In NT 4 there is a BDC for the user to log on in case the pdc die off.

How about in WIN 2k , if I want the same concept to have a second server
actting as a DC to authenticate the logging on process when the first DC die
offf.

1. What should I do ?

2. How should I design my two DC DNS name space if my first root DC
domain name space is :"abc.com"

In a Windows 2000 domain there is no primary or backup domain controller.
All domain controllers are equal. They can all handle user authentication.

So as long as you have 2 or more domain controllers running there is nothing
that you have to do.

I would advice you to do more research of Windows 2000 Active Directory to
gain a better understanding of Windows 2000 domain controllers and how they
operate.




"Antonia Jasper" <Antonia_jasper@yahoo.com> wrote in message
news:emv#FRi9DHA.3816@tk2msftngp13.phx.gbl...

Hi conrad,

I'm puzzle how to confirgure my second DC.

should i place it under the child domain of my root domain
(abc.com)

My orgainstaion is very small only about 50 user. I don't think it is
necessary to have another domain tree.

I 'm just wonder If my root doamin die off then what will happen to those
child domain under it.

Can my worksation still be able to log on if I initially configure all
workstation to log on to the root domain.



"Conrad Lawes" <conrad_lawes@hotmail.com> wrote in message
news:%23UNhD9j9DHA.2524@TK2MSFTNGP11.phx.gbl...

There is no reason to create a child domain especially in a small
organization. All your domain controllers can join the root domain.


"Antonia Jasper" <antonia_jasper@yahoo.com> wrote in message
news:Oo%23IhHo9DHA.2028@TK2MSFTNGP10.phx.gbl...

Hi conrad

So am I right to say

If my first dc FQDN is (dc1.abc.com) then the second dc FQDN should be
(dc2.abc.com).

Which DC should I create my user account info and configure my client to log
on ?

"Conrad Lawes" <conrad_lawes@hotmail.com> wrote in message
news:er7xgap9DHA.1052@TK2MSFTNGP12.phx.gbl...

"Antonia Jasper" <antonia_jasper@yahoo.com> wrote in message
news:une2R5p9DHA.2696@TK2MSFTNGP10.phx.gbl...
Whatever DC you like, replication will duplicate the user account onto the
other DC(s). The client will use DNS records to locate and logon to the
closest DC. Thats why its important to configure the DNS server for the
abc.com zone. How you distribute the DNS server's ip_address to clients
depends on how you are distributing ip_addresses. If a dhcp server and dhcp
scope is involved, specify the DNS in scope options.

The reason there is no need to create a child domain is because an
Organizational Unit (OU) is the equivalent of an NT4 domain.

Antonia,

Yes! You have it now. You have the abc.com domain / tree / forest ( as it
is the first domain in the forest it is called the forest root ) and the
FQDN of each computer account is going to be the computer name ( dc1 and dc2
in your example ) followed by the DNS name of the domain ( abc.com in your
example ). In essence, the most left 'name' is going to be the name of the
computer account and everything else is going to be the domain name. Put
another way - the computer account name is the name in front of the first
"." and everything else is the domain name.

You can create your user accounts on any DC in the appropriate domain. In
WIN2000 all domain controllers are created equally ( well, .... ). You can
sit down at dc1 and create 15 user accounts and then 20 minutes later sit
down at dc2 and create another 10 user accounts and all 25 user accounts
will exist.

Active Directory follows the Multi-Master mode; thus, there is no more
PDC/BDC concept like we had in WINNT 4.0 where the PDC had the only writable
SAM. In WIN2000 Active Directory the actual file is called ntds.dit and all
Domain Controllers 'synchronize' their ntds.dit database via Active
Directory Replication ( Intra-Site / Inter-Site ). Thus, if you created
the 15 users on dc1 and were to immediately sit in front of dc2 and look in
the ADUC you might not see those newly created 15 user accounts. Give it a
few minutes ( 15 minutes tops ) and those 15 user accounts would indeed be
there. Same goes for those 10 user accounts that you created on dc2.

You really would not need a child domain - unless there is something that
you are not telling us. To gain closure on this issue, let's just say that
there was a compelling reason for you to create a child domain ( say the
finance department wanted, no, demanded on having a strong password policy
but your other people were dead set against that as they would have a hard
time remembering the passwords ).

You would take a new WIN2000 Server and run dcpromo on it. Now, you would
do the opposite of what Conrad was suggesting: you would create a new dc in
a new domain. Again, remember that we are creating a child domain for the
sake of this example. When all was said and done, you would have something
like finance.abc.com as the child domain of abc.com. So, the FQDN of any
computer accounts ( including Domain Controllers ) would be
xxxxxx.finance.abc.com. Let's say that you called the Domain Controller in
this child domain 'Greed'. The FQDN would be greed.finance.abc.com.

Does this help you?

Cary


"Antonia Jasper" <antonia_jasper@yahoo.com> wrote in message
news:une2R5p9DHA.2696@TK2MSFTNGP10.phx.gbl...