what would happen if???

heres the scenario:

a windows server 2008 sp1 server configured as a domain controller, the one
and only DC in the forest, its running DHCP/DNS/WDS and hosts a distribution
and deployment share for MDT 2008

I need to setup another server at another location with the exact same
config. I have been asked if we could just break the raid 1 array and send
the hard disk to the other location to insert in the other server (same
hardware) and then rebuild the arrays at both locations to speed setup.
Obviously this would result in 2 of the exact same servers with the exact
same identity... so, being experienced with the windows nt family I first
said no, but I wanted to verify this to be true for this scenario.. the
scenario is not typical.

each server is supposed to be a domain controller but not additional DCs in
the same domain... but its fine and desired to have the actual domain name
be the same on each server... the 2 servers will not be completely isolated
from each other however, they will need to synchronize a file share (using
third party software most likely)

so bottom line is I'm wondering if the windows indentity element will be an
issue here? I can't sysprep the new machine to regenerate new SIDs because
it is already a domain controller...

to clarify:
serverA and locationA - named ServerA and is one and only DC for AD domain
MyDomain. This server houses a master file share that needs to be replicated
to another server at another location (WAN connection).

serverB at locationB - named ServerB and should be one and only DC for AD
domain MyDomain (yes, same domain name but not supposed to be additional DC
for the other 'MyDomain' domain)

can I essentialy duplicate this harddrive and just rename the computer and
change IP info (which is supported in the 2008 AD) and still be able to
replicate a file share between the two? I realize this would be out of the
question if your goal was creating an addition DC in the same domain, or if
these servers were supposed to interact on a LAN as peers... and I also
assume it can't/shouldn't be done for my scenario either but I'm just
wondering if the fact that they will be isolated from each other except for
the file share replication, which further will be done by 3rd party
softeware (not DFSR for example), changes anything? Each will be behind a
firewall on seperate network segments...

James - despite your explanation, I'm still not clear why exactly you would
want to do this (duplicating a DC at a given point in time will not keep its
replica consistent going forward). Considering that apparently you have some
sort of network connection between the two locations, you'd be significantly
better off if you simply installed another domain controller (giving you
added benefit of redunancy, which is missing from your design)...

hth
Marcin

"James" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> heres the scenario:
>
> a windows server 2008 sp1 server configured as a domain controller, the
> one and only DC in the forest, its running DHCP/DNS/WDS and hosts a
> distribution and deployment share for MDT 2008
>
> I need to setup another server at another location with the exact same
> config. I have been asked if we could just break the raid 1 array and send
> the hard disk to the other location to insert in the other server (same
> hardware) and then rebuild the arrays at both locations to speed setup.
> Obviously this would result in 2 of the exact same servers with the exact
> same identity... so, being experienced with the windows nt family I first
> said no, but I wanted to verify this to be true for this scenario.. the
> scenario is not typical.
>
> each server is supposed to be a domain controller but not additional DCs
> in the same domain... but its fine and desired to have the actual domain
> name be the same on each server... the 2 servers will not be completely
> isolated from each other however, they will need to synchronize a file
> share (using third party software most likely)
>
> so bottom line is I'm wondering if the windows indentity element will be
> an issue here? I can't sysprep the new machine to regenerate new SIDs
> because it is already a domain controller...
>
> to clarify:
> serverA and locationA - named ServerA and is one and only DC for AD domain
> MyDomain. This server houses a master file share that needs to be
> replicated to another server at another location (WAN connection).
>
> serverB at locationB - named ServerB and should be one and only DC for AD
> domain MyDomain (yes, same domain name but not supposed to be additional
> DC for the other 'MyDomain' domain)
>
> can I essentialy duplicate this harddrive and just rename the computer and
> change IP info (which is supported in the 2008 AD) and still be able to
> replicate a file share between the two? I realize this would be out of the
> question if your goal was creating an addition DC in the same domain, or
> if these servers were supposed to interact on a LAN as peers... and I also
> assume it can't/shouldn't be done for my scenario either but I'm just
> wondering if the fact that they will be isolated from each other except
> for the file share replication, which further will be done by 3rd party
> softeware (not DFSR for example), changes anything? Each will be behind a
> firewall on seperate network segments...

