. above) inside the internal LAN
>> however when primary DC went down, 2nd DC did nothing. The DHCP/DNS
>> server were useless. Is there a certain setup required to get 2nd DC to
>> kick-in/fail-over-backup?
>>
>>
>>
>
>

"Cristian Zamfirescu" <someting @ somedomain> wrote in message
news:(E-Mail Removed)...
> Danny asked you a good question: What are you trying to do?
> Before you can answer that question, please STOP from whatever you are
> doing there. I have seen some things in your post that can make you loose
> your entire AD domain. Please check
> http://www.microsoft.com/activedirectory and start reading about how AD
> uses DNS and stuff ... how can you make an additional DC .. basic things,
> but things that can make you understand how AD works.

Two things I want to do. Reinstall our SBS but retaining our Active
Directory. MS Backup/Restore is not reliable and I'm not putting all my eggs
into one basket. I am interested in replicating the AD to a 2nd DC and
hopefully the 2nd DC will replicate the AD back to a fresh/new DC (after the
primary DC has been formated).

Second thing I need is a failsafe/failover DC/web proxy. Currently we have 1
SBS which comes bundled with ISA Server (web proxy). We understand we can
only have 1 SBS in a domain. So we don't mind having a 2nd DC as Windows
2000 Server. The Windows 2000 Server should also be a web proxy too. Both
DCs will have 2 NICs, one internal LAN, one external internet connection.
Both DCs in same domain. Like I said, 2nd DC is a backup.

Is this possible?


>
> "Danny Sanders" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> >I tried using the Active Directory Migration Tool 2 but it requires me
>> >to have two accessible domains. Don't know how to connect two different
>> >domains together.
>>
>>
>> You tried using ADMT to do what? What are you trying to do?
>>

All I wanted to do was export/backup the Active Directory so that when I
format/reinstall SBS, I can restore the AD. However I don't trust the MS
Restore, as I tested this on another PC and that Windows Server didn't boot
up ever after.

>>> 1. I created an additional Domain Controller, added to an existing
>>> domain. I saw it replicated the Active Directory so I believe there is a
>>> backup of the Active Directory on the secondary Domain Controller. I
>>> will format/reinstall the primary Domain Controller. What steps do I
>>> need to take to be able to replicate back the original Active Directory
>>> which is currently on the 2nd DC?
>>
>> Add it to the domain as a member server then run dcpromo to make it a DC
>> and the AD info will replicate to the new DC.
>>

That's exactly what I did (added 2nd DC to existing domain) and it was
successful. What I want to do is format 1st DC so it will be clean/fresh/new
(because it's crashing with BSODs). If the 1st PC is wiped/reinstalled, do I
add it to the domain and it will grab the AD off the 2nd DC?

The 2nd DC isn't doing much. When the 1st DC went down, no one could log
into the domain. The 2nd DC just sat there doing nothing. It even had
DNS/DHCP started and also routing & remote access service.


>>> 2. We have four external different IP addresses. Current our Small
>>> Business Server is the only PC with two NICs to be our
>>> proxy/firewall/router/etc and ofcourse our primary Domain Controller.
>>> How easy would it be to create a 2nd DC (plain Server) also with 2 NICs
>>> and connected to the internet as well as internal LAN.
>>
>>
>> Do you want a second domain? SBS is an animal of it's own. There are
>> limitations in SBS that are not in the regular version of Windows server.
>> You should ask this in an SBS news group.
>> Try Microsoft.public.windows.sbs
>>

No, we want one domain. We want the 2nd DC to do something like clustering.
Failover/fail-safe web proxy. All we want is a backup web proxy for internet
access.

> That's exactly what I did (added 2nd DC to existing domain) and it was
> successful. What I want to do is format 1st DC so it will be
> clean/fresh/new (because it's crashing with BSODs). If the 1st PC is
> wiped/reinstalled, do I add it to the domain and it will grab the AD off
> the 2nd DC?

Add it as a member server then run dcpromo. AD will replicate to it.

> The 2nd DC isn't doing much. When the 1st DC went down, no one could log
> into the domain. The 2nd DC just sat there doing nothing. It even had
> DNS/DHCP started and also routing & remote access service.

