m0bov
asked on
Creating an Additional Domain Controller at Parent root level
Hi all, our Root DC at parent level may come up for replacement soon, in the mean time I have a nice new server to add as an additional controller incase the old one goes smoky.
I would like to do some proper redundancy so if the old server dies, I can continue as normal. We do have server imaging software which is up and running.
I'd like to setup the new server as an additional controller, I have some info on this and it seems straight forward, but what else should I do? Transfer some roles across? Seconday DNS zones? We run WINS on the old server so I will to a push pull to the new server to replicate that.
The old server is a Root DC for about 30 child domains in various remote sites. I hope all this will make replacement later on much easier.
Thanks.
James
I would like to do some proper redundancy so if the old server dies, I can continue as normal. We do have server imaging software which is up and running.
I'd like to setup the new server as an additional controller, I have some info on this and it seems straight forward, but what else should I do? Transfer some roles across? Seconday DNS zones? We run WINS on the old server so I will to a push pull to the new server to replicate that.
The old server is a Root DC for about 30 child domains in various remote sites. I hope all this will make replacement later on much easier.
Thanks.
James
ASKER
Hi, that's what I would like to do when I get my second new server. However I'd like to setup my current new server and "pair" it to the old one to provide redundancy and load balancing. I believe I should split the roles so I can recovery in the event of a hardware failure so something. I shall also be creating a seconday DNS zone also.
My new server is ready and waiting, just need to decide what best to do with it.
Thanks!
My new server is ready and waiting, just need to decide what best to do with it.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi, yep that's fine. Should I transfer all roles to the new server? This sort of thing seems to be a weak point as only one server can do the 5 or so roles. Or does the fact a server is an additional DC mean it can seize them?
Just want to make sure I can recover from a disaster whether its the old or new server as easily as possible.
Just want to make sure I can recover from a disaster whether its the old or new server as easily as possible.
You are right that you should try to have redundancy. If I understood you correctly you will add another server later. That means that you can select what roles you want to move now. And then when you have promoted your next server take the rest of the FSMO roles.
You do know that the infrastructure master can not be on a GC under certain circumstances while the domain naming master has to be. See more here: http://support.microsoft.com/kb/223346/
You do know that the infrastructure master can not be on a GC under certain circumstances while the domain naming master has to be. See more here: http://support.microsoft.com/kb/223346/
ASKER
Yepp, just been reading that! At the mo its all on one server so I have
oldserver - schema, domain naming, RID, PDC and Infrastructure and I think its a GC also, WINS.
There are no workstations attached to it, just Child DCs hanging off it at other sites (all defined on sites&subnets etc..). Can't make remote servers GC as they cant't see other child DCs but thats another story! (and points!).
Your correct in your first statement, would like to get the new kit ticking over nicely ready for a nice planned server REPLACEMENT next year.
Which servers do wish roles? On the face of it I think it should be:-
Oldserver: Infrastructure, schema, ris, PDC, no GC
Newserver: GC, domain-naming, WINS rep, DNS
Noted in the "Mastering 2003" book that it warns that a FSMO domain-naming role should ONLY be on a DC thats a global-catalog so must watch out for this! Also my Infratructure FSMO will be on a non GC.(needs to be demoted once the new server is a GC)
Does this make sense? Maybe I've answered my own question!!
James
oldserver - schema, domain naming, RID, PDC and Infrastructure and I think its a GC also, WINS.
There are no workstations attached to it, just Child DCs hanging off it at other sites (all defined on sites&subnets etc..). Can't make remote servers GC as they cant't see other child DCs but thats another story! (and points!).
Your correct in your first statement, would like to get the new kit ticking over nicely ready for a nice planned server REPLACEMENT next year.
Which servers do wish roles? On the face of it I think it should be:-
Oldserver: Infrastructure, schema, ris, PDC, no GC
Newserver: GC, domain-naming, WINS rep, DNS
Noted in the "Mastering 2003" book that it warns that a FSMO domain-naming role should ONLY be on a DC thats a global-catalog so must watch out for this! Also my Infratructure FSMO will be on a non GC.(needs to be demoted once the new server is a GC)
Does this make sense? Maybe I've answered my own question!!
James
I would move the PDC to new server since without that your users will have login problems.
As per my previous comments do as it is and make your old server adc to new server as per theory if one server is busy to authenticate the another server served it.
May be I am wrong!
regards,
Imran
May be I am wrong!
regards,
Imran
ASKER
Ok so:-
Oldserver Infra, schema
Newserver GC, domain-naming, RID and PDC.
Both will have AD DS zones on (primary) both will have WINS on a push-pull.
I will test this out in the lab today with three servers (two Root DCs and a Child DC) and see how it goes.
James
Oldserver Infra, schema
Newserver GC, domain-naming, RID and PDC.
Both will have AD DS zones on (primary) both will have WINS on a push-pull.
I will test this out in the lab today with three servers (two Root DCs and a Child DC) and see how it goes.
James
Have fun
ASKER
Just done, seemed ok, got a few errors in event log about not being able to contact a GC after I moved the roll. Moved it back, waited abit then got the "GC found" type event and then seemed ok.
Used the snap ins to connect to another DC and then moved the roles across, currently got two root DCs and a child DC, not got a workstation on anything but it seems ok.
Anything else I can try? I might dcpromo out the child DC then reattach and check, may even join a laptop to it and test if I get time.
All done including setup of 3 servers in 2hrs 30mins, not bad eh?
Used the snap ins to connect to another DC and then moved the roles across, currently got two root DCs and a child DC, not got a workstation on anything but it seems ok.
Anything else I can try? I might dcpromo out the child DC then reattach and check, may even join a laptop to it and test if I get time.
All done including setup of 3 servers in 2hrs 30mins, not bad eh?
ASKER
Had more problems with server not finding GC and then unable to remove the child due to DSA lookup failure so had another play this morning. (glad I done a dry run!!)
Now got old (existing) Root DC running Domain-naming, GC and Schema
New beefy server running RID, PDC and Infra. Got zone transfers reping the DNS across. Have checked Child and next step is to remove and re add it for a test. Think yesterday and done things too quickly so stuff had not rep'ed.
NO errors in Directory Event logs, all seems fine. Will report back and then issue the points!
Thanks guys.
Now got old (existing) Root DC running Domain-naming, GC and Schema
New beefy server running RID, PDC and Infra. Got zone transfers reping the DNS across. Have checked Child and next step is to remove and re add it for a test. Think yesterday and done things too quickly so stuff had not rep'ed.
NO errors in Directory Event logs, all seems fine. Will report back and then issue the points!
Thanks guys.
if you resote your image of server to another server with different HAL the windows 2003 can't work properly or may not start. I had an experience of that. the imaging software works fine if the system is crash and you restore the image on the same computer without any Hardware change.
for transferring DC to new DC My suggestion are as follows:
Make you new server as ADC to your old DC after finishing Adc task make your adc global catelogue and transfer all ad roles to your new ADC after that turn off your old dc and check new ADC performance if its working nicely with no error log turn on your old dc and demote it.
regards,
Imran