I don't why you want to do that, but I think Virtual machine manager could
the solution. This search result may help.
What can Virtual Machine Manager ...
What can Virtual Machine Manager 2007 (VMM) do ... VMM manages a
virtualized data center that runs Microsoft Virtual Server 2005, and it
provides: ...
http://www.chicagotech.net/netforums...cd1699a2236868


--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"James" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> heres the scenario:
>
> a windows server 2008 sp1 server configured as a domain controller, the
> one and only DC in the forest, its running DHCP/DNS/WDS and hosts a
> distribution and deployment share for MDT 2008
>
> I need to setup another server at another location with the exact same
> config. I have been asked if we could just break the raid 1 array and send
> the hard disk to the other location to insert in the other server (same
> hardware) and then rebuild the arrays at both locations to speed setup.
> Obviously this would result in 2 of the exact same servers with the exact
> same identity... so, being experienced with the windows nt family I first
> said no, but I wanted to verify this to be true for this scenario.. the
> scenario is not typical.
>
> each server is supposed to be a domain controller but not additional DCs
> in the same domain... but its fine and desired to have the actual domain
> name be the same on each server... the 2 servers will not be completely
> isolated from each other however, they will need to synchronize a file
> share (using third party software most likely)
>
> so bottom line is I'm wondering if the windows indentity element will be
> an issue here? I can't sysprep the new machine to regenerate new SIDs
> because it is already a domain controller...
>
> to clarify:
> serverA and locationA - named ServerA and is one and only DC for AD domain
> MyDomain. This server houses a master file share that needs to be
> replicated to another server at another location (WAN connection).
>
> serverB at locationB - named ServerB and should be one and only DC for AD
> domain MyDomain (yes, same domain name but not supposed to be additional
> DC for the other 'MyDomain' domain)
>
> can I essentialy duplicate this harddrive and just rename the computer and
> change IP info (which is supported in the 2008 AD) and still be able to
> replicate a file share between the two? I realize this would be out of the
> question if your goal was creating an addition DC in the same domain, or
> if these servers were supposed to interact on a LAN as peers... and I also
> assume it can't/shouldn't be done for my scenario either but I'm just
> wondering if the fact that they will be isolated from each other except
> for the file share replication, which further will be done by 3rd party
> softeware (not DFSR for example), changes anything? Each will be behind a
> firewall on seperate network segments...

Hello James,

I also can not understand why you need 2 forest/domains with the same name
and without redundancy through a second DC.

With the technical view, yes you can use one of the mirrored disks and create
a second machine as an equal copy. You can also rename it.

For the replication between both of them you have to configure a connection
and you have to provide logon information. I think at this point your problem
will start. For the logon information you have to use domainname\username
and i am not sure if this will work when both are the same. Domain name and
NetBios name have to be unique to create connections.

You can also install 2 machines together and choose exact the same steps
and have the same result at the end with different SID and what you like,
the same forest/domain name. But still the connectivity problem should stay.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> heres the scenario:
>
> a windows server 2008 sp1 server configured as a domain controller,
> the one and only DC in the forest, its running DHCP/DNS/WDS and hosts
> a distribution and deployment share for MDT 2008
>
> I need to setup another server at another location with the exact same
> config. I have been asked if we could just break the raid 1 array and
> send the hard disk to the other location to insert in the other server
> (same hardware) and then rebuild the arrays at both locations to speed
> setup. Obviously this would result in 2 of the exact same servers with
> the exact same identity... so, being experienced with the windows nt
> family I first said no, but I wanted to verify this to be true for
> this scenario.. the scenario is not typical.
>
> each server is supposed to be a domain controller but not additional
> DCs in the same domain... but its fine and desired to have the actual
> domain name be the same on each server... the 2 servers will not be
> completely isolated from each other however, they will need to
> synchronize a file share (using third party software most likely)
>
> so bottom line is I'm wondering if the windows indentity element will
> be an issue here? I can't sysprep the new machine to regenerate new
> SIDs because it is already a domain controller...
>
> to clarify:
> serverA and locationA - named ServerA and is one and only DC for AD
> domain
> MyDomain. This server houses a master file share that needs to be
> replicated
> to another server at another location (WAN connection).
> serverB at locationB - named ServerB and should be one and only DC for
> AD domain MyDomain (yes, same domain name but not supposed to be
> additional DC for the other 'MyDomain' domain)
>
> can I essentialy duplicate this harddrive and just rename the computer
> and change IP info (which is supported in the 2008 AD) and still be
> able to replicate a file share between the two? I realize this would
> be out of the question if your goal was creating an addition DC in the
> same domain, or if these servers were supposed to interact on a LAN as
> peers... and I also assume it can't/shouldn't be done for my scenario
> either but I'm just wondering if the fact that they will be isolated
> from each other except for the file share replication, which further
> will be done by 3rd party softeware (not DFSR for example), changes
> anything? Each will be behind a firewall on seperate network
> segments...
>

yes, I'm having a hard time explaining this... redundancy is irrelevant to
my scenario...

in general terms I have a deployment system setup at one location. The
'system' is all on one server. Part of the system required active directory
(WDS), which is the only reason active directory is involved. This is not
for a corporate network. Now I need to setup this 'system' at another
location. The only communication between locations is synchronizing one file
share, thats it. This is a scenario where active directory is just adding
unnecessary complication.

