• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 278
  • Last Modified:

General Outline for Setting Up a Redundant Domain Controller

I have been assigned the task of researching setting up a domain controller for a client's office  as well as a back-up domain controller. I am not at all familiar with domain controllers and feel a little bit over my head. In order to practice for the task at hand I will be installing Windows Server 2003 Standard Edition on two computers at my house. I have multiple other Windows XP Professional PCs also at my house so I should be able to configure them to log onto the domain.

What has been asked of me is as follows:

Research Set-up/Configuration of Primary Server (Primary Domain Controller & Fileserver)
Research Set-Up/Configuration of Back-up Server (Back-up Domain Controller & File Server)

Basically what we are wanting to do is have one domain controller that also serves the role of a file server, serving files across the local network. However, if that domain controller server fails (i.e. hardware failure, virus, or otherwise becomes unresponsive) we would like the second server to automatically kick in as the domain controller/fileserver untill we can restore the primary system.

Basically we need this second Domain Controller to mirror the settings/configuration of the primary Domain Controller and also maintain realtime (or relatively realtime) mirrors of the data on the system as well (at least the data located in specified folders).

I was told by a friend that what I would need to research would likely be DFS (Distributed Filesystem) but I was hoping to check with a few experts before I proceeded.
1 Solution
gopcincAuthor Commented:
Please provide as much specifics as possible, or if there are any online articles/guides that would be of assistance in guiding me, feel free to provide links.
If you want to add a second DC for backup and redundancy - which is highly recommended, the procedure is as follows:-

Install Windows Server on the new machine

Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain and follow the prompts.

Active Directory will be replicated automatically from the existing DC to the new DC and assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Dont forget to set the default gateway (router) and DNS Servers.

Talking of client DNS settings, all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other. Domain Controllers should use themselves as the Preferred DNS server and the other DC as the alternate DNS Server)

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned emergency the FSMO roles can be seized (see  http://www.petri.co.il/transferring_fsmo_roles.htm and  http://support.microsoft.com/kb/255504)

If you want to "mirror" data as well as Domain Controller Functions in "real time" then you need to be looking at looking at DFS http://www.windowsnetworking.com/articles_tutorials/Configuring-Using-DFS-Replication.html

For the ultimate solution you could use clustering for a high availability solution but this begins to get expensive both in terms of soefware - you need the enterprise versions of the OS and Applications, and hardware since you need duplicate systems with external disk arrays and multiple networks.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now