Server Admin 10.4 Help

Setting Up a Server as a Backup Domain Controller

Using Server Admin, you can set up Mac OS X Server as a Windows backup domain controller (BDC). The BDC provides automatic failover and backup of Windows domain login and other Windows client requests for authentication and directory services. The BDC server can provide other Windows services:  file, print, browsing, and Windows Internet Name Service (WINS). The BDC can host home directories for users who have user accounts on the PDC/BDC.

1. Make sure the server is an Open Directory replica.

   To determine whether a server is an Open Directory master, open Server Admin, select Open Directory for the server in the Computers & Services list, then click Overview. The first line of status information states the server's Open Directory role. To learn more about Open Directory replicas, see Open Directory Overview.

2. In Server Admin's Computers & Services list, select Windows for the Open Directory replica server.
3. Click Settings (near the bottom of the window), then click General (near the top).
4. Choose Backup Domain Controller (BDC) from the Role pop-up menu, then enter a description, computer name, and domain.
   • Description:  This description appears in the Network Places window on Windows computers, and it is optional.
   • Computer Name:  Enter the name you want Windows users to see when they connect to the server. This is the server's NetBIOS name. The name should contain no more than 15 characters, no special characters, and no punctuation. If practical, make the server name match its unqualified DNS host name. For example, if your DNS server has an entry for your server as "server.example.com," give your server the name "server."
   • Domain:  Enter the name of the Windows domain that the server will host. The domain name cannot exceed 15 characters and cannot be "WORKGROUP."
5. Click Save.
6. Enter the name and password of a user account that can administer the LDAP directory on the server, then click OK.

When authenticating, you must use an LDAP directory administrator account. You can't use a local directory administrator account, such as the primary server administrator account (user ID 501), to create a BDC.

After setting up a BDC, you may want to change access restrictions, logging detail level, code page, domain browsing, or WINS registration. Then if Windows services aren't already running, you can start them. For instructions, click a topic below:

• Changing Windows Services Access Settings
• Changing Windows Services Logging Settings
• Changing Windows Services Advanced Settings
• Starting Windows Services

You can also set a server's role in providing Windows services by using the 'serveradmin' command in Terminal. For more information, see the file services chapter of the command-line administration guide.