[adamsyarajr]

Hi Guys,
I am so much grateful to forum members who contributed to my problem on the USB detection.
I have this problem again and Iam looking for help. My network uses a primary domain server that is running win 2000 advanced server. This server also functions as the File and Print server, and 5 five network printers are connected to it. I have configured a backup server which is also running win 2000 advanced server. I then connected the backup server to an isolated network using a switch and created a domain on it with the same name as the primary domain. Now, I want to move the users and groups on the primary domain to the domain on the backup server. Please can anyone help me on how to do this. Thanks so much. Adams.

[Advertisements]

wait a minute....what are you doing all this for? And when you say backup server, do you mean backup server as in you had a nother machine laying around, or was this actually a backup domain contoller running concurrently?

What is your ultimate goal here? Are you decommissioning the primary server? Why did you name the two domains the same name?

[gerryf]

wait a minute....what are you doing all this for? And when you say backup server, do you mean backup server as in you had a nother machine laying around, or was this actually a backup domain contoller running concurrently?

What is your ultimate goal here? Are you decommissioning the primary server? Why did you name the two domains the same name?

[adamsyarajr]

wait a minute....what are you doing all this for? And when you say backup server, do you mean backup server as in you had a nother machine laying around, or was this actually a backup domain contoller running concurrently?

What is your ultimate goal here? Are you decommissioning the primary server? Why did you name the two domains the same name?

We are trying to implement a business continuity plan. We are configuring a backup server so that users can connect to it and continue work instantly assuming a disaster struck. We therefore do not want to create another domain which will force us to create all users on it again.

Edited by adamsyarajr, 25 January 2006 - 09:28 AM.

[gerryf]

So why are you not setting up a secondary (often called backup) domain controller, then?

The secondary domain controller acts as a backup to the primary when the primary goes down, and can be promoted to primary should the primary need replacing.

What you describe is exactly why there are secondary domain controllers...the two run concurrently and update the active directory database are automatically replicated to the backup...the only difference is the backup domain controller database is read only. You would have to promote it if the primary is expected to be down for any length of time.

What it sounds like your doing is awkward...and restoring your network to oeprating in the event of a crash could be ugly/difficult/impossible if the primary is totally hosed since the primary wouldn't be accessible...

About the only thing that makes sense in the way you are trying to go about it is if it is a licensing issue--ie, you are trying to avoid purchasing windows server again.

If that is the case, you might consider a different alternative, like perhaps mirroring the harddisk on a regular basis, and swapping the drive into an identical hardware system--but that would require downtime (couple minutes to swap the drives....

Does that make sense?

[adamsyarajr]

I believe you are leading us somewhere. However, our backup server will not be connected to our network. We just want to create a replica of the primary domain on it and then move it to an offsite location. Will that be possible?
We are also considering making a backup of the WIN directory of the primary domain and then restore it on the backup server.
I want to know whether this can move all the users and groups from the primary to the backup server?

Edited by adamsyarajr, 26 January 2006 - 03:21 AM.

[gerryf]

well, crap. let's back up for a second...there is one and only one domain controller on this network?

It does file and print serivng and is the domain controller

Does it do DHCP? WINS? DNS?

Active Directory info is stored in the system state, so when you do a backup, you would back up the system state....to restore the system state to another machine, I guess you would use the backup on a different machine, start in Directory Servcies Restore Mode, log in as administartor, the start the backup utility....

I do not think you do what you've done..ie, create an identical domain and hope to drop a file or folder somewhere. I think the Directory Services restore will do that for you.

I have never done this (moving from one machine to another).

This process would restore active directory, but it would not restore other things like file , print, dhcp, dns, wins, etc data.

There are books on this subject and each requires it's own step.

That said, start with the above process...make a backup on the primary server, then try a directory services restore on the other server and see if it at least goes that far. The rest we can work on later.

