Additional domain controllers in a AD environment

I have recently migrated from NT 4.0 to W2K with active directory. The first W2k server is the mail server  and the first Active directory domain and is also setup as pre-windows 2000 mode. Now I've added an additional domain controller, but if the first one is down, it takes 15minutes to login. Any ideas? Is there more work to be done? Do I move the server to native mode and are there any implications?

xeyelcan
LVL 2
xeyeclanAsked:
Who is Participating?
 
oBdAConnect With a Mentor Commented:
First off, this has nothing to do with the mode your domain runs in. If you don't have any NT4 BDCs left (and are not planning to introduce any ever), you can safely switch to native mode. This will give you, for example, domain local groups.
As for the redundancy, you need both of your DCs running DNS, you need the correct DNS settings on your DCs and on your clients, and you need both DCs as Global Catalog (currently probably only your first one is a GC).
As for the DNS, the following setup is correct:

*** TCP/IP-Settings ***
* On your first DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.
* On your second DC, let it point to the first DC as primary, to itself as secondary.
* On your domain members, enter both DCs as primary and secondary DNS.
* Do NOT enter your ISP's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS servers' forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, and make sure that Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

Once you've checked this, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

Troubleshooting Active Directory DNS Errors in Windows 2000
http://www.microsoft.com/windows2000/dns/tshoot/dns_tshoot2A.asp

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?kbid=260371

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

HOW TO: Create or Move a Global Catalog in Windows 2000
http://support.microsoft.com/?kbid=313994

Modes Supported by Windows 2000 Domain Controllers
http://support.microsoft.com/?kbid=186153
0
 
xeyeclanAuthor Commented:
Thanks, this helps alot.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.