?
Solved

Steps to install a remote server as an additional DC/GC + DNS of an existent forest/domain

Posted on 2007-10-02
8
Medium Priority
?
346 Views
Last Modified: 2008-06-18
Im preparing to install a new Windows Server 2003 in a remote office, which is connected to the main office through a 512k MPLS link.

Im going to install this remote server as an additional DC/GC of the current domain and configure AD sites and services subnets according to actual subneting.

I would also like this new server to be a DNS of the same domain. Our DNS is Active Directory Integrated.

What Im planning to do is this:

1.      Install new remote server Windows 2003 + SP2
2.      Run all Windows Updates
3.      Install DNS on the remote server as a secondary zone
4.      Point DNS on the network configuration of the remote server to itself

First question: Im a little bit confused as to what does AD Integrated DNS means. Does it mean that I dont have to install DNS service on my remote server because once I promote it to a DC/GC it will inherit the DNS capability?

Once I resolve the issue above, I will proceed as follows:

1.      Run DCPROMO and make the remote server a DC
2.      Allow time for replication
3.      Reboot remote server
4.      Verify that there are no errors in the event log and that AD is working correctly on both servers

Am I forgetting something?

Please help me get all these steps right.
0
Comment
Question by:camilorgp
8 Comments
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20001474
Active Directory-Integrated DNS

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbb_act_zyjb.mspx?mfr=true

Am I forgetting something?

DHCP could split the scope to provide some fault tollerance

0
 
LVL 13

Accepted Solution

by:
ocon827679 earned 2000 total points
ID: 20001509
Don't install the secondary zone.  Just add the DNS Server Service.  When you promote the DC, the zone will be replicated over to the new DC.  AD integrated basically means that the DNS records are maintained in AD.  All Integrated zones are primary, therefore no need for a secondary.  Another plus for using AD integrated is that AD will do the replication and AD replication is more efficient than DNS replication to secondaries.

When you install the remote, point the DNS network property to the current DC running DNS.  This will ensure that the remote will be able to find the domain controller and start its replication of the AD data.

Configure the Global Catalog after the AD replication is complete and the remote is running as a domain controller (sysvol is shared - which is the last thing that happens for a server to be considered a dc). Look for the event 13516 in the FRS log - this will tell you that the server is now a domain controller.
0
 

Author Comment

by:camilorgp
ID: 20001643
Thanks for your answer ocon827679.

So lets summarize the steps I should follow then:

1.      Install new remote server Windows 2003 + SP2
2.      Run all Windows Updates
3.      Point the DNS network property of the remote server to the current DC running DNS
4.      Add the remote server as a member server of the current domain
5.      Install DNS service on remote server (do not configure at this time)
6.      Run DCPROMO and make the remote server a DC
7.      Allow time for replication
8.                  Configure remote server as a GC
9.      Reboot remote server
10.                Point the DNS network property of the remote server to itself
11.      Verify that there are no errors in the event log and that AD is working correctly on both servers

And once I finish I will have a remote DC/GC which in turn will be a primary DNS server for the current domain (mydomain.local) .

My goal is that all the remote users will be able to use the remote DC/GC server for authentication and DNS. Currently my local server is serving the remote users authentication and DNS needs, using valuable bandwidth from the link.

Are these steps correct according to my goal?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20001670
Will you be running dcpromo before or after you install the machine at the remote site?  If the latter, you can cut down on WAN usage by running dcpromo /adv and using the Install from Media option described here: http://support.microsoft.com/kb/311078
0
 
LVL 13

Expert Comment

by:ocon827679
ID: 20001738
You don't need steps 9 or 10, although 10 is probably a good idea.  Lara's comment is a good way to install if your AD is large and you don't want to wait for replication.  Remember, don't configure it to be a GC until you know that the server is functioning correctly as a DC.  
0
 

Author Comment

by:camilorgp
ID: 20001776
I have read the article from Laura's comment but I'm not sure if that install from media option will allow for my remote server to become a primary DNS as well, will it?
0
 
LVL 13

Expert Comment

by:ocon827679
ID: 20001847
Yes.  DOn't get hung up on primary and secondary DNS.  If you use AD integrated the important thing is to have the DNS Server Service loaded.  AD will take care of the rest.  Also, have patience, for some reason the DNS containers are slow to replicate initially.  

Doing the advanced install allows you to make a copy of the AD and import it via a CD.  This can be very useful over slow links, especially if the size of the AD database is very large.  Take a look at your ntds.dit on your existing dc.  Is it large, say several hundred meg, then maybe the advanced install is a better way to deploy the DC.  If its just a few meg, you probably won't have to worry about replication.  
0
 

Author Comment

by:camilorgp
ID: 20001987
Thank you very much for your answers oncon827679

My ntds.dit is only 43MB so I won't do the advanced option.

I will proceed to follow the steps I listed on my summary of the situation (and you corroborated as being correct - the reboot on step 9 won't hurt so I will do it anyway) having in mind your comment "don't configure it to be a GC until you know that the server is functioning correctly as a DC"

oncon827679. You effectively resolved my issues (including your help to underestand the implications of additional input by Laura - also appreciated) so you get full credit for this one.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question