Your AD clients must know the DNS server for the AD domain. I would suspect
that you had DHCP handing out the preferred DNS server as the one shut down.
You would have to go into DHCP and provide DHCP the new DNS server.

hth
DDS



"Andrew Wan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Cristian Zamfirescu" <someting @ somedomain> wrote in message
> news:(E-Mail Removed)...
>> Danny asked you a good question: What are you trying to do?
>> Before you can answer that question, please STOP from whatever you are
>> doing there. I have seen some things in your post that can make you loose
>> your entire AD domain. Please check
>> http://www.microsoft.com/activedirectory and start reading about how AD
>> uses DNS and stuff ... how can you make an additional DC .. basic things,
>> but things that can make you understand how AD works.
>
> Two things I want to do. Reinstall our SBS but retaining our Active
> Directory. MS Backup/Restore is not reliable and I'm not putting all my
> eggs into one basket. I am interested in replicating the AD to a 2nd DC
> and hopefully the 2nd DC will replicate the AD back to a fresh/new DC
> (after the primary DC has been formated).
>
> Second thing I need is a failsafe/failover DC/web proxy. Currently we have
> 1 SBS which comes bundled with ISA Server (web proxy). We understand we
> can only have 1 SBS in a domain. So we don't mind having a 2nd DC as
> Windows 2000 Server. The Windows 2000 Server should also be a web proxy
> too. Both DCs will have 2 NICs, one internal LAN, one external internet
> connection. Both DCs in same domain. Like I said, 2nd DC is a backup.
>
> Is this possible?
>
>
>>
>> "Danny Sanders" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> >I tried using the Active Directory Migration Tool 2 but it requires me
>>> >to have two accessible domains. Don't know how to connect two different
>>> >domains together.
>>>
>>>
>>> You tried using ADMT to do what? What are you trying to do?
>>>
>
> All I wanted to do was export/backup the Active Directory so that when I
> format/reinstall SBS, I can restore the AD. However I don't trust the MS
> Restore, as I tested this on another PC and that Windows Server didn't
> boot up ever after.
>
>>>> 1. I created an additional Domain Controller, added to an existing
>>>> domain. I saw it replicated the Active Directory so I believe there is
>>>> a backup of the Active Directory on the secondary Domain Controller. I
>>>> will format/reinstall the primary Domain Controller. What steps do I
>>>> need to take to be able to replicate back the original Active Directory
>>>> which is currently on the 2nd DC?
>>>
>>> Add it to the domain as a member server then run dcpromo to make it a DC
>>> and the AD info will replicate to the new DC.
>>>
>
> That's exactly what I did (added 2nd DC to existing domain) and it was
> successful. What I want to do is format 1st DC so it will be
> clean/fresh/new (because it's crashing with BSODs). If the 1st PC is
> wiped/reinstalled, do I add it to the domain and it will grab the AD off
> the 2nd DC?
>
> The 2nd DC isn't doing much. When the 1st DC went down, no one could log
> into the domain. The 2nd DC just sat there doing nothing. It even had
> DNS/DHCP started and also routing & remote access service.
>
>
>>>> 2. We have four external different IP addresses. Current our Small
>>>> Business Server is the only PC with two NICs to be our
>>>> proxy/firewall/router/etc and ofcourse our primary Domain Controller.
>>>> How easy would it be to create a 2nd DC (plain Server) also with 2 NICs
>>>> and connected to the internet as well as internal LAN.
>>>
>>>
>>> Do you want a second domain? SBS is an animal of it's own. There are
>>> limitations in SBS that are not in the regular version of Windows
>>> server. You should ask this in an SBS news group.
>>> Try Microsoft.public.windows.sbs
>>>
>
> No, we want one domain. We want the 2nd DC to do something like
> clustering. Failover/fail-safe web proxy. All we want is a backup web
> proxy for internet access.
>
>
>
>

