How do we keep Active Directory resilient across multiple sites?

Posted by Alistair Bell on Server Fault See other posts from Server Fault or by Alistair Bell
Published on 2010-05-18T22:24:57Z Indexed on 2010/05/18 22:31 UTC
Read the original article Hit count: 362

I handle much of the IT for a company of around 100 people, spread across about five sites worldwide. We're using Active Directory for authentication, mostly served to Linux (CentOS 5) systems via LDAP.

We've been suffering through a spate of events where the IP tunnel between the two major sites goes down and the secondary domain controller at one site can't contact the primary domain controller at the other. It seems that the secondary domain controller starts denying user authentication within minutes of losing connectivity to the primary.

How do we make the secondary domain controller more resilient to downtime? Is there a way for it to cache the entire directory and/or at least keep enough information locally to survive a multi-hour disconnection?

(We're all in a single organizational unit if that makes any difference.)

(The servers here are Windows Server 2003; don't assume that we set this up correctly. I'm a software engineer, not an IT specialist.)

© Server Fault or respective owner

Related posts about active-directory

Related posts about best-practices