Solved

How to install a backup domain controller on a new AD setup w2k3 server?

Posted on 2007-03-24
2
425 Views
Last Modified: 2008-10-14
I just upgraded a workgroup to domain, windows 2003 server.  Now I have AD. I want to make another server on the domain a backup domain controller.  How do I do this?  How do I back the both up in the event of corruption?  
0
Comment
Question by:195ecentralave
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 11

Expert Comment

by:AnthonyP9618
ID: 18786102
Beginning in Windows 2000, there was no need for a BDC in Directory Services.  Instead, you would stand up multiple domain controllers that would help spread your server load across multiple servers.  To accomplish this, you simply need to build a new Windows 2003 Server install DNS, DHCP (if you're using it) and run dcpromo.  The steps are pretty much the smae you encountered when building the forst DC for the domain.

Once that's complete, you have some options.  

I would recommend spreading the FSMO roles around, e.g, don't leave all 5 FSMO roles on the same machine.  If you're not sure what FSMO roles are or how to accomplish this, read http://support.microsoft.com/kb/324801

Hope that helps get you in the right direction.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 18786634
Two domain controllers are a good idea and if set up properly will balance load and provide redundance for each other. The process is quite simple.

Install Windows 2003 on the new machine

Join the new Win2003 machine to the domain

Use DC Promo to add a new domain controller in the existing forest and existing domain

Make sure that the new domain controller is also a Global Catlog Server (as gloal catalog is required for logons to be authenticated). This is just a matter of ticking the checkbox. see http://support.microsoft.com/kb/313994

Make sure that Both domain controllers are set to use Active Directory Integrated DNS..

If you are using DHCP then enable it on both Domain Controllers but take care to set each one with scopes so that they do not overlap (otherwise you could end up with duplicate IPs on the Network)

Set each Domain controller to use itself as its own Preferred DNS server and the other domain controller as the Alternate DNS Server.

Set all clients to use one Domain Controller as their Preferred DNS server and the other domain controller as the Alternate DNS Server. You can either do this with a static entry or with DHCP

If you do all this theni f one DC fails the other can continue to service clients.

I would recommend leaving the FSNO roles where they are, there really is not much point in moving them around on a two DC setup unless the 1st machine fails, in which case the roles can be seized, see http://www.petri.co.il/seizing_fsmo_roles.htm
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question