Domain Backup, Doing RAID
More Work On Reliability
By Jerry Pournelle
February 05, 2001
Last month's column looked at how I recovered from the disaster, and ended
with my promise that I'd tell you how to build some redundancy into
your Windows 2000 Domain Server network. In particular, I planned
to install a secondary backup domain controller, and mirror the main
drive on the primary server.
Those terms are inaccurate. Windows NT mandates one Primary
Domain Controller (PDC), then one or more Backup Domain
Controllers (BDC). If the PDC fails, you promote a BDC to PDC,
and all's well with the domain. Of course, if you have any data stored
on the PDC that would have to be backed up to be recovered, but all
your user accounts, desktop settings, preferences, privileges, and the
like would be safe.
If your PDC fails and there's no BDC, the result is chaos. As you've
seen here, even creating a new domain with the same name as the old
one doesn't do the trick. That's because in NT, the human-friendly
names (such as ChaosManor or Jerrynet, or the user names like RJP,
or the local computer names like Fergie and Princess) aren't what NT
cares about -- only the Security Identifier or SID, associated with the
domain, the computer names, the user and group names, etc., actually
matter. If you recreated everything, the SIDs for all the entities on
your NT network would be different, and it would be a bear to try
and sort everything back into working order.
With Windows 2000 Server, Microsoft moved away from the older
domain model into a directory-services model called Active
Directory. It was this change that really cut into Novell's prospects.
Before Windows 2000 Server, Novell had a big edge precisely
because of NDS, Novell Directory Service; that's what Active
Directory is supposed to accomplish.
You can think of Active Directory as a distributed, hierarchical
database, in which all "objects" -- users, computers, network shares,
print queues, and so forth -- reside. The real value of Active Directory
is that it lets you build very large networks with a complex
organizational structure. An administrator can be supreme in his own
area of the directory, but have no power over the resources of other
Under Active Directory there are no longer PDCs and BDCs. The
domain controllers are essentially peers. If a domain controller goes
down, there's no promotion/demotion necessary in order to keep
login and authentication services going for all the users. That's why I
wanted to bring another domain controller into my Active Directory
Besides having redundant domain controllers, I also wanted to ensure
against hard-drive failure in each of the servers -- since this is a small
network, I tend to use servers for more than one thing. Large
enterprises often have domain controllers set up to provide
authentication onto the network and little else. Here at Chaos Manor,
I also tend to put file shares, print queues, DHCP and DNS services,
etc., anywhere I have the capability of doing so.
RAID, or Redundant Array of Inexpensive Disks is a term you ought
to learn. You can find a good overview of RAID terminology at
www.raid-advisory.com/. The main thing to remember is that there
are two major families of RAID, hardware based and software based.
Anyone who has mission-critical data on a server, or services that
need data protection, should look into hardware-based RAID for the
hard drives on critical machines. Companies like Compaq, IBM, and
Sun all make servers with RAID controllers providing the different
flavors of hardware-based RAID 'behind the curtains, without the
overlying operating system having to do anything special.
Hardware-based RAID can also be very fast, often faster than
Hardware-RAID controllers and compatible disks (usually some
flavor of SCSI, or Fibre-Channel Arbitrated Loop (FCAL)) can be
fairly expensive. For smaller shops, software RAID can be a more
Software RAID services are provided by the operating system.
Windows NT, Linux, and Windows 2000 Server all provide one form
or another of software-based RAID capability (with other non-Linux
Unixes, like Sun Solaris, you use add-on utilities like Solstice
DiskSuite or Veritas Volume Manager). Seagate was kind enough to
supply an IDE drive (Barracuda 40 Gigabyte) identical in
configuration to the one currently installed in Imperator (the domain
controller) making it easy to test software-based RAID-1 (mirrored
disks) for the system. I installed the second drive in Imperator, and
then brought the machine back up to configure the RAID-1 mirroring
from Windows 2000 server.
