How To Setup An Additional Domain Controller For DR (WAN) Deployments Of Neverfail Continuity Engine

How To Setup An Additional Domain Controller For DR (WAN) Deployments Of Neverfail Continuity Engine

Summary

This KB article provides information on how to setup (create) a new Domain Controller at the DR site when Neverfail Continuity Engine will be deployed in a DR (WAN) topology.

More information

When the servers composing the Neverfail cluster are deployed in a DR (WAN) topology they will sit in different subnets. If a disaster would impact the entire primary site, resulting in the loss of the Primary server and the domain controller at the primary site, Neverfail Continuity Engine can failover to DR machine (Secondary or Tertiary) but without a Domain Controller (and DNS) available, the DR machine might not be able to continue to provide service. For full redundancy, Neverfail recommends that a second Domain Controller is created at the DR site and replication from the first domain controller at the primary site is configured.

Procedure

First you will need build a server in DR site. Then add a server to domain.

In this guide I’ll be presuming you’ve got a fresh Server 2016 install, have a Static IP and have added it to the domain. If you’ve added your Server to Server Manager, you will be able to do all of this remotely by going All Servers, Right click on your server and go Add Roles and Features.

Additional Domain Controllers Setup

On the Server you want to add, open Server Manager and click on Add roles and features.


  1. Click Next until you’re on Server Roles and tick Active Directory Domain Services
  2. Click Add Features on the box that pops up
  3. Now, Click Next until you’re on the Confirmation page then click Install.
  4. After it’s complete, click on Promote this server to a domain controller.


The Active Directory Domain Services Configuration Wizard will pop up, follow these steps.

  1. Make sure Add a domain controller to an existing domain is checked and that the domain name is correct. Click Next.
  2. Type in your DSRM password and click Next.
  3. Ignore the DNS Delegation Warning, click Next until you’re on the Prerequisites Check page and then click Install.

The server will restart after a minute and you’ll have a second Domain Controller now up and running. You can shut down your old Domain Controller and try to log in to a client computer to test if the new Domain Controller is working (Remember, DHCP is still only running on the old Domain Controller).

The Second step :

Enable immediate replication between AD sites

Active Directory has 3 replication models:

  1. Within a site (Intrasite) the domain controllers use Change Notification to alert adjacent dc’s of changes made in AD. By default, after 15 seconds the first replication partner is notified and 3 more seconds to each subsequent replication partner.
  2. Between sites (Intersite) Change Notification is not used. Replication only happens on a schedule with every 15 minutes as the shortest configurable interval.
  3. Account lockout, changes to password policy, DC password changes and a few other situations trigger urgent replication which happens as quickly as the domain controllers are able and bypasses all other replication interval.

The intersite replication can however be configured to use Change Notification and this will bypass the replication schedule of the site link and replication will occur as if the domain controllers were in the same site. This does of course increase the traffic of you WAN link so make sure you have the bandwidth and latency to handle it.

How to enable immediate replication

The procedure is slightly different for automatically and manually changed sitelinks

  1. Open ADSIEDIT
  2. Connect to Configuration Naming Context
  3. Expand Sites –> Intersite Transport –> IP
  4. Right-click the relevant sitelink and select properties
  5. Change the value of “options” to 1

  1. Open ADSIEDIT
  2. Connect to Configuration Naming Context
  3. Expand Sites –> (The site name) –> Servers –> (Servername) –> NTDS Settings
  4. Right-click the relevant sitelink and select properties
  5. Change the value of “options” to 8
  6. Repeat for every manually configured sitelink (if desired)

That’s all there is to it. Changes in AD will now flow as if the domain controllers are within the same site.


    • Related Articles

    • How to Stretch LAN to WAN in Neverfail IT Continuity Engine in a Primary - Secondary Configuration

      Summary This Knowledgebase article describes how to stretch a Neverfail IT Continuity Engine LAN environment to a WAN by relocating the Secondary server. Note: This Knowledgebase article applies to all versions of Neverfail IT Continuity Engine (7.x) ...

    • Neverfail IT Continuity Engine v8.0 - Release Notes

      Summary This Knowledge base article provides information about this specific release of Neverfail IT Continuity Engine v8.0 More Information Supporting Documentation A listing of technical documents supporting this version of Neverfail IT Continuity ...

    • Continuity Engine Product Architecture

      Learning objectives At the completion of this session, you should be able to: Identify major components of the Neverfail Continuity Engine product architecture. Describe major component configuration. Identify advantages of the Neverfail Continuity ...

    • Neverfail IT Continuity Engine v7.1.2 - Release Notes

      Summary This Knowledgebase article provides information about this specific release of Neverfail IT Continuity Engine v7.1.2 Overview This release of Neverfail IT Continuity Engine is a patch release that applies to Neverfail IT Continuity Engine ...

    • Neverfail Continuity Engine Networking Configuration

      Summary This Knowledgebase article provides information about Neverfail Continuity Engine v8.0 networking and network configuration.  More information Networking Configuration Networking requirements are contingent upon how Neverfail Engine is to be ...