Adding a second Domain Controller
I'm interested in adding a second dc. I understand the benefits to this, however if DC1 is used for DNS and the future DC2 needs this be promoted. What could I expect if DC1 needs to come down for serviceing or failure. What precautions must I take
Your opinions are greatly appreciated
Your opinions are greatly appreciated
You don't say which OS you're using, but when you mention "promoting" I guess you're talking about NT4?
If NT4, then the extra DC should have DNS installed as well. Set up the zone as Secondary, pulling from the first DC. In the event of failure, this zone could be changed to a Primary if you need to update it, otherwise leave it as a read-only Secondary.
If you have AD, then it's easy. Install the zone as AD-integrated and install DNS server on the new DC. Sorted!
If NT4, then the extra DC should have DNS installed as well. Set up the zone as Secondary, pulling from the first DC. In the event of failure, this zone could be changed to a Primary if you need to update it, otherwise leave it as a read-only Secondary.
If you have AD, then it's easy. Install the zone as AD-integrated and install DNS server on the new DC. Sorted!
Roly_Dee
Careful about assumptions. In W2K lingo, promoting can mean simply taking a W2K member server and "promoting".........ie, running DCPromo.....it to a DC.
And since we are talking about adding a *second* DC, we are obviously talking about AD.......but thanks for reinforcing my advice.
Careful about assumptions. In W2K lingo, promoting can mean simply taking a W2K member server and "promoting".........ie, running DCPromo.....it to a DC.
And since we are talking about adding a *second* DC, we are obviously talking about AD.......but thanks for reinforcing my advice.
Hi rschwab,
You'll have to have both DC1 and DC2 carries same services such as DNS/WINS/DHCP/GC replcation.
As for DNS once you do "dcpromo" your DC2's DNS will automatically configure and syncrinzed with DC1's DNS. If you do carry wins make sure you do push/pull settings.
as for you DHCP is you have then on DC1 you will want to create on on DC2 and make sure these two exclude each others scope so you don't have a overlaps. The last and most important on is do a replcation of Global Categories(GC).
Tbird008
You'll have to have both DC1 and DC2 carries same services such as DNS/WINS/DHCP/GC replcation.
As for DNS once you do "dcpromo" your DC2's DNS will automatically configure and syncrinzed with DC1's DNS. If you do carry wins make sure you do push/pull settings.
as for you DHCP is you have then on DC1 you will want to create on on DC2 and make sure these two exclude each others scope so you don't have a overlaps. The last and most important on is do a replcation of Global Categories(GC).
Tbird008
many Typos "as for your DHCP if you have them on DC1 you will want to create one on DC2"
Tbird008
Tbird008
third008
Lots of extraneous advice here.
Wins is not necesarry on a AD forest.....though it can help if you still have win9x machines on your net....but having it set up on both DCs is a waste of bandwidth, Wins replication is a killer. If you do need it on DC1, don't install it on DC2 until you need it..... ie when DC1 goes down.....unless you are putting both DCs in different sites.
If you are in a single subnet, you don't want DHCP running two scopes on two different machines. By all means, install DHCP on DC2 and duplicate your DC1 scope there.........but don't activate the scope and disable the DHCP service on DC2 until it may be needed.
"Last and most important" You only need one GC per site.......and they replicate automatically with the rest of AD.
Lots of extraneous advice here.
Wins is not necesarry on a AD forest.....though it can help if you still have win9x machines on your net....but having it set up on both DCs is a waste of bandwidth, Wins replication is a killer. If you do need it on DC1, don't install it on DC2 until you need it..... ie when DC1 goes down.....unless you are putting both DCs in different sites.
If you are in a single subnet, you don't want DHCP running two scopes on two different machines. By all means, install DHCP on DC2 and duplicate your DC1 scope there.........but don't activate the scope and disable the DHCP service on DC2 until it may be needed.
"Last and most important" You only need one GC per site.......and they replicate automatically with the rest of AD.
JConchie:
To rewind a bit, I take your first point. The question was not too clear, so I tried to cover both options. Assumtions are dangerous animals...
I would however disagree that "we are obviously talking about AD." In NT4, if your first DC is your PDC, your second DC is your first BDC etc. Primary or Backup, they're all still DCs :-)
PS You may only need one GC per site, but the question revolves around that one machine being unavailable.
To rewind a bit, I take your first point. The question was not too clear, so I tried to cover both options. Assumtions are dangerous animals...
I would however disagree that "we are obviously talking about AD." In NT4, if your first DC is your PDC, your second DC is your first BDC etc. Primary or Backup, they're all still DCs :-)
PS You may only need one GC per site, but the question revolves around that one machine being unavailable.
Roly_Dee,
You said it yourself......in NT4, the first controller is the PDC, all subsequent ones are called BDCs In W2K, all controllers are simply DCs.
Re: GCs.......if you have 2 DCs in a site and one goes down, the other still carries a full replica of AD...making it the new GC is as simple as checking a box.
You said it yourself......in NT4, the first controller is the PDC, all subsequent ones are called BDCs In W2K, all controllers are simply DCs.
Re: GCs.......if you have 2 DCs in a site and one goes down, the other still carries a full replica of AD...making it the new GC is as simple as checking a box.
rschwab.......we are managing to get a bit sidetracked here.......more importantly, does any of this answer your question.......or would you like more specifics on any aspect of it?
JConchie
"extraneous" info it all depends on rschwab's network. 1st of all you do not know if he is running under mix or native mode and how he's network is setup.
"GC" is only checking a box right but with it check he will not have to worry about the other went down in the middle of night or whe the admin is not around. It is all about work smart.
Tbird008
"extraneous" info it all depends on rschwab's network. 1st of all you do not know if he is running under mix or native mode and how he's network is setup.
"GC" is only checking a box right but with it check he will not have to worry about the other went down in the middle of night or whe the admin is not around. It is all about work smart.
Tbird008
ASKER
Wow !!! just got back and started viewing these inputs
JConchi thanks for your explanation I see my question wasn't very clear. I do understand that DC2 needs to point to DC1's DNS. I was curious to what occurs when DC1 goes down for service or failure?
Roly_Dee pointed in the first response where it is I was going. but does this pertain to 2000 as well????
This is a small network 15 users, 22 nodes. No DHCP,wins
Thank you for your assistance
JConchi thanks for your explanation I see my question wasn't very clear. I do understand that DC2 needs to point to DC1's DNS. I was curious to what occurs when DC1 goes down for service or failure?
Roly_Dee pointed in the first response where it is I was going. but does this pertain to 2000 as well????
This is a small network 15 users, 22 nodes. No DHCP,wins
Thank you for your assistance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
With the second DC, both have copies of all AD info and if one fails or has to go down for maintenance, the other is still available. If one DC goes down unexpectedly and you cannot recover it...... and it happens to be the DC with your FSMO roles, you will have to seize the FSMOs on the surviving DC......but that is a minor and straight forward procedure.
DC2 does not need DNS running on it to be promoted, it only needs to be able to point to DC1....in other words DNS must be running on the network. Once you have DC2 up and running, you can set up active directory integrated DNS (DNS on DC1 should be AD-integrated too) on it, again, simply for redundancy.........you can then have your DHCP hand it out to workstations as the secondary DNS.......or assign it manually.
Assuming that you already have functional DNS on your network, there really is no downside here, only benefits.
How big is your network?......will both DCs be in the same site? same subnet? If the answer here is no, there are a few more details to take care of, but you still don't need any extraordinary precautions.