I wonder if the two machines have to be identical or not

[dsenette]

i'm with gerry on this one...it is possible to transfer the entire domain structure to another macchine...you named the domain the same....but...it's not the same domain..there's different SIDs GUIDs and all that jazz...so it's not the same domain...sooo you'd basically be transfering across domains...which i have no idea how to do...and at one point...in my company we investigated doing it..and getting an outside consultant to do it would cost somewhere around 60,000 to 100,000 dollars.....IF you're wanting full off site disaster recovery...you should have a direct network link between the two sites...and have the other server as a BDC so that it does real time replication of all the domain settings....and...if you are set up as i think you are....(only one server doing EVERYTHING)...you should be planning for disaster recovery alot harder...because having all that sstuff on your DC is a bad idea

[gerryf]

Thanks that states things better than I did...

It sounds, ultimately, like you are trying to do this on the cheap and that is dicey. I think you will be able to accomplish some of these things as we're discussing, but it will not be a quick turnkey solution where people will be up and running again quick.

The offiste server with a replication to a backup domain server is the way to go

[dsenette]

just as an adendum.....if you have the system with a DC and then a BDC....under the windows 2000 active directory structure (and windows 2003)....if the DC fails the BDC automatically becomes the DC because in the current AD model there is no such thing as a true NT4 BDC...all domain controllers are assumed to be primary though only one occupies that role at any given moment...

[dsenette]

also...in review of your question (sorry...i'm a large scale AD network dork so things just come to me)....you could make that seperate domain a Child of the original domain...with a full transitive two way trust...which would allow the second domain to have permissions in the first domain and vice versa....technically it's still a different domain...but it would (in theory) make a domain copy easier.....but...as said before....having everything within the same domain is your best option

[gerryf]

Are your sure on the dcpromo? I thought that was implemented in server 2003, but in 2000, you still needed to run dcpromo...

Additionally, even in 2003, while each domain controller shares equal responsibility, there are certain operation modes that are performed once per domain. the Domain controllers wil automatically designate these roles, but sometimes you want to designate a specific DC for these roles for whatever reason (security, easy access, backup). Relative ID masters, PDC emulators for mixed mode domains, insfrastructure master, schema masters, domain name masters...

right back atcha ad network dork

[dsenette]

well....if i get what you mean by the DCpromo question....to make the machine a DC of any kind you have to run DCpromo to start with...but when configured correctly (i.e. when you dcpromo a machine to make id a dc...whether that be a dc or an emulated bdc)...then you shouldn't have to initiate any kind of operations to have your second DC take over the reins...granted the box has to be set up as a dc...and during the setup it has to be setup in a way that it knows it's not the only dc on the system....but it shold take over completely on it's own (mine does far darned sure...)

and of course...the operation modes make a big difference...but...those ops modes are mainly for non DC servers....as...in a properly configured network...your dc (and bdc) should only be doing dc stuff...such as dhcp, dns, wins replication, global catalog replication...etc....deffinitely not print sharing, file serving, and the like

[gerryf]

machine to make id a dc...

ah, no...sorry, I was just using shorthand and forgot that was the command to make a domain controller (slaps head)

....I must be thinking back to winnt days...thought you had to designate a primary controller on a win 2000 network like in win nt....thought the changes you are discussing were added with server 2003...

as for the rest....you must work for a nice IT department if you can dedicate machines for all that...most guys are working on shoestring budgets

[dsenette]

no...once they instituted AD they got rid of the whole BDC architecture.....so in 2000...all flavors past pro....when you first build the domain you set the first one up as the only dc in the system..and each new dc get's set up as a partner...(there's a selection that says this is an aditional controller) which automatically sets it up as a replication partner....

and...yeah i've got a pretty decent setup....2 dcs, one running my symantec server and script logic, a print and fax server, an exchange server, a linux proxy box, a proprietary software server for document management (MQ1), two file servers and a timeclock server..pix firewall, barracuda spam firewall, barracuda spyware firewall,,,all that jazz...hehe loud room indeed

[adamsyarajr]

I thank you all so much for your various contributions to my problem. I was out of the office and I just came to find pretty number of contributions. I really needed to go through all your contribution into detail and will get back to you on which options I understood and can apply to solve my problem. I will seek for further clearifications if need help.