To do software RAID in either NT or 2000 Server, you use the Disk
Manager utility to set it up. In NT, the Disk Manager can be found
under the Administrative Tools section of the Start Menu. In
Windows 2000 Server, you run the Computer Management utility,
and Disk Manager shows up as a sub-module underneath it.
Disk Manager saw both drives (labeled '0' and '1'), but when Roland
and I examined Disk Manager, we found that when we right-clicked
on the graphical representation of our primary system volume, there
wasn't an option to turn on RAID at all. Understanding that took
digging into Que's Special Edition Using Windows 2000 Server, an
excellent well-indexed reference source. Eventually, we discovered
that NTFS by default creates on installation a "Basic" volume.
Mirroring requires a "Dynamic" volume. The Disk Manager utility
gives the option of promoting basic to dynamic, but you have to know
to do that.
Later, I found a Microsoft Tech Note on this subject --
support.microsoft.com/support/kb/articles/Q175/7/61.ASP -- the gist
of which is that with Basic volumes, you can install another OS and
boot manager (such as Linux and LILO), and then dual-boot your
machine. That's fine for experiments, but this is a dedicated server (as
I suspect are 99 percent of present and future Windows 2000 Server
machines), and we didn't need that capability. It doesn't take long to
promote the volume to Dynamic.
Dynamic volumes give you more capabilities, including the ability (if
your hardware supports it) of expanding the filesystem to other drives
on the fly. The only disadvantage I've discovered is that you can't
multiboot Dynamic volumes. I can't think why I would want to boot
my Domain Server in anything but Windows 2000, so that is hardly a
Once we'd promoted the volume to Dynamic, lo! the next right-click
on it in Disk Manager showed the RAID option. Disk Manager was
smart enough to figure out that we probably wanted to do RAID-1
(which is the most common type of software-based RAID) mirroring
onto the unformatted drive we'd just added. We told it to do that, and
then observed as Windows 2000 Server first formatted the disk then
began mirroring everything over to the new drive. There was a nice
progress indicator in disk manager, and we timed mirroring a 40-GB
drive at just under 45 minutes.
If you mirror your boot drive in Windows 2000 Server, you must
create a boot disk so that if a drive blows out and it starts running off
the mirrored disk, you can close down the server to put in a fresh
drive, reboot it off the mirrored drive, and then go through the
procedure with Disk Manager again to re-mirror everything onto the
replaced drive. It seems silly to have to boot off floppies in the 21st
Century, but there's nothing for it with Windows 2000 Server. The
procedure for creating the boot floppy can be found at
A Redundant Controller
After we got the drives mirrored on Imperator, the next step in
eliminating single points of failure on the Chaos Manor network was
to bring up another domain controller. It takes awhile, but the process
is pretty straightforward.
Most of the time will be spent waiting for Windows 2000 Server to
install. If you've read my recent column on bringing up Windows 2000
Server, you'll remember that a lot of trundling and several reboots are
required during the installation process. An odd facet of this
procedure is that Windows 2000 Server really doesn't ask you any
relevant questions about your Active Directory architecture and the
server's general configuration until -- after -- all that trundling has
The moral is to be patient. Start the installation process, find a good
book to read, and wait. After all the files are copied, the Server
Configuration Wizard will appear and will guide you through the basic
steps of configuring your new Windows 2000 Server.
In our case, the most relevant question was the one asking us which
type of server the new machine, which I'd named Creon (I'd had a
previous NT Server machine named Creon, and since the "backup"
domain controller we were building was intended to enforce the
ancient laws, I named the new machine after its venerable
predecessor), was to become. We told it that this server was joining
an existing Active Directory forest (see
or consult the Que Special Edition cited for more detailed information
on the steps involved), which tree in that forest to join, and then the
context within that tree that contained the objects for the Chaos
Manor network. We then told the Wizard to make this machine a
domain controller, and after one final reboot, we were done. Pretty
painless, actually. Creon has an 80-gigabyte Maxtor hard drive; when
I get another I'll mirror it too.
