I disagree on all counts in a home environment except to say that "yes, you SHOULD have 2 DC's BECAUSE IT IS EASIER TO KEEP ON RUNNING if 1 fails." But You must or it WILL FAIL!!! DOOM!???!? LOL, right, not my experience with my DC dying.
Let me clarify: I don't rely DC2's sync as a domain backup. I've only ever brought DC2 online to be able to down & demote DC1 for reworking and then backup DC2's HDD image. I DO have recent full image backups of DC1's drive using True Image. Worse case, reset the machine accounts using netdom if they got out of sync. The important stuff (to me) is users/rights, file/folder rights, and GPOs which would survive just fine. http://support.microsoft.com/kb/260575 http://support.microsoft.com/kb/216393 So no, a dead DC would not "cripple" me here unless my backups got hosed also. When the DC & it's services have gone down all it took to recover was to slap it's drive in another system or restore it's image to a new drive. Meanwhile I ran the client pc's just fine from the router DHCP & DNS using local accounts in the interim. A Windows DC & it's services are a CONVENIENCE. Easy DNS, central file shares, central user management for locking the kids accounts when they're bad, easy user & machine policies, a system to experiment with the technology not live or die core servers. If I did have a second machine to dedicate to 24/7 use (sucking up juice) I'd be loading some nix distro, not a second DC though a virtual DC un VMWare & nix would be nice. Let's just say: "Yes, I am well aware of the issues you raise BUT it's not unworkable nor is it gloom & doom to do it my way for home use. ON the other hand, doing it the "right" way means overkill of having to buy & run yet another power sucking PC that does mostly nothing. You got one & the $$$ for juice, go right ahead! Greg Sevart wrote: > I'm sorry, I just have to completely disagree. You want two DCs, or don't do > a domain at all. It WILL fail, and you don't want to be without a live DC. > > Also, that yearly backup won't do any good. Computers have an account in AD > just like any other object, and they will change their machine account > passwords randomly every few days. So, unless you have a group policy set up > to prevent machines doing so, your image would be good for perhaps a week. > If you needed to bring the image online due to a DC failure, none of your > computer accounts in the old AD copy would be valid anymore--so you'd be > doing a disjoin/rejoin for each one. > > Greg > > > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:hardware- >> [EMAIL PROTECTED] On Behalf Of j maccraw >> Sent: Wednesday, October 24, 2007 1:49 PM >> To: The Hardware List >> Subject: Re: [H] WINS Server? >> >> No, I've gotten by for 7+ years on a single DC. Of >> course my domain does not >> change much and I only have 5 PC's on it. >> >> I do every year or so boot up a second machine with 2K >> server, promote it to DC >> from member server & get my domain synced to it. Then >> I image that second server >> "just in case". Also use this method when I need to >> redo the 1st server from >> scratch. >> > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
