On Mon, 2007-03-19 at 08:11 -0600, David Boreham wrote:

Eddie C wrote:

> I can not give an authoritative answer, but if your active directory 
> is 2003 server your active directory itself is multimaster ( no more 
> PDC and SDC ). It seems theorically possible to install active 
> directory sync on both nodes but leave it running only on one domain 
> controller. Something like this:
>  
>  
> AD2 <-> AD1
>         |
> LoadBalancer 
>         |
> FD2 <->FD1
>  

This is a cool idea, but it may not work because FDS uses the
AD sync control to perform incremental inbound updates.
It's quite likely that the two AD servers would have different
states for the sync cookie. You could work around this
by initiating a full sync when failing over between ADs.

THanks for the comments so far, it appears that if I can mitigate the risk, then I can just leave a single agreement in place between FDS and AD.

The other question though, regarding one-way from AD to FDS - anyone got any thoughts on that?

Cheers

Darren
This e-mail and any attachments may be confidential or legally privileged.If you received this message in error or are not the intended recipient, you should destroy the email message and any attachments or copies, and you are prohibited from retaining, distributing, disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your co-operation.

Mercer Human Resource Consulting Limited is authorised and regulated by the Financial Services Authority. Registered in England No. 984275. Registered Office: 1 Tower Place West, Tower Place, London, EC3R 5BU.