On different occasions, in different settings, I've done both of the things you're suggesting here (plus the one you are afraid of. <g>)
It all depends on your recovery time. Your first option requires manual intervention for failover. Your second option is a little messy on all but the smallest of networks. I'm actually using a combo of both of these options on the home network currently (fully overlapping scopes with conflict resolution PLUS weekly backups of the scope to each local machine, copied to a central location) Whichever of the two options you go for, should be a stopgap. You really want to go down the path that Brian and James have advocated. *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * On Thu, Sep 9, 2010 at 5:55 PM, Raper, Jonathan - Eagle <[email protected] > wrote: > Ok, here goes… > > > > Present environment - pure Windows 2003 AD, with two DCs. One is virtual > (vmware esx 3.5), 2003 Enterprise Edition. The other is physical, 2003 > Standard Edition (not sure why – I didn’t set it up). Virtual DC is running > DHCP for our entire organization, and would be a pain to go through and > setup split scopes (many sites, multiple vlans per site, and thus, multiple > DHCP scopes for each site.) A year ago, we were using Cisco devices at each > remote site to handle DHCP for each subnet. We performed a major network > overhaul and had to centralize, so here we are. > > > > I’ve now been tasked with building redundancy for our DHCP services. Moving > to Server 2008 is not an option right now. We MAY be able to upgrade the > 2003 Standard server to 2003 Enterprise, but that isn’t a given just yet. > > > > Issues… > > > > Can’t cluster, because of the Std Edition OS, (but even then, how would > that impact AD & DNS?) > > Can’t backup from Primary and restore to Secondary, again, because of > different OS (M$ says, “not supported” to backup from Enterprise and try to > restore to Standard) > > As mentioned, split scopes would be a major admin pain (it wouldn’t be so > bad if we had 2008, since there is a wizard in 2008, but I digress) > > > > So, the way I see it, I have a couple of options… > > > > Setup “secondary” as a “hot spare” but disable the DHCP service unless and > until the primary becomes available. Use *netsh dhcp server export > c:\dhcpdatabase.txt all *on a daily basis to ensure a valid “backup” of > the primary, and copy that file over to the secondary as part of one > scheduled task. > > > > -or- > > > > Setup secondary, authorize it, configure it, turn it on, (hear me out here) > and setup IP Address Conflict Resolution at the server level on both > servers, and let them “work it out” on their own. I realize that I wouldn’t > have any lease synchronization, and that there is a slight risk of duplicate > IP, but I can’t imagine there would be much. My WAN links are solid. Also, > any scope or option changes made on the primary would have to be duplicated > on the secondary…administrative overhead yes, but still less than dealing > with split scope, IMO. Even then, couldn’t I just export from the primary > after I’ve made changes and then import to the secondary? I know lease > information is contained in the exported file…trying to decide whether or > not that would be good or bad… if it wouldn’t be a problem, why not take it > a step further and schedule an export/import from the primary to the > secondary? > > > > What am I missing? > > > > Jonathan L. Raper, A+, MCSA, MCSE > Technology Coordinator > Eagle Physicians & Associates, PA* > *[email protected]* > *www.eaglemds.com > > > > ------------------------------ > Any medical information contained in this electronic message is > CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to > view, copy, disclose, or disseminate CONFIDENTIAL information. This > electronic message may contain information that is confidential and/or > legally privileged. It is intended only for the use of the individual(s) > and/or entity named as recipients in the message. If you are not an intended > recipient of this message, please notify the sender immediately and delete > this material from your computer. Do not deliver, distribute or copy this > message, and do not disclose its contents or take any action in reliance on > the information that it contains. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
