How to build a fault-tolerant domain network with 2 domain controllers?

I

ituzsm2015-05-19 13:56:59

Active Directory

ituzsm, 2015-05-19 13:56:59

There is a domain network with a single domain controller on Windows Server 2012 R2 with AD DS, DHCP, DNS and a file server.
It is required to add a second controller for fault tolerance. (If one of the domain controllers turns off, the office does not notice this, and everything works as before)
Now I imagine it as follows:
1. I connect the Internet cable from the router to the first network adapter KD1 and KD2
2. I connect the second adapter to the switch each CD and a network cable with workstations (which is now connected to the second adapter of CD1)
3. I make CD2 the second global catalog server
4. I raise all the roles available on CD1, set up replication
Question:
1. Do I understand the network topology correctly?
2. How can I implement file server failover so that files are available when one of the CDs is disabled?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Anton, 2015-05-19
@itussm

from the words it turns out that you still missed the role - the server is both a proxy or a gateway, right?
But in general, everything is correct:
raise the role of dns, the second controller - the global catalog, configure dhcp and turn it off for the time being, start the file role and mirror dfs with the master

A

Andrey Ermachenok, 2015-05-19
@eapeap

1. I connect the cable with the Internet from the router to the first network adapter KD1 and KD2

What for? In a switch where all computers are connected, there and the Internet.
Yes
3. Yes.
4. Yes.
And how many people are in the office and how much downtime in the event of an accident is acceptable?
It is possible to make a mirror of file storage on the second server, in case of failure of the first one, redirect everyone to it.

I

Ivan, 2015-05-19
@LiguidCool

The logic of raising a CD (primary or reserve - it doesn't matter) is quite simple -
1) on all client machines, CDs must be specified in the DNS role (for example, add them to DHCP).
2) all CDs must see each other on the network in order to replicate the directory data.
By and large, there is nothing complicated there.
But I don’t really understand why you connect controllers to a router, and not to a switch.
If I remember correctly, fail-safety is achieved by using DFS.

1

1qaz2wsx3edc, 2015-06-04
@1qaz2wsx3edc

"3. Making CD2 the second global catalog server" Elevate the
domain controller role, get inbound replication from #1. Further - indicate that the new cd is also a global catalog.
"4. ... setting up replication"
you don't have to "configure" replication - you have the simplest structure
"Question:
1. Do I understand the network topology correctly?"
Without a sane scheme, it is difficult to understand what exactly and where you are going to connect.
"2. How can I implement file server failover so that files are available when one of the CDs is disconnected?"
There is a regular role - Failover Cluster, while it is assumed that your machine is not cd (since this functionality is redundant for cd). Clusters with such an infrastructure, unfortunately, are like the moon, so:
1) There is an option to organize through DFS, but there are a number of pitfalls (the technology is not designed specifically for data replication)
2) The script \ robocopy etc - will work, but this crutches.