hi all, just wondering if you guys could clear a few things up for me, I have recently taken over as net admin for a small company, they are moving premesis, and after listening to what they want in way of file access / logons etc, have decided AD is the way to go. now, i have set up a PDC, and its hadling logons to the domain, dns, group policies etc etc very niceley, the only thing that is irritating me, is that in a windows 2000 network that i helped admin for a short while, we had a PDC and a BDC, so that is the PDC went down, the BDC would handle all AD requests. now am i missing something here or just being totally stupid, but there is no BDC option in windows 2003 server, if i want to have a backup, do i have to use a windows 2000 server based machine, or will 2 windows 2003 PDC's be fine. (if one goes down the other takes over?) thanks in advance. matt Johnson 'like german tourists the stupid are everywhere' - rimmer, red dwarf

Hi, Actually in Windows 2000 there where no PDC or BDC, that was back in NT. What you probably had was 2 domain controllers. That kind of configuration is recommended and pretty easy to setup. The first thing you need is a DC (that you already have), next get a 2nd server, install Windows 2003 on it. Them run dcpromo to promote it to DC and just select the option 'additional DC to an existing domain'. It will sync AD in both computers, thus giving you fault tolerance.

have allready done that, seems to work, just wondered what the advantages of having say an NT bdc are as opposed to windows 2003 PDC's?? cheers for the reply anyway, one and for all cleared something up that was bugging me :) regards, Matt Johnson 'like german tourists the stupid are everywhere' - rimmer, red dwarf

Sorry, just something i forgot in that last response. i also thaught that there were no BDC's in windows 2000, yet in one of the properties tabs somewhere, maybe in my computer properties on the networking tab or something, one said 'primary domain controller' and the other one said either 'backup domain controller' or 'secondary domain controller' and they were both definatley windows 2000 server. cheers again, Matt Johnson 'like german tourists the stupid are everywhere' - rimmer, red dwarf

ok, the thing is that in a Windows 2000 domain you have 2 modes. The native mode, if you only have win2000 DC's that gives you all the features of Win2000 (like universal groups) and you also have mixed mode, to use if you have win2000 DC's and NT DC's. In the last case, the win2000 DC uses PDC emulator so that it works like a PDC for the NT DC (they will become BDC's). (uff..) 2nd, (this will get more nasty) in a win2000 Domain if you have 2 DC's (like in your case) there will be actually a primary DC and a secondary DC, this happens because that multiple DC in win2000 domain can have different roles. Meaning that a specific DC can handle the Global Catalog, or Kerberos Authentication. In your case (i think) the 1rst DC has all the roles (it is like this unless you tell otherwise), making him the primary DC. Hope that helped!!

ahh, that clears a few long unanswered questions up. cheers, will go into work tomorrow happier with having two windows 2003 domain controllers :P 'like german tourists the stupid are everywhere' - rimmer, red dwarf