Meinolf Weber brought up the problem I was worried about... check his reply
if your interested, basically I may have a problem by both locations using
same domain name whether I tried to duplicate, like by breaking mirror, or I
installed manually, new sids and all. This is because the domain\user info
is stored in a config file that will be replicated, and therefore will be
the same at all locations.

thanks for the reply, I appreciate it.


"Marcin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> James - despite your explanation, I'm still not clear why exactly you
> would want to do this (duplicating a DC at a given point in time will not
> keep its replica consistent going forward). Considering that apparently
> you have some sort of network connection between the two locations, you'd
> be significantly better off if you simply installed another domain
> controller (giving you added benefit of redunancy, which is missing from
> your design)...
>
> hth
> Marcin
>
> "James" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> heres the scenario:
>>
>> a windows server 2008 sp1 server configured as a domain controller, the
>> one and only DC in the forest, its running DHCP/DNS/WDS and hosts a
>> distribution and deployment share for MDT 2008
>>
>> I need to setup another server at another location with the exact same
>> config. I have been asked if we could just break the raid 1 array and
>> send the hard disk to the other location to insert in the other server
>> (same hardware) and then rebuild the arrays at both locations to speed
>> setup. Obviously this would result in 2 of the exact same servers with
>> the exact same identity... so, being experienced with the windows nt
>> family I first said no, but I wanted to verify this to be true for this
>> scenario.. the scenario is not typical.
>>
>> each server is supposed to be a domain controller but not additional DCs
>> in the same domain... but its fine and desired to have the actual domain
>> name be the same on each server... the 2 servers will not be completely
>> isolated from each other however, they will need to synchronize a file
>> share (using third party software most likely)
>>
>> so bottom line is I'm wondering if the windows indentity element will be
>> an issue here? I can't sysprep the new machine to regenerate new SIDs
>> because it is already a domain controller...
>>
>> to clarify:
>> serverA and locationA - named ServerA and is one and only DC for AD
>> domain MyDomain. This server houses a master file share that needs to be
>> replicated to another server at another location (WAN connection).
>>
>> serverB at locationB - named ServerB and should be one and only DC for AD
>> domain MyDomain (yes, same domain name but not supposed to be additional
>> DC for the other 'MyDomain' domain)
>>
>> can I essentialy duplicate this harddrive and just rename the computer
>> and change IP info (which is supported in the 2008 AD) and still be able
>> to replicate a file share between the two? I realize this would be out of
>> the question if your goal was creating an addition DC in the same domain,
>> or if these servers were supposed to interact on a LAN as peers... and I
>> also assume it can't/shouldn't be done for my scenario either but I'm
>> just wondering if the fact that they will be isolated from each other
>> except for the file share replication, which further will be done by 3rd
>> party softeware (not DFSR for example), changes anything? Each will be
>> behind a firewall on seperate network segments...
>
>

thanks for the reply, I appreciate it.

"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
news:ewGAnG%(E-Mail Removed)...
>I don't why you want to do that, but I think Virtual machine manager could
>the solution. This search result may help.
> What can Virtual Machine Manager ...
> What can Virtual Machine Manager 2007 (VMM) do ... VMM manages a
> virtualized data center that runs Microsoft Virtual Server 2005, and it
> provides: ...
>
> http://www.chicagotech.net/netforums...cd1699a2236868
>
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "James" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> heres the scenario:
>>
>> a windows server 2008 sp1 server configured as a domain controller, the
>> one and only DC in the forest, its running DHCP/DNS/WDS and hosts a
>> distribution and deployment share for MDT 2008
>>
>> I need to setup another server at another location with the exact same
>> config. I have been asked if we could just break the raid 1 array and
>> send the hard disk to the other location to insert in the other server
>> (same hardware) and then rebuild the arrays at both locations to speed
>> setup. Obviously this would result in 2 of the exact same servers with
>> the exact same identity... so, being experienced with the windows nt
>> family I first said no, but I wanted to verify this to be true for this
>> scenario.. the scenario is not typical.
>>
>> each server is supposed to be a domain controller but not additional DCs
>> in the same domain... but its fine and desired to have the actual domain
>> name be the same on each server... the 2 servers will not be completely
>> isolated from each other however, they will need to synchronize a file
>> share (using third party software most likely)
>>
>> so bottom line is I'm wondering if the windows indentity element will be
>> an issue here? I can't sysprep the new machine to regenerate new SIDs
>> because it is already a domain controller...
>>
>> to clarify:
>> serverA and locationA - named ServerA and is one and only DC for AD
>> domain MyDomain. This server houses a master file share that needs to be
>> replicated to another server at another location (WAN connection).
>>
>> serverB at locationB - named ServerB and should be one and only DC for AD
>> domain MyDomain (yes, same domain name but not supposed to be additional
>> DC for the other 'MyDomain' domain)
>>
>> can I essentialy duplicate this harddrive and just rename the computer
>> and change IP info (which is supported in the 2008 AD) and still be able
>> to replicate a file share between the two? I realize this would be out of
>> the question if your goal was creating an addition DC in the same domain,
>> or if these servers were supposed to interact on a LAN as peers... and I
>> also assume it can't/shouldn't be done for my scenario either but I'm
>> just wondering if the fact that they will be isolated from each other
>> except for the file share replication, which further will be done by 3rd
>> party softeware (not DFSR for example), changes anything? Each will be
>> behind a firewall on seperate network segments...
>

