You have a failed domain controller (i.e. replication failure) in your Active Directory domain that has some special services like DHCP, DNS, WINS, and probably some other important applications that are used in your organization. There are applications and clients that needs these services but you don't want users to use this failed DC even though it has to be online to serve other services. You can move these services to other servers but that will involve more work and more time. Here is a quick of turning the bad DC into backup domain controller.
In order to quickly recover and prevent users from going to this faulty DC. You can change the priority and weight for SRV records of the faulty Domain Controller (DC) in DNS so it becomes a backup domain controller. This will prevent desktops and users using this DC to authenticate against AD since it won't be advertising AD services in DNS.
Here are the steps to perform this operation.
On A Good DC:
1. Log in to DNS
2. Go to your domain's zone
3. Change _ldap, _kerberos, _gc (if this is also a Global Catalog server), _kpasswd reocrds' priority (higher value lower priority) and weight (higher value higher weight) to a value of 1 anywhere you find it under _msdcs, _sites, _tcp, _upd folders.
Perform the 3 steps above if replication is failing on faulty Domain Controller.
No comments:
Post a Comment