How Many Domain Controller in Windows Server 2003?

Posted on 2007-08-03
Last Modified: 2013-11-05
How Many Domain Controller in Windows Server 2003?

I have two domain controllers and would like to replace one of the Servers (it's old). Do I just add the new server as a domain controller and simply shut down the old one?

What are the benifits having more than one domain controller?
Question by:nibirkhan
    LVL 51

    Assisted Solution

    Yes, add the new server and run DCPROMO to make it a DC.

    If the old server has any FSMO roles, move them to the new server.
    Install DNS - do nothing more.  Replication should create and populate the zones.
    If the old DC is a GC, then make the new one a GC.
    If the old DC has any other services - like DHCP then install this on the new server.

    The idea behind multiple DCs is to provide redundancy and also ensure your AD is recoverable should the other DC go down.

    Here are some docs:

    LVL 19

    Assisted Solution

    by:Stephen Manderson
    Hi there,

    Yes you add it to the domain transfer the FSMO roles etc and run dcpromo on it and retire the server.

    Take a look here on how to do this.

    Having more than one controller allows you to have more uptime. For instance if you had to take one server down for repair etc there would be another to provide access to the domain logons etc.. So keeping your old server for these purposes may be useful

    LVL 70

    Accepted Solution

    To add another domain controller

    Install Windows 2003 on the new machine

    Assign the new computer an IP address and subnet mask on the existing network
    Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally an existing domain controller)

    Join the new machine to the existing domain as a member server

    If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2

    From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

    Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

    Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

    All the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the oth.

    All Domain Controllers by this point will have Active Directory, Global Catalog, DNS (and perhaps DHCP). and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned emergency the FSMO roles can be seized (see

    If you have multiple domain controllers then clients can continue to log on and use the network, having multiple copies of Active directory and DNS means that if a domain controller fails you can just install another and Active Directory (and DNS) will automatically be replicated from the others - no complex restore required.

    If you have multiple sites then you reallt should have at least one DC per site to prevent intersite logon traffic and so that users can still login if the intersite link goes down.

    If you want ro remove any existing domain controllers then you need to to check that is is not holding any of the FSMO roles and it it is then move them to another Domain Controller

    Run DCPROMO on it again to demote it from being a DC. You can then copy any user data off it to other machines and remove it from the network. You also need to check the DNS settings on clients and chnage any references to the server as the preferred or alternate DNS server and re-direct these to another sever. If the server was running any other services such as DHCP then these also need to be moved to another server.

    Finally, you can remove the old machine from the domain
    LVL 19

    Expert Comment

    by:Stephen Manderson
    Sore fingers ? :P

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now