Discussion:
what would happen if???
(too old to reply)
James
2009-02-20 23:21:23 UTC
Permalink
heres the scenario:

a windows server 2008 sp1 server configured as a domain controller, the one
and only DC in the forest, its running DHCP/DNS/WDS and hosts a distribution
and deployment share for MDT 2008

I need to setup another server at another location with the exact same
config. I have been asked if we could just break the raid 1 array and send
the hard disk to the other location to insert in the other server (same
hardware) and then rebuild the arrays at both locations to speed setup.
Obviously this would result in 2 of the exact same servers with the exact
same identity... so, being experienced with the windows nt family I first
said no, but I wanted to verify this to be true for this scenario.. the
scenario is not typical.

each server is supposed to be a domain controller but not additional DCs in
the same domain... but its fine and desired to have the actual domain name
be the same on each server... the 2 servers will not be completely isolated
from each other however, they will need to synchronize a file share (using
third party software most likely)

so bottom line is I'm wondering if the windows indentity element will be an
issue here? I can't sysprep the new machine to regenerate new SIDs because
it is already a domain controller...

to clarify:
serverA and locationA - named ServerA and is one and only DC for AD domain
MyDomain. This server houses a master file share that needs to be replicated
to another server at another location (WAN connection).

serverB at locationB - named ServerB and should be one and only DC for AD
domain MyDomain (yes, same domain name but not supposed to be additional DC
for the other 'MyDomain' domain)

can I essentialy duplicate this harddrive and just rename the computer and
change IP info (which is supported in the 2008 AD) and still be able to
replicate a file share between the two? I realize this would be out of the
question if your goal was creating an addition DC in the same domain, or if
these servers were supposed to interact on a LAN as peers... and I also
assume it can't/shouldn't be done for my scenario either but I'm just
wondering if the fact that they will be isolated from each other except for
the file share replication, which further will be done by 3rd party
softeware (not DFSR for example), changes anything? Each will be behind a
firewall on seperate network segments...
Marcin
2009-02-21 00:34:34 UTC
Permalink
James - despite your explanation, I'm still not clear why exactly you would
want to do this (duplicating a DC at a given point in time will not keep its
replica consistent going forward). Considering that apparently you have some
sort of network connection between the two locations, you'd be significantly
better off if you simply installed another domain controller (giving you
added benefit of redunancy, which is missing from your design)...

hth
Marcin
Post by James
a windows server 2008 sp1 server configured as a domain controller, the
one and only DC in the forest, its running DHCP/DNS/WDS and hosts a
distribution and deployment share for MDT 2008
I need to setup another server at another location with the exact same
config. I have been asked if we could just break the raid 1 array and send
the hard disk to the other location to insert in the other server (same
hardware) and then rebuild the arrays at both locations to speed setup.
Obviously this would result in 2 of the exact same servers with the exact
same identity... so, being experienced with the windows nt family I first
said no, but I wanted to verify this to be true for this scenario.. the
scenario is not typical.
each server is supposed to be a domain controller but not additional DCs
in the same domain... but its fine and desired to have the actual domain
name be the same on each server... the 2 servers will not be completely
isolated from each other however, they will need to synchronize a file
share (using third party software most likely)
so bottom line is I'm wondering if the windows indentity element will be
an issue here? I can't sysprep the new machine to regenerate new SIDs
because it is already a domain controller...
serverA and locationA - named ServerA and is one and only DC for AD domain
MyDomain. This server houses a master file share that needs to be
replicated to another server at another location (WAN connection).
serverB at locationB - named ServerB and should be one and only DC for AD
domain MyDomain (yes, same domain name but not supposed to be additional
DC for the other 'MyDomain' domain)
can I essentialy duplicate this harddrive and just rename the computer and
change IP info (which is supported in the 2008 AD) and still be able to
replicate a file share between the two? I realize this would be out of the
question if your goal was creating an addition DC in the same domain, or
if these servers were supposed to interact on a LAN as peers... and I also
assume it can't/shouldn't be done for my scenario either but I'm just
wondering if the fact that they will be isolated from each other except
for the file share replication, which further will be done by 3rd party
softeware (not DFSR for example), changes anything? Each will be behind a
firewall on seperate network segments...
James
2009-02-23 17:07:12 UTC
Permalink
yes, I'm having a hard time explaining this... redundancy is irrelevant to
my scenario...

in general terms I have a deployment system setup at one location. The
'system' is all on one server. Part of the system required active directory
(WDS), which is the only reason active directory is involved. This is not
for a corporate network. Now I need to setup this 'system' at another
location. The only communication between locations is synchronizing one file
share, thats it. This is a scenario where active directory is just adding
unnecessary complication.

