Missing AD server makes website go down

Question

In our CMS solution we have a module that is handling integration towards an AD, the module uses a standard connection string in web.config. The customer has a setup of two AD-servers and routinely takes them down for maintenance one at a time. Unfortunately the AD-module only allows connection towards one AD-server and when that server goes down so does the website.

As I see it there are three ways of fixing this:

1. Make the vendor of the AD-module rewrite the code to utilize several AD-servers.
2. Install a local AD-server on the web server that is replicated from the other two.
3. Make a solution that acts as a front for the AD-servers, all ways connecting to one that is running.

I have exhausted options one and two for different reasons and now I only have number three left.

Any ideas?

Answer 1

Active Directory is already "out of the box" a "clustered" system (a multiple master system). It relies on DNS, not virtual IP-addresses for this to work.

Let's say the two "Active Directory servers" (those are called the domain controllers or DCs for short) have the DNS-names server01.customer.local and server02.customer.local. What you should do then is to specify just "customer.local" (no server name, just the Active Directory domain) in the connection settings part of your "AD-module" software.

This way you'll use the built in "cluster" feature of Active Directory to connect to whichever domain controller is online. The web server will then be connected to either server01 or server02 or which ever of the two is up and running.

Don't use the IP-address or the exact server name. And make sure the web server is set up to use the two domain controllers as the primary and secondary DNS in it's local IP settings. (It helps if the web server is in the same domain as the the one that the domain controllers are servicing...)