question

I am setting up a Sharepoint log shipping failover. My primary (production) server and secondary are in different domain controllers but pretty much the secondary is a replica of the primary. After some challenges, I got the log shipping part working and the secondary is getting the logs. The problem I am having is when the primary server fails, the users can't be authenticated in Sharepoint anymore. Only if I create a username accounts locally on the secondary, they are able to get access to the site. My take is that I need to have both server on the same domain and with both access to the same domain controller and the authentication will be ok. Unfortunately my production server is also a domain controller, which means that if it fails, so the domain controller so I will find myself with the same issue, no access to common domain controller. Demoting the production server and setting up an alternate domain controller, is not really an option. Is ADFS relying party trust an option to solve this? Any suggestions how to approach this issue will be greatly appreciate it.