Meinolf Weber brought up the problem I was worried about... check his reply
if your interested, basically I may have a problem by both locations using
same domain name whether I tried to duplicate, like by breaking mirror, or I
installed manually, new sids and all. This is because the domain\user info
is stored in a config file that will be replicated, and therefore will be
the same at all locations.

thanks for the reply, I appreciate it.
Post by Marcin
James - despite your explanation, I'm still not clear why exactly you
would want to do this (duplicating a DC at a given point in time will not
keep its replica consistent going forward). Considering that apparently
you have some sort of network connection between the two locations, you'd
be significantly better off if you simply installed another domain
controller (giving you added benefit of redunancy, which is missing from
your design)...
hth
Marcin
Post by James
a windows server 2008 sp1 server configured as a domain controller, the
one and only DC in the forest, its running DHCP/DNS/WDS and hosts a
distribution and deployment share for MDT 2008
I need to setup another server at another location with the exact same
config. I have been asked if we could just break the raid 1 array and
send the hard disk to the other location to insert in the other server
(same hardware) and then rebuild the arrays at both locations to speed
setup. Obviously this would result in 2 of the exact same servers with
the exact same identity... so, being experienced with the windows nt
family I first said no, but I wanted to verify this to be true for this
scenario.. the scenario is not typical.
each server is supposed to be a domain controller but not additional DCs
in the same domain... but its fine and desired to have the actual domain
name be the same on each server... the 2 servers will not be completely
isolated from each other however, they will need to synchronize a file
share (using third party software most likely)
so bottom line is I'm wondering if the windows indentity element will be
an issue here? I can't sysprep the new machine to regenerate new SIDs
because it is already a domain controller...
serverA and locationA - named ServerA and is one and only DC for AD
domain MyDomain. This server houses a master file share that needs to be
replicated to another server at another location (WAN connection).
serverB at locationB - named ServerB and should be one and only DC for AD
domain MyDomain (yes, same domain name but not supposed to be additional
DC for the other 'MyDomain' domain)
can I essentialy duplicate this harddrive and just rename the computer
and change IP info (which is supported in the 2008 AD) and still be able
to replicate a file share between the two? I realize this would be out of
the question if your goal was creating an addition DC in the same domain,
or if these servers were supposed to interact on a LAN as peers... and I
also assume it can't/shouldn't be done for my scenario either but I'm
just wondering if the fact that they will be isolated from each other
except for the file share replication, which further will be done by 3rd
party softeware (not DFSR for example), changes anything? Each will be
behind a firewall on seperate network segments...
Robert L. (MS-MVP)
2009-02-21 05:01:06 UTC
Permalink
I don't why you want to do that, but I think Virtual machine manager could
the solution. This search result may help.
What can Virtual Machine Manager ...
What can Virtual Machine Manager 2007 (VMM) do ... VMM manages a
virtualized data center that runs Microsoft Virtual Server 2005, and it
provides: ...
www.chicagotech.net/netforums/viewtopic.php?t=4966&view=next&sid=ca5077119fc324634dcd1699a2236868
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
Post by James
a windows server 2008 sp1 server configured as a domain controller, the
one and only DC in the forest, its running DHCP/DNS/WDS and hosts a
distribution and deployment share for MDT 2008
I need to setup another server at another location with the exact same
config. I have been asked if we could just break the raid 1 array and send
the hard disk to the other location to insert in the other server (same
hardware) and then rebuild the arrays at both locations to speed setup.
Obviously this would result in 2 of the exact same servers with the exact
same identity... so, being experienced with the windows nt family I first
said no, but I wanted to verify this to be true for this scenario.. the
scenario is not typical.
each server is supposed to be a domain controller but not additional DCs