you should be looking at sbsmigration.com

--
Cris Hanna [SBS-MVP]
------------------------------
Please do not contact me directly, only respond in the Newsgroups
MVPs do not work for Microsoft
------------------------------
Send via Windows Mail on Vista Ultimate connected to SBS 2003 R2
"Danny Sanders" <(E-Mail Removed)> wrote in message
news:ebuat%(E-Mail Removed)...
>> That's exactly what I did (added 2nd DC to existing domain) and it was
>> successful. What I want to do is format 1st DC so it will be
>> clean/fresh/new (because it's crashing with BSODs). If the 1st PC is
>> wiped/reinstalled, do I add it to the domain and it will grab the AD off
>> the 2nd DC?
>
> Add it as a member server then run dcpromo. AD will replicate to it.
>
>> The 2nd DC isn't doing much. When the 1st DC went down, no one could log
>> into the domain. The 2nd DC just sat there doing nothing. It even had
>> DNS/DHCP started and also routing & remote access service.
>
> Your AD clients must know the DNS server for the AD domain. I would
> suspect that you had DHCP handing out the preferred DNS server as the one
> shut down. You would have to go into DHCP and provide DHCP the new DNS
> server.
>
> hth
> DDS
>
>
>
> "Andrew Wan" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>
>> "Cristian Zamfirescu" <someting @ somedomain> wrote in message
>> news:(E-Mail Removed)...
>>> Danny asked you a good question: What are you trying to do?
>>> Before you can answer that question, please STOP from whatever you are
>>> doing there. I have seen some things in your post that can make you
>>> loose your entire AD domain. Please check
>>> http://www.microsoft.com/activedirectory and start reading about how AD
>>> uses DNS and stuff ... how can you make an additional DC .. basic
>>> things, but things that can make you understand how AD works.
>>
>> Two things I want to do. Reinstall our SBS but retaining our Active
>> Directory. MS Backup/Restore is not reliable and I'm not putting all my
>> eggs into one basket. I am interested in replicating the AD to a 2nd DC
>> and hopefully the 2nd DC will replicate the AD back to a fresh/new DC
>> (after the primary DC has been formated).
>>
>> Second thing I need is a failsafe/failover DC/web proxy. Currently we
>> have 1 SBS which comes bundled with ISA Server (web proxy). We understand
>> we can only have 1 SBS in a domain. So we don't mind having a 2nd DC as
>> Windows 2000 Server. The Windows 2000 Server should also be a web proxy
>> too. Both DCs will have 2 NICs, one internal LAN, one external internet
>> connection. Both DCs in same domain. Like I said, 2nd DC is a backup.
>>
>> Is this possible?
>>
>>
>>>
>>> "Danny Sanders" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> >I tried using the Active Directory Migration Tool 2 but it requires me
>>>> >to have two accessible domains. Don't know how to connect two
>>>> >different domains together.
>>>>
>>>>
>>>> You tried using ADMT to do what? What are you trying to do?
>>>>
>>
>> All I wanted to do was export/backup the Active Directory so that when I
>> format/reinstall SBS, I can restore the AD. However I don't trust the MS
>> Restore, as I tested this on another PC and that Windows Server didn't
>> boot up ever after.
>>
>>>>> 1. I created an additional Domain Controller, added to an existing
>>>>> domain. I saw it replicated the Active Directory so I believe there is
>>>>> a backup of the Active Directory on the secondary Domain Controller. I
>>>>> will format/reinstall the primary Domain Controller. What steps do I
>>>>> need to take to be able to replicate back the original Active
>>>>> Directory which is currently on the 2nd DC?
>>>>
>>>> Add it to the domain as a member server then run dcpromo to make it a
>>>> DC and the AD info will replicate to the new DC.
>>>>
>>
>> That's exactly what I did (added 2nd DC to existing domain) and it was
>> successful. What I want to do is format 1st DC so it will be
>> clean/fresh/new (because it's crashing with BSODs). If the 1st PC is
>> wiped/reinstalled, do I add it to the domain and it will grab the AD off
>> the 2nd DC?
>>
>> The 2nd DC isn't doing much. When the 1st DC went down, no one could log
>> into the domain. The 2nd DC just sat there doing nothing. It even had
>> DNS/DHCP started and also routing & remote access service.
>>
>>
>>>>> 2. We have four external different IP addresses. Current our Small
>>>>> Business Server is the only PC with two NICs to be our
>>>>> proxy/firewall/router/etc and ofcourse our primary Domain Controller.
>>>>> How easy would it be to create a 2nd DC (plain Server) also with 2
>>>>> NICs and connected to the internet as well as internal LAN.
>>>>
>>>>
>>>> Do you want a second domain? SBS is an animal of it's own. There are
>>>> limitations in SBS that are not in the regular version of Windows
>>>> server. You should ask this in an SBS news group.
>>>> Try Microsoft.public.windows.sbs
>>>>
>>
>> No, we want one domain. We want the 2nd DC to do something like
>> clustering. Failover/fail-safe web proxy. All we want is a backup web
>> proxy for internet access.
>>
>>
>>
>>
>
>

Read inline please.

