Wednesday, November 17, 2010

Active Directory

The need to back up Active Directory at one of my clients is rearing it's head.  I have on some authority that one need only set up another server and peer it to the current server with that function, and the data will migrate.  A number of "roles" must be set to get this to happen, and I am not sure of how to do that yet.

I have an old server which was the backup, but had fallen out of sync.  Turns out that if the server goes over 60 days out of sync, it is in "tombstone" timeout land, and is mighty hard to resync.

I put it back online, and overrode one whine it had, which was related to being too old, and let it set for about 48 hours or so.  After that I started getting complaints from users that they could not log on.  The one user who tried was not on the old AD database, and I suspected that maybe the peering had occurred, but not the actual transfer of the data.  when I logged onto the back server, I never saw its AD info updated.

I further suspected that the second server was authoritative to the fellow who tried to log on, so turned off the backup server.  After he rebooted, he could get in with just the main server online.  Back to the drawing board for more info.

Here is one link to a discussion of such issues:
http://www.tech-faq.com/how-to-maintain-active-directory.html

No comments:

Post a Comment