Solved

Additional domain controllers in a AD environment

Posted on 2004-09-26
2
219 Views
Last Modified: 2010-04-14
I have recently migrated from NT 4.0 to W2K with active directory. The first W2k server is the mail server  and the first Active directory domain and is also setup as pre-windows 2000 mode. Now I've added an additional domain controller, but if the first one is down, it takes 15minutes to login. Any ideas? Is there more work to be done? Do I move the server to native mode and are there any implications?

xeyelcan
0
Comment
Question by:xeyeclan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 125 total points
ID: 12156047
First off, this has nothing to do with the mode your domain runs in. If you don't have any NT4 BDCs left (and are not planning to introduce any ever), you can safely switch to native mode. This will give you, for example, domain local groups.
As for the redundancy, you need both of your DCs running DNS, you need the correct DNS settings on your DCs and on your clients, and you need both DCs as Global Catalog (currently probably only your first one is a GC).
As for the DNS, the following setup is correct:

*** TCP/IP-Settings ***
* On your first DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.
* On your second DC, let it point to the first DC as primary, to itself as secondary.
* On your domain members, enter both DCs as primary and secondary DNS.
* Do NOT enter your ISP's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS servers' forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, and make sure that Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

Once you've checked this, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

Troubleshooting Active Directory DNS Errors in Windows 2000
http://www.microsoft.com/windows2000/dns/tshoot/dns_tshoot2A.asp

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?kbid=260371

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

HOW TO: Create or Move a Global Catalog in Windows 2000
http://support.microsoft.com/?kbid=313994

Modes Supported by Windows 2000 Domain Controllers
http://support.microsoft.com/?kbid=186153
0
 
LVL 2

Author Comment

by:xeyeclan
ID: 12163118
Thanks, this helps alot.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question