thanks for the reply Meinolf,

the problem is the domain\user info is stored in a config file in the file
share that needs to be replicated to each location... so essentially this
file share (an MDT deployment share) will be exactly the same at all
locations and therefore the same domain\user info will be used at each
location for the deployment process (what I'm refering to here is besides
the file replication process, which would be a different credential, but
using same domain name also)

I have already let the persons asking about breaking the mirror to speed
setup know that I would rather setup manually just because there are some
unkowns and potential issues... but as you said, even If I do manual setup
and use same domain name the machines will not be able to comunicate to sync
the file share?

this is a problem because the domain\user supplied for the MDT deployment
process *has* to be the same at each location.... unless the file
replication solution I get has a way to exclude only certian files from
being replicated and then I can replicate the whole share except for this
one config file, which I could keep unique for each site with unique user
credentials... and each site would be a DC for a different domain, including
different domain name...

any other thoughts would be appreciated. (including any recommendations on
third party folder/file synchronization software)
thanks


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:(E-Mail Removed) .com...
> Hello James,
>
> I also can not understand why you need 2 forest/domains with the same name
> and without redundancy through a second DC.
>
> With the technical view, yes you can use one of the mirrored disks and
> create a second machine as an equal copy. You can also rename it.
>
> For the replication between both of them you have to configure a
> connection and you have to provide logon information. I think at this
> point your problem will start. For the logon information you have to use
> domainname\username and i am not sure if this will work when both are the
> same. Domain name and NetBios name have to be unique to create
> connections.
>
> You can also install 2 machines together and choose exact the same steps
> and have the same result at the end with different SID and what you like,
> the same forest/domain name. But still the connectivity problem should
> stay.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> heres the scenario:
>>
>> a windows server 2008 sp1 server configured as a domain controller,
>> the one and only DC in the forest, its running DHCP/DNS/WDS and hosts
>> a distribution and deployment share for MDT 2008
>>
>> I need to setup another server at another location with the exact same
>> config. I have been asked if we could just break the raid 1 array and
>> send the hard disk to the other location to insert in the other server
>> (same hardware) and then rebuild the arrays at both locations to speed
>> setup. Obviously this would result in 2 of the exact same servers with
>> the exact same identity... so, being experienced with the windows nt
>> family I first said no, but I wanted to verify this to be true for
>> this scenario.. the scenario is not typical.
>>
>> each server is supposed to be a domain controller but not additional
>> DCs in the same domain... but its fine and desired to have the actual
>> domain name be the same on each server... the 2 servers will not be
>> completely isolated from each other however, they will need to
>> synchronize a file share (using third party software most likely)
>>
>> so bottom line is I'm wondering if the windows indentity element will
>> be an issue here? I can't sysprep the new machine to regenerate new
>> SIDs because it is already a domain controller...
>>
>> to clarify:
>> serverA and locationA - named ServerA and is one and only DC for AD
>> domain
>> MyDomain. This server houses a master file share that needs to be
>> replicated
>> to another server at another location (WAN connection).
>> serverB at locationB - named ServerB and should be one and only DC for
>> AD domain MyDomain (yes, same domain name but not supposed to be
>> additional DC for the other 'MyDomain' domain)
>>
>> can I essentialy duplicate this harddrive and just rename the computer
>> and change IP info (which is supported in the 2008 AD) and still be
>> able to replicate a file share between the two? I realize this would
>> be out of the question if your goal was creating an addition DC in the
>> same domain, or if these servers were supposed to interact on a LAN as
>> peers... and I also assume it can't/shouldn't be done for my scenario
>> either but I'm just wondering if the fact that they will be isolated
>> from each other except for the file share replication, which further
>> will be done by 3rd party softeware (not DFSR for example), changes
>> anything? Each will be behind a firewall on seperate network
>> segments...
>>
>
>

