How long can two AD / DC servers be out of sync??
I'm trying to understand what happens when/if our two DC/AD (also DNS, DHCP, one of them is RDS/TS licensing) servers get out of sync for any reason.
One is physical, one is virtual. This understanding is necessary for presenting BC/DR information to non-technical people.
If one of the two AD/DC servers is unavailable, my understanding is the remaining server will take over.
When/if the second AD/DC comes back online what happens??
I vaguely recall seeing something to the effect that not more than 30 minutes should be allowed to pass with one of the AD/DC servers offline, is this true??
Can someone point me to an explanation of what happens, consequences, remedies??
Thank you, Tom
August 18th, 2012 8:25am
Hello,
Two DCs can be not replicating for a specific period called forest tombstone lifetime. This value can be updated.
To determine your forest tombstone lifetime: http://technet.microsoft.com/en-us/library/cc784932%28v=ws.10%29.aspx
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2012 9:49am
Try out this link
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx#w2k3tr_repto_how_yipb
September 1st, 2012 7:35am
Hello,
this depends on the TSL(tombstone lifetime), default on earlier OS doamins is 60 days and on new ones 180 days. At least in this timeframe the DCs MUST synchronize. You can verify with:
"Dsquery * "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=Root-Domain" -attr
tombstoneLifetime" in an elevated comand prompt. Or with ADSIEdit.msc under the attribute "tombstoneLifetime" in "CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=Root-Domain".
Also it is important that the running DC is Global catalog server, recommended for single domain forest are all DCs should be GC.
Additional make the DCs both DNS server and configure ALL domain machines to use both domain DNS servers, NONE ELSE, on the NIC. Without DNS nobody is able to logon to the domain.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2012 8:40am
Hello,
Two DCs can be not replicating for a specific period called forest tombstone lifetime. This value can be updated.
To determine your forest tombstone lifetime: http://technet.microsoft.com/en-us/library/cc784932%28v=ws.10%29.aspx
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
September 1st, 2012 9:48am