setting up an Additional Domain Controller

Posted on 2007-07-29
Last Modified: 2010-04-18
I have to set up an additional domain controller for an existing Domain controller. The following are the details of the Domain Controller.

OS- Windows 2003 Enterprise Edition
Configured with Active directory, DNS & DHCP

Now I have to set up an additional domain controller for this. The additional Domain controller should have the DHCP as configured in the Domain Controller apart form the DNS and Active Directory.

I am totally new windows 2003. So I need a help in detail.

Thanks in Advance

Question by:Zacharia Kurian
    LVL 23

    Expert Comment

    What OS is it running? If your additional DC is running the "R2" - Release 2, then you need to run adprep in your existing domain first.
    Then simply promote the server to a DC. As for DHCP, why do you want 2 DHCP servers? For fault tolorent? Or serving different subnets?
    LVL 9

    Author Comment

    by:Zacharia Kurian
    The OS is not R2. Setting up the DHCP in the additional domain is that, incase I have to restart/shutdown the primary DC for maintanace or if the primary DC gets crashed, I want the additional DC to maintain the DHCP. It has to be the same subnets used in the primary DC.
    LVL 2

    Expert Comment

    there are 3 options for DHCP availability:
    - create split scopes, the servers need to be in different subnets and the router between them has to support DHCP relay (Cisco/Procurve's "ip helper")
    - Use a Microsoft Cluster (and hire a consultant)
    - Create a standby server with a preconfigured DHCP scope but don't activate it. This needs you to activated the DHCP services when your DHCP server goes down.
    You can not run 2 active DHCP servers on a netwerk so to provide redundancy for a reboot or shutdown is in my opinion not worth the effort.

    You can read more about DHCP availability here:
    LVL 23

    Expert Comment

    I think you can have 2 DHCP servers in your network each contains a different pool IP addresses. For example. ServerA gives to while ServerB handle the rest.

    If either one of the server gone down, you can quickly add the missing range to the other server.
    LVL 48

    Accepted Solution

    for such a simple Q there is some interesting answers here......basic points - you cant have a replica DHCP server on the doesnt work like can use the 80/20 rule or split as you see fit......but its that simple to transfer DHCP onto another server in the time of need that i dont even bother with two DHCP servers...its really a quick process as long a syou back up regularly
    LVL 70

    Expert Comment

    If you want to set up a second DC for redundancy then:-

    Install Windows 2003 on the new machine

    Assign the new computer an IP address and subnet mask on the existing network

    Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

    Join the new machine to the existing domain as a member server

    If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2

    From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

    Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

    Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

    If you are using DHCP you should spread this across the domain controllers, Ideally you should use the 80/20 rule as Jay_Jay70 has outlines, however, In a simple single domain DHCP redundancy  is easiest achieved by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller.(eg have one DHCP server use a scope to and the other to Dont forget to set the default gateway (router) and DNS Servers.  You will need to activate the scope and authorise the new DHCP server.

    Talking of DHCP clients all the clients (and indeed the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other. (set up forwarders  on the DNS server to handle external name resolution)

    Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned emergency the FSMO roles can be seized (see or or
    LVL 9

    Author Comment

    by:Zacharia Kurian
    Hi KCTS,

    I understand the need to have 80/20 rule sited by Jay_Jay70. Now let me explain this.

    Right now my Main DC is up and running and the scope for the DHCP is from I will split this and add another scope in the additional domain. My main DC is acting as the global catalog. Whatever changes/updations are done on this main domain should be replicated to the additional domain. When I go to the Active Directory Sites and Services, in the main domain I can see the additional domain. Do I have to make this addtional domain as the global catalog? because I will not add/append anything in this additional domain. The main idea of setting up this additional domain is that it should take up the role of the main domain, if the main domain has to be restarted or shut down for maintanance. So please explain this. If you can give an idea about the replication time which I have to use, it would be indeed an extra help
    LVL 70

    Assisted Solution

    This is not an additional domain - it is a second domain controller for the existing domain. There is no particular need for replication be be very frequent, replcation is automatic - you don't need to do anything manually. if the machines have preferred and alternate DNS servers conigured then they will use the SRV records to locate a responsive. You need to have multiple Global catalogs in ordet to authenticate universal group memberships during logon.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now