Hello James,

If you need the same domain\username make your life easy and install an additional
DC in the domain with the same software setup. Ofcourse you need connection
between them to replicate AD but you have one to copy the data so not a problem.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> thanks for the reply Meinolf,
>
> the problem is the domain\user info is stored in a config file in the
> file share that needs to be replicated to each location... so
> essentially this file share (an MDT deployment share) will be exactly
> the same at all locations and therefore the same domain\user info will
> be used at each location for the deployment process (what I'm refering
> to here is besides the file replication process, which would be a
> different credential, but using same domain name also)
>
> I have already let the persons asking about breaking the mirror to
> speed setup know that I would rather setup manually just because there
> are some unkowns and potential issues... but as you said, even If I do
> manual setup and use same domain name the machines will not be able to
> comunicate to sync the file share?
>
> this is a problem because the domain\user supplied for the MDT
> deployment process *has* to be the same at each location.... unless
> the file replication solution I get has a way to exclude only certian
> files from being replicated and then I can replicate the whole share
> except for this one config file, which I could keep unique for each
> site with unique user credentials... and each site would be a DC for a
> different domain, including different domain name...
>
> any other thoughts would be appreciated. (including any
> recommendations on
> third party folder/file synchronization software)
> thanks
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:(E-Mail Removed) .com...
>
>> Hello James,
>>
>> I also can not understand why you need 2 forest/domains with the same
>> name and without redundancy through a second DC.
>>
>> With the technical view, yes you can use one of the mirrored disks
>> and create a second machine as an equal copy. You can also rename it.
>>
>> For the replication between both of them you have to configure a
>> connection and you have to provide logon information. I think at this
>> point your problem will start. For the logon information you have to
>> use domainname\username and i am not sure if this will work when both
>> are the same. Domain name and NetBios name have to be unique to
>> create connections.
>>
>> You can also install 2 machines together and choose exact the same
>> steps and have the same result at the end with different SID and what
>> you like, the same forest/domain name. But still the connectivity
>> problem should stay.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> heres the scenario:
>>>
>>> a windows server 2008 sp1 server configured as a domain controller,
>>> the one and only DC in the forest, its running DHCP/DNS/WDS and
>>> hosts a distribution and deployment share for MDT 2008
>>>
>>> I need to setup another server at another location with the exact
>>> same config. I have been asked if we could just break the raid 1
>>> array and send the hard disk to the other location to insert in the
>>> other server (same hardware) and then rebuild the arrays at both
>>> locations to speed setup. Obviously this would result in 2 of the
>>> exact same servers with the exact same identity... so, being
>>> experienced with the windows nt family I first said no, but I wanted
>>> to verify this to be true for this scenario.. the scenario is not
>>> typical.
>>>
>>> each server is supposed to be a domain controller but not additional
>>> DCs in the same domain... but its fine and desired to have the
>>> actual domain name be the same on each server... the 2 servers will
>>> not be completely isolated from each other however, they will need
>>> to synchronize a file share (using third party software most likely)
>>>
>>> so bottom line is I'm wondering if the windows indentity element
>>> will be an issue here? I can't sysprep the new machine to regenerate
>>> new SIDs because it is already a domain controller...
>>>
>>> to clarify:
>>> serverA and locationA - named ServerA and is one and only DC for AD
>>> domain
>>> MyDomain. This server houses a master file share that needs to be
>>> replicated
>>> to another server at another location (WAN connection).
>>> serverB at locationB - named ServerB and should be one and only DC
>>> for
>>> AD domain MyDomain (yes, same domain name but not supposed to be
>>> additional DC for the other 'MyDomain' domain)
>>> can I essentialy duplicate this harddrive and just rename the
>>> computer and change IP info (which is supported in the 2008 AD) and
>>> still be able to replicate a file share between the two? I realize
>>> this would be out of the question if your goal was creating an
>>> addition DC in the same domain, or if these servers were supposed to
>>> interact on a LAN as peers... and I also assume it can't/shouldn't
>>> be done for my scenario either but I'm just wondering if the fact
>>> that they will be isolated from each other except for the file share
>>> replication, which further will be done by 3rd party softeware (not
>>> DFSR for example), changes anything? Each will be behind a firewall
>>> on seperate network segments...
>>>