Sunday, April 1, 2018

windows server 2008 - Procedure for rebooting Domain Controllers?



We have several servers running as Domain Controllers, "DC01", "DC02", and "DC03". For some reasons, we need to reboot them.



Is there a specific procedure to follow?



Additional info: "DC01" currently holds all FSMO roles. Should I transfer the roles to another DC before rebooting it?




More information: DC01 is Windows 2008 Enterprise. DC02 and DC03 are Windows 2008 R2 Enterprise.


Answer



No need to stagger reboots. Active Directory, being a multi-master system, can sustain any order of domain controller reboots.



As for safety and redundancy, it is nice to have roles spread across different DCs, so consider that for a future project. However, that won't be a consideration for reboots.



EDIT



To address the following comment:





I read somewhere that transferring FSMO Roles, although not necessary,
might be a 'defensive move', just in case the server somehow failed to
be back up. (Thus, reboot DC02 & DC03 first, transfer the role, then
reboot DC01).




I think that it makes sense from a strictly theoretical point of view. A domain controller with all FSMO roles that goes sneakers up is a horrifying thing to endure. However, in practice, I see two problems:





  1. A server should not be thought of like a tumbler of nitro glycerine on the back of an epileptic lemur. If preparing to reboot your server causes dizziness, gives you a dry mouth, and otherwise makes you want to start abusing household cleaning products, then the solution is not to start moving FSMO roles, but rather to get your server into a state of health that makes you comfortable with rebooting it. Well managed servers are robust things that can be rebooted with impugnity.

  2. Moving FSMO roles, while as technically simple as a few mouse clicks in an MMC, isn't such a lighthearted thing that would cause one to play a rousing game of "FSMO, FSMO, who's got the FSMO!" for every Patch Tuesday (which coincidentally precedes "Career Change Wednesday").



In short, don't move FSMO roles except to practice good systems engineering tenets. Unless your server room is full of lemurs. In which case, hey... lemurs!


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...