FailOver Best Practices


When upgrading and migrating to Windows 2003, unforeseen failures can occur requiring administrators to recover the Windows 2000 domain. The following sections touch on several areas to assist in addressing failed upgrades and issues when migrating. Best practices describe how to proactively recover from any problems should they arise and how to roll back after one upgrade to a domain controller fails.

Backing Up Active Directory

Whenever working with a domain controller and Active Directory, it is a good practice to back up the system state of the domain controller whether you are migrating, upgrading, or performing maintenance in preparation for a server upgrade.

To back up Windows Active Directory, back up the system state of the domain controller. In this scenario, you will learn how to back up the system state data using the Windows Backup Wizard from a command prompt on the Windows 2000 domain controller.

To begin the backup process, log on to the server with the domain administrator account.

Open the command prompt by selecting Start, Run and typing command . Click the OK button to open the command prompt and follow these steps:

  1. From the command prompt, type ntbackup and press Enter. Select the Advance Mode option and select Backup Wizard (Advanced) to continue.

  2. On the Backup Wizard screen select Next to continue.

  3. On the selection screen, select Only Backup System State Data.

  4. On the Where to Store Backup selection, choose File and select a backup location located on a different server than the domain controller being backed up.

  5. In the backup Media or File Name selection, enter the path and filename to be backed up to. Select Next to continue.

  6. This will launch the Completing the Backup Wizard screen; verify that the Prompt to Replace data is listed and click Next.

  7. Click Next on the remaining screen and click the Finish option to begin backing up system state data.

Recovering from a Failed Upgrade

When upgrading domain controllers, especially a domain controller that holds the domain FSMO roles, it is important that you are prepared to recover these roles should the upgrade fail. Should the upgrade of the FSMO Role holder fail, you can seize these roles to another domain controller on the domain.

To recover from this scenario and still end up with the same results, you with a little time can seize the FSMO roles to an addition Windows 2000 domain controller. Install the failed server with the fresh installation of Windows 2003 and transfer the roles to the new Windows 2003 server. This process will work fine to recover the failed domain controller upgrade.

To seize and transfer FSMO roles between domain controllers, use the NTDSUtil Utility built into the Windows 2000 and Windows 2003 operating systems.

In the scenario, the FSMO Roles will be seized to an additional Windows 2000 domain controller restoring domain functionality. To finish seizing the roles, complete the following:

  1. Begin by opening a command prompt on the Domain Windows domain controller where the roles will be placed.

  2. From the command prompt, type NTDSUTIL and press Enter. This enables you to enter the NTDS utility mode on the domain controller.

  3. At the NTDSUTIL prompt type roles and press Enter to continue.

  4. Next type Connections and press Enter; this connects the NTDSUTIL to the specific domain controller.

  5. Next type Connect to Server DC01@ CompanyABC .com (where DC01 represents the fully Qualified Domain Name of the domain controller that will house the roles). This connects to the specified server and prepares the authentication for the roles to be seized.

  6. Enter the command quit and press Enter. This command returns you to the FSMO Role maintenance screen.

  7. To begin seizing the roles to the new FSMO Role master, type the command Seize Domain Naming Master and press return. When prompted select OK to begin seizing the role.

  8. Repeat step 7 for the remaining four domain roles:

    • Seize Infrastructure Master

    • Seize PDC

    • Seize RID Master

    • Seize Schema Master

When Seizing Roles in Child Domain...

When seizing roles in child domain, only seize the PDC, RID Master, and Schema Master roles.


Once completed, verify each role's placement and review the server logs to determine if any issues have occurred as a result of seizing the roles.

Planning and Avoiding Network Downtime

One of the biggest challenges you face when upgrading is avoiding network downtime if problems arise. This section provides some insight to common practices and simple tricks to ensure that domain authentication and name resolution are available quickly should a failure occur.

One of the very first areas to consider is redundancy of vital network services. These services are configured with Active Directory and can be redundant to avoid client/server communication issues should an upgrade of a domain controller fail.

One of these services is the DNS service, which provides domain name resolution for the Active Directory domain begin upgraded. Before upgrading the domain controller with the primary Active Directory DNS services, you should install an additional Active Directory DNS server and allow replication to complete before upgrading.

To Export the DHCP Service Database and Configuration Information...

To export the DHCP service database and configuration information, see the "Migrating DHCP to Windows 2003" section in this chapter.


One other major service is the DHCP service; you can easily export all DHCP server information to a stored network location to be recovered easily.



Microsoft Windows Server 2003 Insider Solutions
Microsoft Windows Server 2003 Insider Solutions
ISBN: 0672326094
EAN: 2147483647
Year: 2003
Pages: 325

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net