How Many Domain Controller in Windows Server 2003?

How Many Domain Controller in Windows Server 2003?

I have two domain controllers and would like to replace one of the Servers (it's old). Do I just add the new server as a domain controller and simply shut down the old one?

What are the benifits having more than one domain controller?
LVL 2
nibirkhanAsked:
Who is Participating?
 
Brian PiercePhotographerCommented:
To add another domain controller

Install Windows 2003 on the new machine

Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally an existing domain controller)

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

All the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the oth.

All Domain Controllers by this point will have Active Directory, Global Catalog, DNS (and perhaps DHCP). and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned emergency the FSMO roles can be seized (see http://support.microsoft.com/kb/255504)

If you have multiple domain controllers then clients can continue to log on and use the network, having multiple copies of Active directory and DNS means that if a domain controller fails you can just install another and Active Directory (and DNS) will automatically be replicated from the others - no complex restore required.

If you have multiple sites then you reallt should have at least one DC per site to prevent intersite logon traffic and so that users can still login if the intersite link goes down.

If you want ro remove any existing domain controllers then you need to to check that is is not holding any of the FSMO roles http://www.petri.co.il/determining_fsmo_role_holders.htm and it it is then move them to another Domain Controller http://www.petri.co.il/transferring_fsmo_roles.htm

Run DCPROMO on it again to demote it from being a DC. You can then copy any user data off it to other machines and remove it from the network. You also need to check the DNS settings on clients and chnage any references to the server as the preferred or alternate DNS server and re-direct these to another sever. If the server was running any other services such as DHCP then these also need to be moved to another server.

Finally, you can remove the old machine from the domain
0
 
Netman66Commented:
Yes, add the new server and run DCPROMO to make it a DC.

If the old server has any FSMO roles, move them to the new server.
Install DNS - do nothing more.  Replication should create and populate the zones.
If the old DC is a GC, then make the new one a GC.
If the old DC has any other services - like DHCP then install this on the new server.

The idea behind multiple DCs is to provide redundancy and also ensure your AD is recoverable should the other DC go down.

Here are some docs:

http://support.microsoft.com/kb/313994
http://support.microsoft.com/kb/324801

0
 
Stephen MandersonSoftware EngineerCommented:
Hi there,

Yes you add it to the domain transfer the FSMO roles etc and run dcpromo on it and retire the server.

Take a look here on how to do this.
http://www.damaged-existence.com/internet/ActiveDirectoryProcedures/ReplaceDomainController/tabid/54/Default.aspx

Having more than one controller allows you to have more uptime. For instance if you had to take one server down for repair etc there would be another to provide access to the domain logons etc.. So keeping your old server for these purposes may be useful

Regards
Steve
0
 
Stephen MandersonSoftware EngineerCommented:
Sore fingers ? :P
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.