We help IT Professionals succeed at work.

Steps to install a remote server as an additional DC/GC + DNS of an existent forest/domain

390 Views
Last Modified: 2008-06-18
Im preparing to install a new Windows Server 2003 in a remote office, which is connected to the main office through a 512k MPLS link.

Im going to install this remote server as an additional DC/GC of the current domain and configure AD sites and services subnets according to actual subneting.

I would also like this new server to be a DNS of the same domain. Our DNS is Active Directory Integrated.

What Im planning to do is this:

1.      Install new remote server Windows 2003 + SP2
2.      Run all Windows Updates
3.      Install DNS on the remote server as a secondary zone
4.      Point DNS on the network configuration of the remote server to itself

First question: Im a little bit confused as to what does AD Integrated DNS means. Does it mean that I dont have to install DNS service on my remote server because once I promote it to a DC/GC it will inherit the DNS capability?

Once I resolve the issue above, I will proceed as follows:

1.      Run DCPROMO and make the remote server a DC
2.      Allow time for replication
3.      Reboot remote server
4.      Verify that there are no errors in the event log and that AD is working correctly on both servers

Am I forgetting something?

Please help me get all these steps right.
Comment
Watch Question

Active Directory-Integrated DNS

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbb_act_zyjb.mspx?mfr=true

Am I forgetting something?

DHCP could split the scope to provide some fault tollerance

Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for your answer ocon827679.

So lets summarize the steps I should follow then:

1.      Install new remote server Windows 2003 + SP2
2.      Run all Windows Updates
3.      Point the DNS network property of the remote server to the current DC running DNS
4.      Add the remote server as a member server of the current domain
5.      Install DNS service on remote server (do not configure at this time)
6.      Run DCPROMO and make the remote server a DC
7.      Allow time for replication
8.                  Configure remote server as a GC
9.      Reboot remote server
10.                Point the DNS network property of the remote server to itself
11.      Verify that there are no errors in the event log and that AD is working correctly on both servers

And once I finish I will have a remote DC/GC which in turn will be a primary DNS server for the current domain (mydomain.local) .

My goal is that all the remote users will be able to use the remote DC/GC server for authentication and DNS. Currently my local server is serving the remote users authentication and DNS needs, using valuable bandwidth from the link.

Are these steps correct according to my goal?
Will you be running dcpromo before or after you install the machine at the remote site?  If the latter, you can cut down on WAN usage by running dcpromo /adv and using the Install from Media option described here: http://support.microsoft.com/kb/311078
You don't need steps 9 or 10, although 10 is probably a good idea.  Lara's comment is a good way to install if your AD is large and you don't want to wait for replication.  Remember, don't configure it to be a GC until you know that the server is functioning correctly as a DC.  

Author

Commented:
I have read the article from Laura's comment but I'm not sure if that install from media option will allow for my remote server to become a primary DNS as well, will it?
Yes.  DOn't get hung up on primary and secondary DNS.  If you use AD integrated the important thing is to have the DNS Server Service loaded.  AD will take care of the rest.  Also, have patience, for some reason the DNS containers are slow to replicate initially.  

Doing the advanced install allows you to make a copy of the AD and import it via a CD.  This can be very useful over slow links, especially if the size of the AD database is very large.  Take a look at your ntds.dit on your existing dc.  Is it large, say several hundred meg, then maybe the advanced install is a better way to deploy the DC.  If its just a few meg, you probably won't have to worry about replication.  

Author

Commented:
Thank you very much for your answers oncon827679

My ntds.dit is only 43MB so I won't do the advanced option.

I will proceed to follow the steps I listed on my summary of the situation (and you corroborated as being correct - the reboot on step 9 won't hurt so I will do it anyway) having in mind your comment "don't configure it to be a GC until you know that the server is functioning correctly as a DC"

oncon827679. You effectively resolved my issues (including your help to underestand the implications of additional input by Laura - also appreciated) so you get full credit for this one.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.