?
Solved

How Many Domain Controller in Windows Server 2003?

Posted on 2007-08-03
4
Medium Priority
?
210 Views
Last Modified: 2013-11-05
How Many Domain Controller in Windows Server 2003?

I have two domain controllers and would like to replace one of the Servers (it's old). Do I just add the new server as a domain controller and simply shut down the old one?

What are the benifits having more than one domain controller?
0
Comment
Question by:nibirkhan
  • 2
4 Comments
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 450 total points
ID: 19625322
Yes, add the new server and run DCPROMO to make it a DC.

If the old server has any FSMO roles, move them to the new server.
Install DNS - do nothing more.  Replication should create and populate the zones.
If the old DC is a GC, then make the new one a GC.
If the old DC has any other services - like DHCP then install this on the new server.

The idea behind multiple DCs is to provide redundancy and also ensure your AD is recoverable should the other DC go down.

Here are some docs:

http://support.microsoft.com/kb/313994
http://support.microsoft.com/kb/324801

0
 
LVL 19

Assisted Solution

by:Stephen Manderson
Stephen Manderson earned 450 total points
ID: 19625345
Hi there,

Yes you add it to the domain transfer the FSMO roles etc and run dcpromo on it and retire the server.

Take a look here on how to do this.
http://www.damaged-existence.com/internet/ActiveDirectoryProcedures/ReplaceDomainController/tabid/54/Default.aspx

Having more than one controller allows you to have more uptime. For instance if you had to take one server down for repair etc there would be another to provide access to the domain logons etc.. So keeping your old server for these purposes may be useful

Regards
Steve
0
 
LVL 70

Accepted Solution

by:
KCTS earned 600 total points
ID: 19625846
To add another domain controller

Install Windows 2003 on the new machine

Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally an existing domain controller)

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

All the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the oth.

All Domain Controllers by this point will have Active Directory, Global Catalog, DNS (and perhaps DHCP). and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned emergency the FSMO roles can be seized (see http://support.microsoft.com/kb/255504)

If you have multiple domain controllers then clients can continue to log on and use the network, having multiple copies of Active directory and DNS means that if a domain controller fails you can just install another and Active Directory (and DNS) will automatically be replicated from the others - no complex restore required.

If you have multiple sites then you reallt should have at least one DC per site to prevent intersite logon traffic and so that users can still login if the intersite link goes down.

If you want ro remove any existing domain controllers then you need to to check that is is not holding any of the FSMO roles http://www.petri.co.il/determining_fsmo_role_holders.htm and it it is then move them to another Domain Controller http://www.petri.co.il/transferring_fsmo_roles.htm

Run DCPROMO on it again to demote it from being a DC. You can then copy any user data off it to other machines and remove it from the network. You also need to check the DNS settings on clients and chnage any references to the server as the preferred or alternate DNS server and re-direct these to another sever. If the server was running any other services such as DHCP then these also need to be moved to another server.

Finally, you can remove the old machine from the domain
0
 
LVL 19

Expert Comment

by:Stephen Manderson
ID: 19625873
Sore fingers ? :P
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Screencast - Getting to Know the Pipeline

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question