• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 545
  • Last Modified:

setting up an Additional Domain Controller

I have to set up an additional domain controller for an existing Domain controller. The following are the details of the Domain Controller.

OS- Windows 2003 Enterprise Edition
Configured with Active directory, DNS & DHCP

Now I have to set up an additional domain controller for this. The additional Domain controller should have the DHCP as configured in the Domain Controller apart form the DNS and Active Directory.

I am totally new windows 2003. So I need a help in detail.

Thanks in Advance

Zackur.
0
Zacharia Kurian
Asked:
Zacharia Kurian
  • 2
  • 2
  • 2
  • +2
2 Solutions
 
ormerodrutterCommented:
What OS is it running? If your additional DC is running the "R2" - Release 2, then you need to run adprep in your existing domain first.
http://support.microsoft.com/kb/917385
Then simply promote the server to a DC. As for DHCP, why do you want 2 DHCP servers? For fault tolorent? Or serving different subnets?
0
 
Zacharia KurianAuthor Commented:
The OS is not R2. Setting up the DHCP in the additional domain is that, incase I have to restart/shutdown the primary DC for maintanace or if the primary DC gets crashed, I want the additional DC to maintain the DHCP. It has to be the same subnets used in the primary DC.
0
 
KoeKkCommented:
there are 3 options for DHCP availability:
- create split scopes, the servers need to be in different subnets and the router between them has to support DHCP relay (Cisco/Procurve's "ip helper")
- Use a Microsoft Cluster (and hire a consultant)
- Create a standby server with a preconfigured DHCP scope but don't activate it. This needs you to activated the DHCP services when your DHCP server goes down.
You can not run 2 active DHCP servers on a netwerk so to provide redundancy for a reboot or shutdown is in my opinion not worth the effort.

You can read more about DHCP availability here: http://technet2.microsoft.com/windowsserver/en/library/c31c0ee2-646d-4481-a355-6370824f188c1033.mspx?mfr=true
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
ormerodrutterCommented:
I think you can have 2 DHCP servers in your network each contains a different pool IP addresses. For example. ServerA gives 192.168.0.1 to 192.168.0.127 while ServerB handle the rest.

If either one of the server gone down, you can quickly add the missing range to the other server.
0
 
Jay_Jay70Commented:
for such a simple Q there is some interesting answers here......basic points - you cant have a replica DHCP server on the network...it doesnt work like that....you can use the 80/20 rule or split as you see fit......but its that simple to transfer DHCP onto another server in the time of need that i dont even bother with two DHCP servers...its really a quick process as long a syou back up regularly

http://support.microsoft.com/kb/325473/
0
 
KCTSCommented:
If you want to set up a second DC for redundancy then:-

Install Windows 2003 on the new machine

Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers, Ideally you should use the 80/20 rule as Jay_Jay70 has outlines, however, In a simple single domain DHCP redundancy  is easiest achieved by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller.(eg have one DHCP server use a scope 192.168.1.50 to 192.168.1.150 and the other 192.168.1.151 to 192.168.1.251). Dont forget to set the default gateway (router) and DNS Servers.  You will need to activate the scope and authorise the new DHCP server.

Talking of DHCP clients all the clients (and indeed the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other. (set up forwarders  on the DNS server to handle external name resolution)

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned emergency the FSMO roles can be seized (see    http://www.petri.co.il/transferring_fsmo_roles.htm or http://www.petri.co.il/seizing_fsmo_roles.htm or http://support.microsoft.com/kb/255504)
0
 
Zacharia KurianAuthor Commented:
Hi KCTS,

I understand the need to have 80/20 rule sited by Jay_Jay70. Now let me explain this.

Right now my Main DC is up and running and the scope for the DHCP is from 192.168.2.41- 192.168.2.99. I will split this and add another scope in the additional domain. My main DC is acting as the global catalog. Whatever changes/updations are done on this main domain should be replicated to the additional domain. When I go to the Active Directory Sites and Services, in the main domain I can see the additional domain. Do I have to make this addtional domain as the global catalog? because I will not add/append anything in this additional domain. The main idea of setting up this additional domain is that it should take up the role of the main domain, if the main domain has to be restarted or shut down for maintanance. So please explain this. If you can give an idea about the replication time which I have to use, it would be indeed an extra help
0
 
KCTSCommented:
This is not an additional domain - it is a second domain controller for the existing domain. There is no particular need for replication be be very frequent, replcation is automatic - you don't need to do anything manually. if the machines have preferred and alternate DNS servers conigured then they will use the SRV records to locate a responsive. You need to have multiple Global catalogs in ordet to authenticate universal group memberships during logon.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now