camilorgp
asked on
Steps to install a remote server as an additional DC/GC + DNS of an existent forest/domain
Im preparing to install a new Windows Server 2003 in a remote office, which is connected to the main office through a 512k MPLS link.
Im going to install this remote server as an additional DC/GC of the current domain and configure AD sites and services subnets according to actual subneting.
I would also like this new server to be a DNS of the same domain. Our DNS is Active Directory Integrated.
What Im planning to do is this:
1. Install new remote server Windows 2003 + SP2
2. Run all Windows Updates
3. Install DNS on the remote server as a secondary zone
4. Point DNS on the network configuration of the remote server to itself
First question: Im a little bit confused as to what does AD Integrated DNS means. Does it mean that I dont have to install DNS service on my remote server because once I promote it to a DC/GC it will inherit the DNS capability?
Once I resolve the issue above, I will proceed as follows:
1. Run DCPROMO and make the remote server a DC
2. Allow time for replication
3. Reboot remote server
4. Verify that there are no errors in the event log and that AD is working correctly on both servers
Am I forgetting something?
Please help me get all these steps right.
Im going to install this remote server as an additional DC/GC of the current domain and configure AD sites and services subnets according to actual subneting.
I would also like this new server to be a DNS of the same domain. Our DNS is Active Directory Integrated.
What Im planning to do is this:
1. Install new remote server Windows 2003 + SP2
2. Run all Windows Updates
3. Install DNS on the remote server as a secondary zone
4. Point DNS on the network configuration of the remote server to itself
First question: Im a little bit confused as to what does AD Integrated DNS means. Does it mean that I dont have to install DNS service on my remote server because once I promote it to a DC/GC it will inherit the DNS capability?
Once I resolve the issue above, I will proceed as follows:
1. Run DCPROMO and make the remote server a DC
2. Allow time for replication
3. Reboot remote server
4. Verify that there are no errors in the event log and that AD is working correctly on both servers
Am I forgetting something?
Please help me get all these steps right.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your answer ocon827679.
So lets summarize the steps I should follow then:
1. Install new remote server Windows 2003 + SP2
2. Run all Windows Updates
3. Point the DNS network property of the remote server to the current DC running DNS
4. Add the remote server as a member server of the current domain
5. Install DNS service on remote server (do not configure at this time)
6. Run DCPROMO and make the remote server a DC
7. Allow time for replication
8. Configure remote server as a GC
9. Reboot remote server
10. Point the DNS network property of the remote server to itself
11. Verify that there are no errors in the event log and that AD is working correctly on both servers
And once I finish I will have a remote DC/GC which in turn will be a primary DNS server for the current domain (mydomain.local) .
My goal is that all the remote users will be able to use the remote DC/GC server for authentication and DNS. Currently my local server is serving the remote users authentication and DNS needs, using valuable bandwidth from the link.
Are these steps correct according to my goal?
So lets summarize the steps I should follow then:
1. Install new remote server Windows 2003 + SP2
2. Run all Windows Updates
3. Point the DNS network property of the remote server to the current DC running DNS
4. Add the remote server as a member server of the current domain
5. Install DNS service on remote server (do not configure at this time)
6. Run DCPROMO and make the remote server a DC
7. Allow time for replication
8. Configure remote server as a GC
9. Reboot remote server
10. Point the DNS network property of the remote server to itself
11. Verify that there are no errors in the event log and that AD is working correctly on both servers
And once I finish I will have a remote DC/GC which in turn will be a primary DNS server for the current domain (mydomain.local) .
My goal is that all the remote users will be able to use the remote DC/GC server for authentication and DNS. Currently my local server is serving the remote users authentication and DNS needs, using valuable bandwidth from the link.
Are these steps correct according to my goal?
Will you be running dcpromo before or after you install the machine at the remote site? If the latter, you can cut down on WAN usage by running dcpromo /adv and using the Install from Media option described here: http://support.microsoft.com/kb/311078
You don't need steps 9 or 10, although 10 is probably a good idea. Lara's comment is a good way to install if your AD is large and you don't want to wait for replication. Remember, don't configure it to be a GC until you know that the server is functioning correctly as a DC.
ASKER
I have read the article from Laura's comment but I'm not sure if that install from media option will allow for my remote server to become a primary DNS as well, will it?
Yes. DOn't get hung up on primary and secondary DNS. If you use AD integrated the important thing is to have the DNS Server Service loaded. AD will take care of the rest. Also, have patience, for some reason the DNS containers are slow to replicate initially.
Doing the advanced install allows you to make a copy of the AD and import it via a CD. This can be very useful over slow links, especially if the size of the AD database is very large. Take a look at your ntds.dit on your existing dc. Is it large, say several hundred meg, then maybe the advanced install is a better way to deploy the DC. If its just a few meg, you probably won't have to worry about replication.
Doing the advanced install allows you to make a copy of the AD and import it via a CD. This can be very useful over slow links, especially if the size of the AD database is very large. Take a look at your ntds.dit on your existing dc. Is it large, say several hundred meg, then maybe the advanced install is a better way to deploy the DC. If its just a few meg, you probably won't have to worry about replication.
ASKER
Thank you very much for your answers oncon827679
My ntds.dit is only 43MB so I won't do the advanced option.
I will proceed to follow the steps I listed on my summary of the situation (and you corroborated as being correct - the reboot on step 9 won't hurt so I will do it anyway) having in mind your comment "don't configure it to be a GC until you know that the server is functioning correctly as a DC"
oncon827679. You effectively resolved my issues (including your help to underestand the implications of additional input by Laura - also appreciated) so you get full credit for this one.
My ntds.dit is only 43MB so I won't do the advanced option.
I will proceed to follow the steps I listed on my summary of the situation (and you corroborated as being correct - the reboot on step 9 won't hurt so I will do it anyway) having in mind your comment "don't configure it to be a GC until you know that the server is functioning correctly as a DC"
oncon827679. You effectively resolved my issues (including your help to underestand the implications of additional input by Laura - also appreciated) so you get full credit for this one.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbb_act_zyjb.mspx?mfr=true
Am I forgetting something?
DHCP could split the scope to provide some fault tollerance