[karzon]

Is it possible to configure Multiple Root Domain Controller in windows server 2003 Ent ?
If any root domain Controller is down other is controll everything.


Please give me some idea.

Thanks
Karzon

[Virtual]

There are not root DCs as such. They have FSMO roles that carry out certain roles.

2 x FSMO roles are unique to the forest and each role can only be on one server at a time (or both roles on a server) within that forest, which may consist of multiple domains.

Domain Naming Master
Schema Master

3 x FSMO roles are unique to the domain, so each role can only be on 1 server at a time (or all 3 on one server that may also have the forest FSMO roles) within a specific domain. If you have 2 domains and 1 forest, you effectively have 6 domain FSMO roles, the 3 domain FSMO roles on a server within each domain and 1 server in the forest (or two servers) with Forest FSMO roles.

PDC Emulator
RID Master
Infrastructure Master

This site has an article on it.

http://www.petri.co.il/understanding...oles_in_ad.htm

When a Forest is created for the first time, the first server will ahve all 5 FSMO roles. As you add additional servers, you have the option to then transfer those FSMO roles to that server.

If a server does go down, you are able to seize the roles but then that server cannot be brought back on line and you have to clean metadata. Just because a certain FSMO role holder is down doesn't mean you will necessarily get a problem straight away. It depends on their function. e.g. Domain naming Master - are you likely to want to create a new Domain with a server being down? I would say the crucial one is PDC. That one tends to be used for logon purposes and time sync, amongst some of its duties.

FSMO roles can be transferred quite easily.

Also, with FSMO roles, you also need to be careful with GC placement in multi-domain environments, with rule of thumb then being to not make a Infrastructure Master a GC unless all servers are GCs.

[karzon]

Thanks For Reply.

without running FSMO roles, will exchange server work properly if the Root Domain Controller goes down?

[gforceindustries]

Quote:

Originally Posted by karzon

without running FSMO roles

What does this mean?

Exchange does not generally depend too heavily on the FSMO roles, however you should aim to repair a failed roleholder, or seize roles if the server cannot be repaired, as soon as possible.

Exchange relies on global catalogs.

[Virtual]

I have heard references to a root Domain Controller before, which some regard as the 1st DC created for a forest and therefore, containing all FSMO roles.

As Exchange is integrated in to AD and as Gforce... mentions, needs a GC, it may not effect it to a certain extent but it is so quick to transfer or seize roles initially, you shouldn't need to worry too much. It is just the cleaning of metadata, DNS entries and Sites and Services that takes the time if the roles had to be seized from a FSMO role holder. That DC can then not be joined back to the domain once FSMO roles are seized, so would need to be reimaged.

[karzon]

Please let me explain the scenario:

1. I have two domain controller in windows server 2003 ent ( One is Root DC and Others is Additional DC)
2. I Have Exchange 2003 ent
3. If the Root Domain Controller goes down due to maintainence work or some Hardware Failure or any other issue, does the Exchange server server work properly? what will happen?

Thanks
Karzon

[Virtual]

So the Exchange Server is installed on a Member server?

Exchange server definitely won't work properly if the other DC is not a GC, so make them both one.

If the root server is down, authentication will not happen, so therefore, Exchange Server would be effected to a certain extent. Outlook Clients or other mail progams will probably not be able to connect to read new mail.
(I am sure there are more problems that somebody else can advise on, or indeed advice if I am wrong)

If you are scheduling downtime, you could transfer FSMO roles to the other DC and then do the maintenance.

If it is a hardware failure or other issue and getting the server back on-line is longer than expected and there is a need to get the network and Exchange operational as fast as possible, as there is a SLA in place or is costly to the entity you are referring to, you would seize the roles to the other DC. This restores normality.

You then can remove metadata/DNS entries/sites and services entries for the failed DC

Rectify the issue whilst making sure the server is not connected to the network.

Rebuild the server and then join it back to the domain. You can then make it a DC and then transfer roles back to it if you wish.

[Maish]

As noted before, as long as your second Domain Controller is a Global Catalog and DNS of course, you shoud not have serious issues.

[karzon]

Ok Fine.

If the First DC ( Root DC) goes down for few minitus or hours, I can assaign the Second DC as a GC from 'Active Directory Sites and Services' option easily. so do I need to run FSMO roles? if i donot run FSMO roles and Second DC is GC, will the Exchange Server work properly?


Thanks
karzon

[Maish]

I would assign the GC role to both DC's permanently

There will be no need to to transfer/seize the roles to the 2nd DC if the machine is down for a few hours.

If you do the above then your exchange should work properly