Besides adding another domain controller, I also wanted some
redundancy in other services necessary to a healthy network --
DHCP (this lets all the workstations -- you should never configure
servers via DHCP -- dynamically get their individual IP addresses and
other vital configuration information), DNS (used to map IP addresses
to human-sounding names, and Active Directory (uses DNS rather
than the older WINS for name resolution). This required a bit of
forethought, but once we'd figured out what we wanted to do, setting
it all up was pretty easy.
Because this is a private network, connected to the Internet via my
trusty Linux-based Netwinder communications server from rebel.com,
I use a special range of IP addresses designated for this sort of
configuration, and use Network Address Translation or NAT, on the
Netwinder to translate those private addresses into the IP address
assigned to me by my ISP.
Because I'm set up this way, I run DNS internally for Chaos Manor
on Imperator, and then have Imperator ask the Netwinder to look up
external addresses on the Internet. All the machines at Chaos Manor
are set up this way; the drawback is that if Imperator goes down, they
don't know how to resolve DNS names into IP addresses.
Microsoft's DNS service for Windows NT was pretty primitive;
nobody much used it, preferring instead to use Bind running on Unix
machines of one flavor or another to provide DNS mappings. I still
recommend using Bind on a Unix box for anything connected to the
public Internet, but for a private network using Windows 2000
Server, the Microsoft DNS service has improved to the point where
it's Good Enough.
Indeed, because Active Directory uses Dynamic DNS (DDNS, see
www.labmice.net/networking/DNS.htm for more info) to maintain
name-to-address mappings in the Active Directory database, it's in
many cases much easier to use Microsoft's DNS service to handle this
function for the Microsoft portion of your network. Recent versions of
Bind support DDNS; figuring out the proper split between
Unix-based and Microsoft-based DDNS is one of the issues that
large organizations implementing Windows 2000 Server are going to
have to figure out before they begin upgrading everything. Good luck.
Luckily, small to medium networks won't have those problems; it's
one reason I can now recommend Windows 2000 Server for your
new SOHO network. If you have an older NT network that's
working properly, there are pros and cons about upgrading -- it is an
upgrade -- to 2000 Server, and you have to make your own decision,
but for new installations I think you'll be much better off starting with
We had already set up Imperator as the primary DNS server for the
private Chaos Manor network, and then told Imperator how to ask
the Netwinder to look up things on the Internet. We told Creon to
become a secondary DNS server within our domain, and then made
sure that all the machines on the LAN knew about it by modifying the
DHCP scope (see below). That way, if Imperator goes down, I'll still
be able to check my mail and browse the Web, and all that will work
without my having to do anything.
DHCP was the other vital service I'd mentioned. Figuring out how to
divvy that up was a bit trickier, but we came up with a way to do that,
Basically, I use the 192.168.1.0 private range of IP addresses for
Chaos Manor. I reserved the first 40 addresses (192.168.1.1 -
192.168.1.40, inclusive) for servers, routers, printers, etc., basically
anything that was a shared resource accessed by all the machines
here. I changed the set up of the DHCP service already running on
Imperator to have it serve out 192.168.1.41 - 192.168.1.128 as
addresses for the workstations.
Note that the address 192.168.x.x is non-routable: Internet routers
are not supposed to pass any of that along. That's a security measure.
Alas, we've found there are people who seem to know how to defeat
that. I don't know how they do it, but I have seen it done. Beware.
I installed the DHCP service on CREON, and told it to serve out
192.168.1.129 - 192.168.1.254 to workstations. Since the
workstations are configured dynamically upon bootup via DHCP, it
doesn't really matter what addresses they get on the LAN, as long as
When a workstation boots up, it sends out a broadcast asking for a
DHCP address; whichever server responds first, either Imperator
Creon, will then assign an IP address (and all the other
network-related configuration info) to that workstation so that it can
function on the network. And if Imperator goes down, it shouldn't
matter, because Creon will handle all the requests, or vice versa.
That was the theory, at any rate. Although I'm not from Missouri, I
need to see things before I'll believe them. The obvious test was to
shut off Imperator and then reboot every single computer at Chaos Manor.