in the same domain... but its fine and desired to have the actual domain
name be the same on each server... the 2 servers will not be completely
isolated from each other however, they will need to synchronize a file
share (using third party software most likely)
so bottom line is I'm wondering if the windows indentity element will be
an issue here? I can't sysprep the new machine to regenerate new SIDs
because it is already a domain controller...
serverA and locationA - named ServerA and is one and only DC for AD domain
MyDomain. This server houses a master file share that needs to be
replicated to another server at another location (WAN connection).
serverB at locationB - named ServerB and should be one and only DC for AD
domain MyDomain (yes, same domain name but not supposed to be additional
DC for the other 'MyDomain' domain)
can I essentialy duplicate this harddrive and just rename the computer and
change IP info (which is supported in the 2008 AD) and still be able to
replicate a file share between the two? I realize this would be out of the
question if your goal was creating an addition DC in the same domain, or
if these servers were supposed to interact on a LAN as peers... and I also
assume it can't/shouldn't be done for my scenario either but I'm just
wondering if the fact that they will be isolated from each other except
for the file share replication, which further will be done by 3rd party
softeware (not DFSR for example), changes anything? Each will be behind a
firewall on seperate network segments...
James
2009-02-23 17:07:43 UTC
Permalink
thanks for the reply, I appreciate it.
Post by Robert L. (MS-MVP)
I don't why you want to do that, but I think Virtual machine manager could
the solution. This search result may help.
What can Virtual Machine Manager ...
What can Virtual Machine Manager 2007 (VMM) do ... VMM manages a
virtualized data center that runs Microsoft Virtual Server 2005, and it
provides: ...
www.chicagotech.net/netforums/viewtopic.php?t=4966&view=next&sid=ca5077119fc324634dcd1699a2236868
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
Post by James
a windows server 2008 sp1 server configured as a domain controller, the
one and only DC in the forest, its running DHCP/DNS/WDS and hosts a
distribution and deployment share for MDT 2008
I need to setup another server at another location with the exact same
config. I have been asked if we could just break the raid 1 array and
send the hard disk to the other location to insert in the other server
(same hardware) and then rebuild the arrays at both locations to speed
setup. Obviously this would result in 2 of the exact same servers with
the exact same identity... so, being experienced with the windows nt
family I first said no, but I wanted to verify this to be true for this
scenario.. the scenario is not typical.
each server is supposed to be a domain controller but not additional DCs
in the same domain... but its fine and desired to have the actual domain
name be the same on each server... the 2 servers will not be completely
isolated from each other however, they will need to synchronize a file
share (using third party software most likely)
so bottom line is I'm wondering if the windows indentity element will be
an issue here? I can't sysprep the new machine to regenerate new SIDs
because it is already a domain controller...
serverA and locationA - named ServerA and is one and only DC for AD
domain MyDomain. This server houses a master file share that needs to be
replicated to another server at another location (WAN connection).
serverB at locationB - named ServerB and should be one and only DC for AD
domain MyDomain (yes, same domain name but not supposed to be additional
DC for the other 'MyDomain' domain)
can I essentialy duplicate this harddrive and just rename the computer
and change IP info (which is supported in the 2008 AD) and still be able
to replicate a file share between the two? I realize this would be out of
the question if your goal was creating an addition DC in the same domain,
or if these servers were supposed to interact on a LAN as peers... and I
also assume it can't/shouldn't be done for my scenario either but I'm
just wondering if the fact that they will be isolated from each other
except for the file share replication, which further will be done by 3rd
party softeware (not DFSR for example), changes anything? Each will be
behind a firewall on seperate network segments...
Meinolf Weber [MVP-DS]
2009-02-21 18:22:34 UTC
Permalink
Hello James,

