taking precautions when adding a secondary domain controller
I have a 2003 domain. One if the secondary domain controllers died last week, so I am down to 1 server 2003 domain controller.
I have a server 2012 machine that I would like to make a secondary domain controller, but am nervous about doing so. What sort of precautions should I take before I make the server 2012 computer into a secondary domain controller? Is there a good guide that I can follow?
I have a server 2012 machine that I would like to make a secondary domain controller, but am nervous about doing so. What sort of precautions should I take before I make the server 2012 computer into a secondary domain controller? Is there a good guide that I can follow?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much for this information. In the cleanup process, I have come across this article:
http://now.ipsofacto.net/1225/seize-or-transfer-fsmo-roles-to-a-domain-controller/
After #7, it states that "Note: Do not put the Infrastructure Master role on the same domain controller as the global catalog." then again, at the end, "NOTE: Do not put the Infrastructure Master (IM) role on the same domain controller as the global catalog server. If the Infrastructure Master runs on a global catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a global catalog server holds a partial replica of every object in the forest."
I know it's talking about server 2000 specifically, but does the same apply to server 2003?
http://now.ipsofacto.net/1225/seize-or-transfer-fsmo-roles-to-a-domain-controller/
After #7, it states that "Note: Do not put the Infrastructure Master role on the same domain controller as the global catalog." then again, at the end, "NOTE: Do not put the Infrastructure Master (IM) role on the same domain controller as the global catalog server. If the Infrastructure Master runs on a global catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a global catalog server holds a partial replica of every object in the forest."
I know it's talking about server 2000 specifically, but does the same apply to server 2003?
ASKER
also, will having more than 1 global catalog server at 1 time be a bad idea?
ASKER
I did some research and found that the issue does not affect forests that have a single domain:
http://technet.microsoft.com/en-us/library/ff646933%28v=ws.10%29.aspx
I also found this link to find out if more than 1 global catalog is a bad idea (if on a single domain, it's not):
https://social.technet.microsoft.com/Forums/en-US/c5a3a412-aa02-401f-a57a-cea0434c676d/how-many-global-catalog-i-should-have?forum=winservergen
Finally, a link to help you determine if you have more than a single domain in your forest using dsquery:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/ActiveDirectory/HowToUseDsQueryToFindAllTheDomainControllersInTheDomainorForest.html
http://technet.microsoft.com/en-us/library/ff646933%28v=ws.10%29.aspx
I also found this link to find out if more than 1 global catalog is a bad idea (if on a single domain, it's not):
https://social.technet.microsoft.com/Forums/en-US/c5a3a412-aa02-401f-a57a-cea0434c676d/how-many-global-catalog-i-should-have?forum=winservergen
Finally, a link to help you determine if you have more than a single domain in your forest using dsquery:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/ActiveDirectory/HowToUseDsQueryToFindAllTheDomainControllersInTheDomainorForest.html
ASKER
I am confused about using tools to find out who the fsmo role holders are.
When I fire up my command prompt and run "netdom query fsmo", it says the schema master is on a dead server. When I run "DsQuery Server -Forest -hasfsmo schema" in my command prompt, it lists my current primary domain controller as the role holder.
Which one is right?
When I fire up my command prompt and run "netdom query fsmo", it says the schema master is on a dead server. When I run "DsQuery Server -Forest -hasfsmo schema" in my command prompt, it lists my current primary domain controller as the role holder.
Which one is right?
Do a metadata cleanup, see http://www.petri.co.il/delete_failed_dcs_from_ad.htm
If the dead server had FSMO roles, seize them on another domain controller first
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support2.microsoft.com/kb/255504/en-us
If the dead server had FSMO roles, seize them on another domain controller first
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support2.microsoft.com/kb/255504/en-us
ASKER
Thank you Joseph Moody. I also gave some points to Walter Padrón for some helpful links.
Even though my question about different FSMO results from different tools was unanswered, I realize it should be another question (posted here):
https://www.experts-exchange.com/questions/28583080/FSMO-Role-Conflict.html
Even though my question about different FSMO results from different tools was unanswered, I realize it should be another question (posted here):
https://www.experts-exchange.com/questions/28583080/FSMO-Role-Conflict.html
ASKER
is there any more to the dc cleanup than using the wizard?