This article was previously published under Q200866
This article discusses having a backup domain controller (BDC) in a Microsoft BackOffice Small Business Server domain model.
First, what is a BDC? According to page 3 of the "Concepts and Planning Guide" for Microsoft Windows NT 4.0, a BDC is defined as follows:
"A backup domain controller (BDC) maintains a copy of the directory database. This copy is synchronized periodically and automatically with the Primary Domain Controller (PDC). BDCs also authenticate user logons, and can be promoted to function as the PDC. Multiple BDCs can exist in a domain."
Second, what do Small Business Server (SBS) standards say about this? Page 137 of the "Start Here Guide," which accompanies the installation software, states:
"You can only have one computer running Small Business Server on your network, but you can connect other server computers to your network. For example, you may want a dedicated computer to host a Web site, printer services, or a database. We recommend that these server computers run Windows NT Server as a backup domain controller or as a standalone server,a.k.a. member server. You may not install applications shipped with BackOffice Small Business Server on non-BackOffice Small Business Server servers. You must purchase the appropriate software licenses for each server and any of the applications you install on the server. Small Business Server does not support "trust" relationships with other Windows NT Server computers."
So, what does all of this mean for a Small Business Server domain? Here are a few key points to keep in mind:
You can install a computer as a BDC in an SBS domain, but there is minimal advantage in doing so. Because the SBS server must function as a PDC, the BDC only provides redundancy for authentication, not fault tolerance as in a traditional Windows NT domain where a PDC does not act as an applications server.
Using a BDC for load balancing: In a domain where there are 25 or fewer users, one domain controller, the PDC, can easily handle domain validation.
Logon scripts should be replicated to the BDC. In an environment where clients could be validated by a server other than the PDC, such as a BDC, all logon scripts should be replicated to the BDC or Client Setup will fail.
Using a BDC in case the PDC goes down: In an SBS domain, if the PDC goes down, whether or not the BDC is promoted, the users will be able to get validated. However, users will not be able to access applications other than those installed on the BDC, because none of the applications from an SBS server can be installed on any other server except the SBS server.
If the BDC is promoted and the SBS server needs to be reinstalled, it cannot be installed into the same domain as a BDC and then promoted because SBS installs as a PDC only. If the PDC ever is reinstalled without a full restore from a backup, the user accounts and machine accounts will have to be re-created and the BDC will need to be reinstalled to become a member of the new domain.