Under NT4 we had crappy hardware for the two NA domains (actually 2 DCs for each domain split across the NA datacenters). But I went into a morning management meeting and said that we were ready to die any day and needed more hardware and went to the systems integration people and said we needed 2K because we have SAMs > 80MB.
I got the new hardware and offloaded functionality (WINS) across to the other machines. Once we had 2K we had budget for some new machines and the PDCs were absolutely on new hardware, I clearly recall sitting in the datacenter one morning with a bunch of system integration folks standing behind me while I converted the old machines to 2K and pushed the FSMOs over to the new hardware with a fresh 2K load. We did however reload the old DCs and keep them up and running but that was not my personal choice because they were definitely slower. The saving grace was that all traffic at that time was strictly NOS based auth/authz. There were no LDAP apps and Exchange played in its own sandbox. The PDCs have always been coddled by me whenever possible. I am not one of the people running around saying AD doesn't have a PDC. It was the one special DC in every domain that had me running when it hiccuped. There were no other special DCs until Exchange 2K spun up and then every DC in the Exchange Sites became special as well due to the Exchange/Outlook rough failover mechanisms. If an Exchange DC starts screwing up, it either needs to be fixed or off the network ASAP. Also, even with that new hardware you may recall (I think you were still around) we ran into an issue with the SE MI NA Domain PDC puking out every morning because it would get all bunched up. That ended up being a combination of load and its NetBIOS resolution mode being set to H-Node instead of P-Node. I am not saying DON'T use older hardware. I am saying be careful where you place it and what will use it. It could bite you hard. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 12:12 PM To: [email protected] Subject: RE: [ActiveDir] Improving your AD's fault tolerance with old hardware? Don't mean to call you out, Joe, but ...... Didn't you use to run the PDC for that Widget factory on a very small (no, itsy-bitsy) hardware? And didn't you explain at that time that there was no sense in putting it on one of the beefy Dells we were purchasing around that time? And didn't run seamlessly and adequately (discounting the WINS gyrations)? I'd think you'd be a champion for the "don't need an enterprise hardware for such mundane task" crowd :). I personally have to also second Ed's opinion on this - it's better to have a second DC even on crappy hardware than it is to have none at all because of budget constraints. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of joe Sent: Wed 11/9/2005 8:02 AM To: [email protected] Subject: RE: [ActiveDir] Improving your AD's fault tolerance with old hardware? Even outside of Exchange I think it depends on how fast the box actually is and how hard you hit AD. For a box in the closet to offer a get out of jail because everything else fails... Ok. But I would be concerned that other machines you don't think of normally as much as you think of Exchange could find the DC and start using it and get suboptimal perf from it. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, November 08, 2005 11:08 PM To: [email protected] Subject: RE: [ActiveDir] Improving your AD's fault tolerance with old hardware? I'd go along with Ed here. I can't see too much risk with this approach. I wouldn't assign any of the FSMO roles to the old hardware DC, simply because of the hassle in seizing the roles elsewhere in the event of a severe hardware failure. No problem with making the DC as GC though. Another option to consider is setting up a lag site with the old hardware DC. This can be useful for some recovery scenarios as well as the safe introduction of schema changes. Search the list archive for recent posts on the lag site concept. It is important to ensure that whatever hardware you use is sufficient for the task. There are published minimum requirements for Windows Server 2003, but you should also determine what is the minimum required for your own environment. A scenario I have in mind is if you have Exchange 2003 running in your environment you perhaps don't want it to be using an old DC/GC that's running like a dog. :-) Tony -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP] Sent: Wednesday, 9 November 2005 2:59 p.m. To: [email protected] Subject: RE: [ActiveDir] Improving your AD's fault tolerance with old hardware? I remember back in the days of our old 3500-user NT 4.0 domain, back when I ran an administration group. We had a nice ProLiant server that was a 486. We only had one of those. But because it was manageable through Insight Agents, we decided to keep it and made it our PDC, since it wasn't terribly useful for anything else. We figured that if it were to die, we'd just junk it and promote another server. It never did die while I was there, and it performed fine. So, although the hardware sales guys at my current employer would crucify me for saying this, I can't disagree with your approach. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Danny Sent: Tuesday, November 08, 2005 3:50 PM To: [email protected] Subject: [ActiveDir] Improving your AD's fault tolerance with old hardware? Correct me if I am wrong, but assuming the more DC's you have in your forest, the more fault tolerant your Active Directory will become, is it therefore worth it to use retired, possibly out of (hardware) warranty servers or workstations for this purpose if you are budget-less (to purchase new servers)? In this case, I am referring to orgs with 20-200 AD users. How about GC's and other related AD roles and critical software based services? Same deal? Thank you, ...D List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
