We have an ASP.NET application running at a customer site that uses ActiveDirectory for user login via the ActiveDirectoryMembershipProvider. Their primary domain controller that we were pointing to went down this morning, and in getting everything set back up the client was wondering if we could have a redundant connection to two domain controllers; i.e. specifying a primary and a backup AD server. A Google search proved fruitless - does anyone know if this can be done?
It can be done, it will just take some work.
You will need to create a class that inherits off of the ActiveDirectoryMemberhsipProvider and use it has your provider instead. That way you can maintain most of the functionality. Then setup a way to specify two connectionStringName properties, one for primary and one for secondary. You will also need to create the code to read the information from the config since you are changing it. Then just override the methods where you need to catch when the primary is down and switch to the secondary. This will be the most reusable way of doing it.
There's probably other ways of doing it, but it will probably be hacky and not very reusable. Like testing the connection before each request and then setting the connectionstring that way.
Based on the MSDN documentation on the class, this will probably be the only way to do it. They don't provide the functionality internal.
If ActiveDirectory couldn't handle multiple domain controllers then it wouldn't be a very good technology.
You just need to make sure in your Membership configuration you are pointing to the 'Domain' rather than the 'Server' and then add two or more controllers to your domain.
Generally if you are referring to the domain as "LDAP://server/DC=domain,DC=com" then you should be able to remove the "server" part and refer simply to "LSAP://DC=domain,DC=com"
The following code project gives a long list of things you can do in Active Directory from C#: http://www.codeproject.com/KB/system/everythingInAD.aspx#7