I also can not understand why you need 2 forest/domains with the same name
and without redundancy through a second DC.

With the technical view, yes you can use one of the mirrored disks and create
a second machine as an equal copy. You can also rename it.

For the replication between both of them you have to configure a connection
and you have to provide logon information. I think at this point your problem
will start. For the logon information you have to use domainname\username
and i am not sure if this will work when both are the same. Domain name and
NetBios name have to be unique to create connections.

You can also install 2 machines together and choose exact the same steps
and have the same result at the end with different SID and what you like,
the same forest/domain name. But still the connectivity problem should stay.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by James
a windows server 2008 sp1 server configured as a domain controller,
the one and only DC in the forest, its running DHCP/DNS/WDS and hosts
a distribution and deployment share for MDT 2008
I need to setup another server at another location with the exact same
config. I have been asked if we could just break the raid 1 array and
send the hard disk to the other location to insert in the other server
(same hardware) and then rebuild the arrays at both locations to speed
setup. Obviously this would result in 2 of the exact same servers with
the exact same identity... so, being experienced with the windows nt
family I first said no, but I wanted to verify this to be true for
this scenario.. the scenario is not typical.
each server is supposed to be a domain controller but not additional
DCs in the same domain... but its fine and desired to have the actual
domain name be the same on each server... the 2 servers will not be
completely isolated from each other however, they will need to
synchronize a file share (using third party software most likely)
so bottom line is I'm wondering if the windows indentity element will
be an issue here? I can't sysprep the new machine to regenerate new
SIDs because it is already a domain controller...
serverA and locationA - named ServerA and is one and only DC for AD domain
MyDomain. This server houses a master file share that needs to be replicated
to another server at another location (WAN connection).
serverB at locationB - named ServerB and should be one and only DC for
AD domain MyDomain (yes, same domain name but not supposed to be
additional DC for the other 'MyDomain' domain)
can I essentialy duplicate this harddrive and just rename the computer
and change IP info (which is supported in the 2008 AD) and still be
able to replicate a file share between the two? I realize this would
be out of the question if your goal was creating an addition DC in the
same domain, or if these servers were supposed to interact on a LAN as
peers... and I also assume it can't/shouldn't be done for my scenario
either but I'm just wondering if the fact that they will be isolated
from each other except for the file share replication, which further
will be done by 3rd party softeware (not DFSR for example), changes
anything? Each will be behind a firewall on seperate network
segments...
James
2009-02-23 17:18:04 UTC
Permalink
thanks for the reply Meinolf,

the problem is the domain\user info is stored in a config file in the file
share that needs to be replicated to each location... so essentially this
file share (an MDT deployment share) will be exactly the same at all
locations and therefore the same domain\user info will be used at each
location for the deployment process (what I'm refering to here is besides
the file replication process, which would be a different credential, but
using same domain name also)

I have already let the persons asking about breaking the mirror to speed
setup know that I would rather setup manually just because there are some
unkowns and potential issues... but as you said, even If I do manual setup
and use same domain name the machines will not be able to comunicate to sync
the file share?

this is a problem because the domain\user supplied for the MDT deployment
process *has* to be the same at each location.... unless the file
replication solution I get has a way to exclude only certian files from
being replicated and then I can replicate the whole share except for this
one config file, which I could keep unique for each site with unique user
credentials... and each site would be a DC for a different domain, including
different domain name...

any other thoughts would be appreciated. (including any recommendations on
third party folder/file synchronization software)
thanks
Post by Meinolf Weber [MVP-DS]
Hello James,
I also can not understand why you need 2 forest/domains with the same name
and without redundancy through a second DC.
With the technical view, yes you can use one of the mirrored disks and
create a second machine as an equal copy. You can also rename it.
For the replication between both of them you have to configure a
connection and you have to provide logon information. I think at this
point your problem will start. For the logon information you have to use
domainname\username and i am not sure if this will work when both are the
same. Domain name and NetBios name have to be unique to create
connections.
You can also install 2 machines together and choose exact the same steps
and have the same result at the end with different SID and what you like,
the same forest/domain name. But still the connectivity problem should stay.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by James
a windows server 2008 sp1 server configured as a domain controller,
the one and only DC in the forest, its running DHCP/DNS/WDS and hosts
a distribution and deployment share for MDT 2008
I need to setup another server at another location with the exact same
config. I have been asked if we could just break the raid 1 array and
send the hard disk to the other location to insert in the other server
(same hardware) and then rebuild the arrays at both locations to speed
setup. Obviously this would result in 2 of the exact same servers with
the exact same identity... so, being experienced with the windows nt
family I first said no, but I wanted to verify this to be true for
this scenario.. the scenario is not typical.
each server is supposed to be a domain controller but not additional
DCs in the same domain... but its fine and desired to have the actual
domain name be the same on each server... the 2 servers will not be
completely isolated from each other however, they will need to
synchronize a file share (using third party software most likely)
so bottom line is I'm wondering if the windows indentity element will
be an issue here? I can't sysprep the new machine to regenerate new
SIDs because it is already a domain controller...
serverA and locationA - named ServerA and is one and only DC for AD domain
MyDomain. This server houses a master file share that needs to be replicated
to another server at another location (WAN connection).
serverB at locationB - named ServerB and should be one and only DC for
AD domain MyDomain (yes, same domain name but not supposed to be
additional DC for the other 'MyDomain' domain)
can I essentialy duplicate this harddrive and just rename the computer
and change IP info (which is supported in the 2008 AD) and still be
able to replicate a file share between the two? I realize this would
be out of the question if your goal was creating an addition DC in the
same domain, or if these servers were supposed to interact on a LAN as
peers... and I also assume it can't/shouldn't be done for my scenario
either but I'm just wondering if the fact that they will be isolated
from each other except for the file share replication, which further
will be done by 3rd party softeware (not DFSR for example), changes
anything? Each will be behind a firewall on seperate network
segments...
Meinolf Weber [MVP-DS]
2009-02-23 19:27:59 UTC
Permalink
Hello James,

