Currently running a small domain with one Win2k3 domain controller. Most of the resources used in the domain are on Novell Netware servers (boooo i here you cry!) I am arguing that we should have at least 2 Win2k3 DC's for contingency purposes. My argument is that if the DC fails nobody will be able to logon to the domain with their windows 2003 account but the counter argument is that they will be able to logon using cached credentials until such times the DC is rebuilt (if necessary) so there is no need for a second DC.

I would appreciate any feedback from folk who use this site to get some outside thoughts/opinions on this?

Thanks in advance

---

The only thing to do with good advice is pass it on. It is never any use to oneself.

Well, As long as you have made it clear to the powers that be, the benefits of a 2nd DC and the problems that will arise if it dies, then there is nothing else you need to do, except have a DR plan ready for when the DC craps out on you.

Depending on the amount of users etc, how busy you are, then it really shouldn't be too much of a problem.

 ps. I am a CNE :) I dont cry boooo when I hear Novell.

Is your DHCP and DNS running in on your DC?  Are you a mixed protocol environment IE: IPX and TCP/IP?

If so your DC goes down then your DNS and DHCP would go down as well then they would be very limited to Network resources.  All it really takes is a workstation loaded with Server 2003 to be a backup.  You'll pay less for the license and workstation then you would for the down time and loss of productive time. 

If they don't budge then I would ask you if you have any experence with backup and restoring AD?  It sucks and almost never works.  I would bring up a second box on VM to cover my own ass, and then accidently have a power cable come out of my DC for a couple hours to prove my point.  Most managers don't understand what you are talking about until it happens then they want to blame your for not predicting the future correctly.  I had to fight for the redundecy that we have in our environment.  Now I don't have to schedule down time because I just reboot and the other servers take over for the one that is rebooting.

 Good Luck

LZ-KID

---

The fluffy midgets in my head tell me to format everything and hope the end user knows how to backup their data.

If a user logs onto the domain with cached user credentials are they still able to access network resources if the single DC was down and there wasn't another active DC?

---

The only thing to do with good advice is pass it on. It is never any use to oneself.

No, because when you try to access the resource it looks for your credentials.  Which usually means it ask AD what group you are apart of and does this user have access to me.  The best way for me to show you how this works is to login to your file server look at the permissions of a share.  You will see names or groups of people that have permissions.  If you were to take your domain controller down and try and look at the permissions again you would see nothing but SSID numbers.  This is because the file server isn't able to resolve the names of the groups or user.

Are they still trying to fight you on this issue?  Tell them you will go all San Fran on their asses.  If you don't know what I'm talking about you need to do some reading on Network World about the Rogue San Fransisco Admin.  Here is the first story to start with.

http://www.networkworld.com/news/2008/071508-report-it-admin-locks-up.html

LZ-KID

---

The fluffy midgets in my head tell me to format everything and hope the end user knows how to backup their data.

Thanks!! Interesting article as well :-)

---

The only thing to do with good advice is pass it on. It is never any use to oneself.