how hard is it to add a second or third DC to my network

I'm an application developer consultant and have worked at a few dozen different organizations over the past few years. Everyone I've worked with has multiple domain controllers on the network. My understanding has been that this enables users to log on if ANY ONE of the domain controllers is available. So this increases the network's availability and can share the work -- all good things.

Now I'm working with an organization with only one domain controller (Windows 2003). They have four Windows servers (two are 2000, two are 2003) in two locations. The locations are connected together via T1. There are been occasions when the T1 goes down and people in one of the locations can't log on since the DC is on the other side of the T1.

So I've suggested making one or two of the non DC servers into a second DC. The networking people say this would take 6-8 hours of labor and it's not worth it. But what I read about the process is that it's pretty automated and that although it requires a couple of reboots on the new DC server, it's not that labor intensive.

What you you guys say -- are we getting snowed by the network technical people? Or is running dcpromo to add a DC to the network something that is easy and doesn't take much labor?
Who is Participating?
Alan Huseyin KayahanConnect With a Mentor Commented:
         Hi GordonPrince
                It is as hard as typing dcpromo to run, then follow the easy steps and click next. Now you have an Additional Domain Controller. It does last max 10 minutes.
                But is that enough for clients functionality if one of the servers down? Actually No. We have 3 more important steps.
                1)DHCP: If the server which has the DHCP Server goes down, then clients can not acquire IP addresses.
                2)Global Catalog: If the server which is the Global Catalog is down, then client can not log on to domain
               3)DNS: If the DNS server which clients only point to is down, then again clients can not log on to domain + could not reach network resources + no exchange etc
               1) Lets say that your network is (including the other side of T1) and only 1 DHCP server exist in one side of T1. Then what you should do is installing DHCP server on the additional domain controller you added to other side, and create scope in one DHCP server and the scope for other DHCP. (If the networks are different, each side has DHCP servers then ignore this step)
              2) To set your Additional Domain Controller a Global Catalog,
                    *Start>Programs>Administrative tools>Active Directory Sites and Services
                    *In left-pane, expandSites>Default Firest site name> Servers. Click on your server.
                   *In right-pane, right-click NTDS settings, then properties. Check the box next to Global Catalog
              3) Additional domain controllers are also DNS servers if the DNS is AD integrated. Only thing left is setting the other DC's IP address as alternative DNS server in scope options of both DHCP servers


hpgriffindConnect With a Mentor Commented:
Making A Windows 2003 Server box a domain controller is fairly easy. It's a  wizard and yes, mostly automated. It does require a few reboots but it is not very time consuming.
As you can see, not hard.  Further, you should know that it is Standard Operating Procedure to have at DCs at each site.
Not only for fault-tolerance, but it speeds up logins and AD-related lookups.  The procedure MrHusy detailed re: Global Catalogs will insure that.

As an AD architect, I can't stress hard enough how fundamentally important this is.

If you take this advice, give points to the guys above - I'm just agreeing with them.
I missed a note - please consider having at least one additional DC at your primary site for fault-tolerance.  
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.