If you need the same domain\username make your life easy and install an additional
DC in the domain with the same software setup. Ofcourse you need connection
between them to replicate AD but you have one to copy the data so not a problem.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by James
thanks for the reply Meinolf,
the problem is the domain\user info is stored in a config file in the
file share that needs to be replicated to each location... so
essentially this file share (an MDT deployment share) will be exactly
the same at all locations and therefore the same domain\user info will
be used at each location for the deployment process (what I'm refering
to here is besides the file replication process, which would be a
different credential, but using same domain name also)
I have already let the persons asking about breaking the mirror to
speed setup know that I would rather setup manually just because there
are some unkowns and potential issues... but as you said, even If I do
manual setup and use same domain name the machines will not be able to
comunicate to sync the file share?
this is a problem because the domain\user supplied for the MDT
deployment process *has* to be the same at each location.... unless
the file replication solution I get has a way to exclude only certian
files from being replicated and then I can replicate the whole share
except for this one config file, which I could keep unique for each
site with unique user credentials... and each site would be a DC for a
different domain, including different domain name...
any other thoughts would be appreciated. (including any
recommendations on
third party folder/file synchronization software)
thanks
Post by Meinolf Weber [MVP-DS]
Hello James,
I also can not understand why you need 2 forest/domains with the same
name and without redundancy through a second DC.
With the technical view, yes you can use one of the mirrored disks
and create a second machine as an equal copy. You can also rename it.
For the replication between both of them you have to configure a
connection and you have to provide logon information. I think at this
point your problem will start. For the logon information you have to
use domainname\username and i am not sure if this will work when both
are the same. Domain name and NetBios name have to be unique to
create connections.
You can also install 2 machines together and choose exact the same
steps and have the same result at the end with different SID and what
you like, the same forest/domain name. But still the connectivity
problem should stay.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by James
a windows server 2008 sp1 server configured as a domain controller,
the one and only DC in the forest, its running DHCP/DNS/WDS and
hosts a distribution and deployment share for MDT 2008
I need to setup another server at another location with the exact
same config. I have been asked if we could just break the raid 1
array and send the hard disk to the other location to insert in the
other server (same hardware) and then rebuild the arrays at both
locations to speed setup. Obviously this would result in 2 of the
exact same servers with the exact same identity... so, being
experienced with the windows nt family I first said no, but I wanted
to verify this to be true for this scenario.. the scenario is not
typical.
each server is supposed to be a domain controller but not additional
DCs in the same domain... but its fine and desired to have the
actual domain name be the same on each server... the 2 servers will
not be completely isolated from each other however, they will need
to synchronize a file share (using third party software most likely)
so bottom line is I'm wondering if the windows indentity element
will be an issue here? I can't sysprep the new machine to regenerate
new SIDs because it is already a domain controller...
serverA and locationA - named ServerA and is one and only DC for AD domain
MyDomain. This server houses a master file share that needs to be replicated
to another server at another location (WAN connection).
serverB at locationB - named ServerB and should be one and only DC for
AD domain MyDomain (yes, same domain name but not supposed to be
additional DC for the other 'MyDomain' domain)
can I essentialy duplicate this harddrive and just rename the
computer and change IP info (which is supported in the 2008 AD) and
still be able to replicate a file share between the two? I realize
this would be out of the question if your goal was creating an
addition DC in the same domain, or if these servers were supposed to
interact on a LAN as peers... and I also assume it can't/shouldn't
be done for my scenario either but I'm just wondering if the fact
that they will be isolated from each other except for the file share
replication, which further will be done by 3rd party softeware (not
DFSR for example), changes anything? Each will be behind a firewall
on seperate network segments...
Continue reading on narkive:
Loading...