I cannot join machines to domains when primary DC fails, everything else works fine

Question

So we have two domain controllers on our little network and they both have DHCP and DNS replication. Active Directory was set up with replication betweens these two.

Information that is created on any of these three services is replicated flawlessly when both are on. DNS Records are set up correctly (SRV Records, pointing to both servers) DHCP Scopes Options are set up correctly in order for clients of the network to failover and still have connection.

So all of this works like a charm, when the first domain controller is turned off, just reseting network adapters on client computers grab my secondary domain controller as DNS and DHCP so everything keeps going on smoothly!

However, I have a problem, which is, I cannot join machines to the domain when the primary is off. It says on the error details that the DNS query was resolved correctly pointing to both LDAP servers, but that no domain controllers were found. I've checked if both were Global Catalog and they are. FSMO Roles were checked, all of them belong to the primary DC that was off. Could this last comment be it? How can I make the roles to fail over to the secondary DC when the primary is off?

Would you like me to upload pictures of my DHCP Options, DNS Records or anything else? Thanks in advance!

Answer 1

FSMO Roles were checked, all of them belong to the primary DC that was off. Could this last comment be it?

Yes.

How can I make the roles to fail over to the secondary DC when the primary is off?

There isn't a good way to fix this.

If the DC with the FSMO roles will be down for longer than expected, the roles should be moved to the other DC. But this isn't something that is typically moved between DC's to maintain availability. Not something I would expect to be "automated". Rather the DC that does hold these roles the objective should be to minimize the downtime for those DC's.