Hi, I was just checking PDC and ADC configuration using VMware. I have created 3 virtual boxes, 2 servers running windows 2003 and one client running XP. Server 1 (test.com) Running Windows 2003 – DC, DNS First Domain Controller IP:10.0.0.1 P.DNS:10.0.0.1 A.DNS:10.0.0.2 Server 2 (test.com) Running Windows 2003 – DC, Secondary DNS for AD integrated zone in Server1 ADC for Server 1 IP:10.0.0.2 P.DNS:10.0.0.1 A.DNS:10.0.0.2 Client 1 Client of doming – IP:10.0.0.100 P.DNS:10.0.0.1 A.DNS:10.0.0.2 Quest 1) Is the way I configured DNS on ADC correct? Quest 2) During the check – I have removed N/W connections to Server 1 and tried to ping to domain name test.com from XP system. It was pinging to Server1(10.0.0.1) and request timed out was coming !! Why it not pinging to ADC (Server2 -10.0.0.2) automatically? Once I cleared DNS cache – still it was not pinging, then I changed Primary DNS address to 10.0.0.2 and it started pining to 10.0.0.2 for test.com name. If primary DNS doesn’t respond it’ll query Secondary right? Why it doesn’t happen here? Do I need to convert secondary DNS on server2 to primary under this situation? Quest 3) After powering down Server 1 also users were still able to login to the domain, without any error. And I haven’t transfer any roles to Server 2 !! How it works? What are the issues we are supposed to face, If we leave it like this, without transferring any roles ? Quest 4) I have then powered on Server 1. From XP system logged on to domain – when checked logon server – it was showing Server2 – will it automatically changed to Server1 after some time? Please help me,,,,

Before I say anything else, I'm not sure what you mean with PDC and ADC. PDC is a windows NT term and while there is a PDC FSMO role in an AD environment, it's not the same thing as an NT PDC. I've never heard of "ADC" before. In an active directory environment you have DC's (domain controllers) and nothing else. Having said that, I'll try to answer your questions as well as I can. 1) It is, if you've forwarded the DNS on Server 1 to an external DNS server. This way, requests outside the local zone will be passed to the external DNS for resolution. Whenever I've created a domain, I've always found it best to let Windows take care of setting up DNS during the dcpromo process. 2) Ping is a simple tool. It doesn't get redirected automatically like a DNS request if/when the primary DNS server stops communicating. You see, that info is on the XP PC (or should be). By that I mean, it should have both DNS addresses in it's TCP/IP config. If the first fails, it knows to go try the second because the IP is in it's TCP/IP settings. In the case of a ping, you would have to manually ping Server 2. Ping does not use DNS. It's a direct tool and only pings the IP you enter with the command itself. 3) The client was probably using information cached locally on the PC. If you leave it like that, eventually clients will not be able to authenticate to the domain. Best to make a second DC into a "redundant" DC 4) I'm having a tough time figuring out what you're trying to do. IF Server 2 is configured as a redundant DC then clients will authenticate to it if Server 1 goes down. Will they swap back to Server 1 if it comes back up.....well, yes I guess so, if you logoff the domain and the log back on again. I suspect most, if not all, of these questions should be directed at your instructor.

Hi Curt, Thanks - sry for confusing you by using the team PDC, A Domain Controller running 2003 and an ADC running 2003 i ment to say, Thanks again -

There is that ADC term again. What do you mean by ADC? It's hard to answer your question without knowing what you want to do with the ADC thing. If you have two DCs in a domain, they are basically equal. As Curt said, there are the FSMO roles that are installed but they are still both DCs. If one is off line, the other will be contacted provided the clients are informed of them via their DNS settings. So when the first DC is down, there is no need to transfer the roles to the other DC to have it work, assuming it is a temporary condition. If the DC holding the FSMO roles will be gone permanently then the roles will need to be seized and put onto another DC. If the first DNS server is down, then the alternate should be contacted.

Hi, I have first installed Sever1 as a new domain controller, and Server 2 then with "Additional Domain Controller for an existing domain" option - i was mentioning this as ADC (Additional Domain Controller). If my first domain controller fails will Server 2 take over without transferring any of FSMO roles? I have powered down Server 1 - First domain controller. And when I tried to login to the domain. my XP was login in to domain without any errors. But I have all the FSMO roles in Server 1, and I have transferred anything to Server 2 please let me know,

To make my question simple and direct I have installed a DC – Let’s call it as DC1 I have installed a Second DC using (Additional Domain Controller for an existing domain controller option) – Let’s call it as DC2 Can anyone tell me 1) What are the FSMO roles running on DC1 and what are the roles running on DC2? 2) Which one will be GC by default? 3) If DC1 goes down, will DC2 take over automatically? Or do we need to transfer(seize) the roles to Dc2? If we need to transfer (seize) roles, which of the roles? 4) What about GC if DC1 goes down? Pleas help me out -

Ok, I've been specializing in networking the last 4 years so my Windows skills are rusting so forgive me I get something wrong.... 1) The first DC will by default have all FSMO roles unless you manually move some to the secondary DC. 2) Again, the first DC unless you put a copy of the GC on the secondary DC....which you will want to do if you want it to be a redundant DC (recommended) 3) What Glen said. If the clients a) know to contact it b) the secondary DC has been made redundant 4) Same as above. If you want your secondary DC to be able to authenticate users in the case of the first DC going down, you need to make it redundant. If memory serves me, as well as a copy of the GC, there may be a FSMO role or two you might have to move to the secondary DC. HOWEVER, as I said, my skills are rusting and I'm not about to go research for you, something you can research yourself. I highly recommend you go to microsoft's web site and research redundant domain controller or something like that until you find the exact info you need pertaining to this topic.