• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 466
  • Last Modified:

How do I configure a member server as a 'redundant' DC/DNS server

Hi - This is a bit long but please bear with me..

I need some help in adding a second Windows 2003 Domain Controller in my network.

I have recently set up a new Windows 2003 domain. To simplify the setup imagine DC1 is in Subnet A and there is another Subnet B, currently without a DC.
The first DC is also the Global Catalog (for obvious reasons) and the Primary DNS (not Active Directory-Integrated)
To protect the nework in case the first DC goes down (or in case the link between Subnet A and B goes down) I am planning to promote a Windows 2003 member server in Subnet B as the 2nd Domain Controller. This 2nd DC will also function as a GC and DNS server.

My objective is  to set up a 'redundant DC' such that if 1st DC goes down all users should still be able to authenticate without problem using the 2nd DC.
DNS in 1st DC is currently set to Primary but I'm ok to change it to AD-integrated if this is a better setup for my 'redundant DC' requirement. I know FSMO roles etc is a different story - but let's leave them for now.

I have scoured the internet about how to do it and there are a lot of general suggestions but I'm after the correct sequence to perform as I don't want to stuff things up. The 3 ways I can think of are below.
I would highly appreciate any input or help that anyone can provide. Thanks

Option1
In the Member Server..
Note: Preferred DNS server IP is set with the IP Address of the 1st DC
Install DNS service
Configure it as a secondary DNS of the Domain
Verify DNS records are replicated
Change Preferred DNS server IP with the local IP (itself)
Run DCPromo and set up server as additional DC
Set 1st DC as Alternate DNS in 2nd DC

In the 1st DC...
Set 2nd DC as Alternate DNS

Option2
In the Member Server..
Note: Preferred DNS server IP is set with the IP Address of the 1st DC
Run DCPromo and set up server as additional DC
Install DNS service
Configure as secondary DNS of Domain
Verify DNS records are replicated
Change Preferred DNS server IP with the local IP (itself)
Set 1st DC as Alternate DNS in 2nd DC

In the 1st DC...
Set 2nd DC as Alternate DNS

Option 3
In the 1st DC...
Change DNS type as AD-integrated

In the Member Server..
Note: Preferred DNS server IP is set with the IP Address of the 1st DC
Install DNS service
Configure it as another AD integrated DNS of the Domain
Verify DNS records are replicated
Change Preferred DNS server IP with the local IP (itself)
Run DCPromo and set up server as additional DC
Set 1st DC as Alternate DNS in 2nd DC

Back in the 1st DC...
Set 2nd DC as Alternate DNS
0
dpsjr100
Asked:
dpsjr100
  • 2
2 Solutions
 
Jay_Jay70Commented:
Hi dpsjr100,

easy as my friend

**Note - If introducing a 2003 R2 Server into the network as a DC you will need to run the ADPREP tools from the second cd

\CMPNENTS\R2\ADPREP

you can also download here
http://www.microsoft.com/downloads/details.aspx?familyid=5B73CF03-84DD-480F-98F9-526EC09E9BA8&displaylang=en

this boosts the schema up to cope with R2 functionality
http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspx

just install DNS on the member server and then follow these steps

1) Promote (DCPROMO) your member server as an additional domain controller in an already existing domain - this will allow AD to replicate to the new server
2) Make sure DNS is AD integrated on your old DC to allow all DNS replications also
6) Run DCDIAG to make sure all is well and replication is fine

as far DNS goes, servers should point to themselves as primary with the alternate as secondary

make sense?
0
 
feptiasCommented:
Hi dpsjr100

Looking at your three options, you can eliminate option 3 because it is not possible to create an AD-integrated DNS zone on a server that is not a domain controller. Your sequence for option 3 wants to make an AD-integrated zone before you have run DCPROMO so it wouldn't work.

Options 1 and 2 should both work, although my preference is for 2. In the DNS server on DC1, it is very important that dynamic updates are allowed to be made by the member server that you are promoting. The options for allowing dynamic updates are shown on the General tab of the properties of the fwd lookup zone.

As already stated, it is a good idea to set both DNS servers to AD-integrated after you've DCPROMO'd the new one. AD-integrated zones can accept updates at either server, whereas with Primary/Secondary all updates must be made on the primary. So if DC1 becomes unavailable, users would still be able to authenticate ok, but their workstation IP address would not be able to dynamically register itself in DNS.
0
 
dpsjr100Author Commented:
Below is the suggestion from MS PSS. I guess it depends on whether I want a Primary/Secondary or AD-Integrated DNS setup. I might use do the ADPREP tool as suggested by Jayjay in future.

Thanks guys for quickly posting and sharing your knowledge. I'm splitting the points to jayjay and feptias.
----------------------
The steps looks good in Option 3 , but few changes as explained below.
In the 1st DC...
Change DNS type as AD-integrated

Yes make sure that , Preferred DNS server IP is set with the IP Address of the 1st DC
Run DCPromo and set up server as additional DC
Enable GC and reboot the server

Install DNS service
As the DNS is AD integrated it will pick the settings automatically (no configuration required)
And configure its ownIP as  Preferred DNS

And the 1st DC as Alternate DNS

Note: On the 1st DC , open DNS console and select the zone properties , select replication . If you have zone replication scope as "To all Domain Controllers in the AD domain" . make sure you have the same settings on the 2nd DC too.

Otherwise DNS will work in different partitions and give problems. Hope this will help.
0
 
Jay_Jay70Commented:
cool, thank you, good luck!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now