Answer the question
In order to leave comments, you need to log in
How to protect AD from failure?
Работаю на двух работах (в гос и частной компании), в частной - я сисадмин, в гос - просто админ программ.
Недавно решил поднять на второй работе контроллер домена, на что мне сисадмины с 1й работы начали пугать - мол это очень опасно, что контроллер домена часто дает сбои.
Собственно вопрос к тем, у кого он стоит -
а как часто у вас дает сбой контроллер ? и что Вы предпринимаете для того, чтоб защититься от сбоев ?
ну и хотелось бы услышать рекомендации, какие требования нужны для сервера. на котором буду это все поднимать (число пользователей ~50)
Answer the question
In order to leave comments, you need to log in
To do this, a second domain controller is raised which is a slave for the first, the first one died, everything works from the second automatically.
Here are strange people, of course, how they live with a hundred machines without a domain controller if it dies and falls so often.
The domain controller in my life fell a couple of times and then it's clean on the iron.
Is it dangerous to raise a second domain controller? Maybe they are afraid to make backups too?
Put read-only, or a simple secondary controller. And make an AD backup
. My controller is spinning on win2008R2 under ESXi 5.5 and secondary in the additional office in read-only mode.
Fuck these admins. MS strongly recommends that you maintain an AD domain on at least two domain controllers. This is not even Best Practice, but common sense. It is not recommended to have just one CD, because. if the disk system fails, for example, the domain will most likely not be restored.
Out of the box, two CDs will work absolutely without problems in your conditions (50 users), even in virtual machines on top of a dual-core atom with 4 GB of RAM.
Well, now about failures: I was somehow involved in the implementation of AD DS in one office (~ 60 machines, ~ 100 users). They did not give money to the domain controller, tk. did not understand why it was needed at all. From half-dead components, two CDs were assembled (single-core Sempron + 1GB of RAM + raid 1 on a chipset of two hard drives ancient as mammoth bones) and sent to a pilot launch. Everything worked fine until the cabinet crash "wasted" one cooldown. Because of the horror of what happened, I did not immediately guess to forcibly exclude the dead CD from the domain, in connection with which I received a dead domain with broken replication, FSMO roles and other goodies. But even despite this, for another six months, he regularly performed his functions: he added accounts, distributed policies, etc., until finally they allocated money for a normal server under AD.
tl;dr: two domain controllers are good and necessary. Follow instructions from MS (especially in case of failure) and everything will be ok.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question