In news:(E-Mail Removed),
Andrew Wan <(E-Mail Removed)> typed:
> "Cristian Zamfirescu" <someting @ somedomain> wrote in message
> news:(E-Mail Removed)...
>> Danny asked you a good question: What are you trying to do?
>> Before you can answer that question, please STOP from whatever you
>> are doing there. I have seen some things in your post that can make
>> you loose your entire AD domain. Please check
>> http://www.microsoft.com/activedirectory and start reading about how
>> AD uses DNS and stuff ... how can you make an additional DC .. basic
>> things, but things that can make you understand how AD works.
>
> Two things I want to do. Reinstall our SBS but retaining our Active
> Directory. MS Backup/Restore is not reliable and I'm not putting all
> my eggs into one basket. I am interested in replicating the AD to a
> 2nd DC and hopefully the 2nd DC will replicate the AD back to a
> fresh/new DC (after the primary DC has been formated).
>
> Second thing I need is a failsafe/failover DC/web proxy. Currently we
> have 1 SBS which comes bundled with ISA Server (web proxy). We
> understand we can only have 1 SBS in a domain. So we don't mind
> having a 2nd DC as Windows 2000 Server. The Windows 2000 Server
> should also be a web proxy too. Both DCs will have 2 NICs, one
> internal LAN, one external internet connection. Both DCs in same
> domain. Like I said, 2nd DC is a backup.
>
> Is this possible?
>
>
>>
>> "Danny Sanders" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>> I tried using the Active Directory Migration Tool 2 but it
>>>> requires me to have two accessible domains. Don't know how to
>>>> connect two different domains together.
>>>
>>>
>>> You tried using ADMT to do what? What are you trying to do?
>>>
>
> All I wanted to do was export/backup the Active Directory so that
> when I format/reinstall SBS, I can restore the AD. However I don't
> trust the MS Restore, as I tested this on another PC and that Windows
> Server didn't boot up ever after.
>
>>>> 1. I created an additional Domain Controller, added to an existing
>>>> domain. I saw it replicated the Active Directory so I believe
>>>> there is a backup of the Active Directory on the secondary Domain
>>>> Controller. I will format/reinstall the primary Domain Controller.
>>>> What steps do I need to take to be able to replicate back the
>>>> original Active Directory which is currently on the 2nd DC?
>>>
>>> Add it to the domain as a member server then run dcpromo to make it
>>> a DC and the AD info will replicate to the new DC.
>>>
>
> That's exactly what I did (added 2nd DC to existing domain) and it was
> successful. What I want to do is format 1st DC so it will be
> clean/fresh/new (because it's crashing with BSODs). If the 1st PC is
> wiped/reinstalled, do I add it to the domain and it will grab the AD
> off the 2nd DC?
>
> The 2nd DC isn't doing much. When the 1st DC went down, no one could
> log into the domain. The 2nd DC just sat there doing nothing. It even
> had DNS/DHCP started and also routing & remote access service.
>
>
>>>> 2. We have four external different IP addresses. Current our Small
>>>> Business Server is the only PC with two NICs to be our
>>>> proxy/firewall/router/etc and ofcourse our primary Domain
>>>> Controller. How easy would it be to create a 2nd DC (plain Server)
>>>> also with 2 NICs and connected to the internet as well as internal
>>>> LAN.
>>>
>>>
>>> Do you want a second domain? SBS is an animal of it's own. There are
>>> limitations in SBS that are not in the regular version of Windows
>>> server. You should ask this in an SBS news group.
>>> Try Microsoft.public.windows.sbs
>>>
>
> No, we want one domain. We want the 2nd DC to do something like
> clustering. Failover/fail-safe web proxy. All we want is a backup web
> proxy for internet access.

You can add a replica DC to an SBS domain, but you cannot transfer the 5
FSMO roles from the SBS to the replica, so running dcpromo on hte SBS to
properly remove it from the domain may not work. You can disconnect the SBS,
and Seize the FSMO roles, (IIRC). Then do a metadata cleanup to delete the
SBS DC from the domain controller.
NOTE-Before you reinstall SBS read the KB below for instructions on
re-adding the SBS to the domain!

255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller: http://support.microsoft.com/default...b;en-us;255504

216498 - HOW TO Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion:
http://support.microsoft.com/default...b;EN-US;216498

How to install Small Business Server 2003 in an existing Active Directory
domain: http://support.microsoft.com/kb/884453/en-us

How To Create or Move a Global Catalog in Windows 2000:
http://support.microsoft.com/default...b;en-us;313994




--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================