General Outline for Setting Up a Redundant Domain Controller

Posted on 2007-08-03
Last Modified: 2013-11-05
I have been assigned the task of researching setting up a domain controller for a client's office  as well as a back-up domain controller. I am not at all familiar with domain controllers and feel a little bit over my head. In order to practice for the task at hand I will be installing Windows Server 2003 Standard Edition on two computers at my house. I have multiple other Windows XP Professional PCs also at my house so I should be able to configure them to log onto the domain.

What has been asked of me is as follows:

Research Set-up/Configuration of Primary Server (Primary Domain Controller & Fileserver)
Research Set-Up/Configuration of Back-up Server (Back-up Domain Controller & File Server)

Basically what we are wanting to do is have one domain controller that also serves the role of a file server, serving files across the local network. However, if that domain controller server fails (i.e. hardware failure, virus, or otherwise becomes unresponsive) we would like the second server to automatically kick in as the domain controller/fileserver untill we can restore the primary system.

Basically we need this second Domain Controller to mirror the settings/configuration of the primary Domain Controller and also maintain realtime (or relatively realtime) mirrors of the data on the system as well (at least the data located in specified folders).

I was told by a friend that what I would need to research would likely be DFS (Distributed Filesystem) but I was hoping to check with a few experts before I proceeded.
Question by:gopcinc

    Author Comment

    Please provide as much specifics as possible, or if there are any online articles/guides that would be of assistance in guiding me, feel free to provide links.
    LVL 70

    Accepted Solution

    If you want to add a second DC for backup and redundancy - which is highly recommended, the procedure is as follows:-

    Install Windows Server on the new machine

    Assign the new computer an IP address and subnet mask on the existing network

    Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

    Join the new machine to the existing domain as a member server

    If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2

    From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain and follow the prompts.

    Active Directory will be replicated automatically from the existing DC to the new DC and assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

    Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

    If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Dont forget to set the default gateway (router) and DNS Servers.

    Talking of client DNS settings, all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other. Domain Controllers should use themselves as the Preferred DNS server and the other DC as the alternate DNS Server)

    Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned emergency the FSMO roles can be seized (see and

    If you want to "mirror" data as well as Domain Controller Functions in "real time" then you need to be looking at looking at DFS

    For the ultimate solution you could use clustering for a high availability solution but this begins to get expensive both in terms of soefware - you need the enterprise versions of the OS and Applications, and hardware since you need duplicate systems with external disk arrays and multiple networks.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now