Pre AD (Active Directory), I could set up multiple BDCs (Backup Domain Controllers), and if my PDC (Primary Domain Controller) and one BDC was down, the other BDC would authenticate. AD seems to allow only one PDC Emulator, and if that AD Server is down, I need to transfer or seize the PDC emulator role, before any computers may be authenticated.
I would like to configure AD (Win Server 2008 R2), so that I could down AD Server 1 which has the PDC emulator, and other roles, and immediately, AD Server 2 would then handle the authentication, without having to transfer or seize the PDC emulator role.
Then when AD Server 1 comes back up, it would handle the authentication when AD Server 2 is down.
This is for a small group of computers (less than 20). I'm wondering if I should stop using domains and Active Directory and just set up a Workgroup. I've enjoyed using domains since NT 3.51, but Active Directory fails to authenticate if the server with the PDC emulator is down, regardless of the number of BDCs which are running. This doesn't work for me.
What are my options? Have I just not learned enough about Active Directory to configure it to authenticate from multiple servers? This seems like a horrible design that if the AD server with the PDC emulator goes down, no one can login until
a tech seizes the PDC emulator role to a backup AD server. This transfer of authentication should be automatic, and not require manual intervention.
Thanks in advance for your help,