"Setup "secondary" as a "hot spare" but disable the DHCP service unless and until the primary becomes available. Use netsh dhcp server export c:\dhcpdatabase.txt all on a daily basis to ensure a valid "backup" of the primary, and copy that file over to the secondary as part of one scheduled task."
This is kinda what we do currently. We have 2 other AD Controllers in the same Site as our DHCP server that we would just configure DHCP on and restore the backup to it. Don Guyer Systems Engineer - Information Services Prudential, Fox & Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 [email protected] <mailto:[email protected]> From: Fergal O'Connell [mailto:[email protected]] Sent: Friday, September 10, 2010 9:51 AM To: NT System Admin Issues Subject: RE: W2k3 DHCP redundancy / high availability What is the lease time on your DHCP server? You might want to change this to say 2-3 days which will enable you to fix the original problem if there is one. From: Raper, Jonathan - Eagle [mailto:[email protected]] Sent: 09 September 2010 22:55 To: NT System Admin Issues Subject: W2k3 DHCP redundancy / high availability Ok, here goes... Present environment - pure Windows 2003 AD, with two DCs. One is virtual (vmware esx 3.5), 2003 Enterprise Edition. The other is physical, 2003 Standard Edition (not sure why - I didn't set it up). Virtual DC is running DHCP for our entire organization, and would be a pain to go through and setup split scopes (many sites, multiple vlans per site, and thus, multiple DHCP scopes for each site.) A year ago, we were using Cisco devices at each remote site to handle DHCP for each subnet. We performed a major network overhaul and had to centralize, so here we are. I've now been tasked with building redundancy for our DHCP services. Moving to Server 2008 is not an option right now. We MAY be able to upgrade the 2003 Standard server to 2003 Enterprise, but that isn't a given just yet. Issues... Can't cluster, because of the Std Edition OS, (but even then, how would that impact AD & DNS?) Can't backup from Primary and restore to Secondary, again, because of different OS (M$ says, "not supported" to backup from Enterprise and try to restore to Standard) As mentioned, split scopes would be a major admin pain (it wouldn't be so bad if we had 2008, since there is a wizard in 2008, but I digress) So, the way I see it, I have a couple of options... Setup "secondary" as a "hot spare" but disable the DHCP service unless and until the primary becomes available. Use netsh dhcp server export c:\dhcpdatabase.txt all on a daily basis to ensure a valid "backup" of the primary, and copy that file over to the secondary as part of one scheduled task. -or- Setup secondary, authorize it, configure it, turn it on, (hear me out here) and setup IP Address Conflict Resolution at the server level on both servers, and let them "work it out" on their own. I realize that I wouldn't have any lease synchronization, and that there is a slight risk of duplicate IP, but I can't imagine there would be much. My WAN links are solid. Also, any scope or option changes made on the primary would have to be duplicated on the secondary...administrative overhead yes, but still less than dealing with split scope, IMO. Even then, couldn't I just export from the primary after I've made changes and then import to the secondary? I know lease information is contained in the exported file...trying to decide whether or not that would be good or bad... if it wouldn't be a problem, why not take it a step further and schedule an export/import from the primary to the secondary? What am I missing? Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA [email protected] <BLOCKED::mailto:%[email protected]> www.eaglemds.com <BLOCKED::http://www.eaglemds.com/> ________________________________ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
