• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2483
  • Last Modified:

how to convert aditional domain controller to primary domain controller

i am working on disaster recovery and i want to know if my domain goes fail, my hard disk corrupt or i loss my backup than how i change my ADC to PDC. means which right i have to give ADC to work as Primary Domain Controller. what steps in FSMO or other i have to take.

Thanks in advance

1 Solution
There is no such thing as  PDC within Windows 2003.
If you have a DR situation then depending on which FSMO roles the server(s) held, which failed, would depend on which roles you would need to seize.

You can seize a FSMO role via NTDSUTIL
First let's be clear on terminology - no such thing as a PDC anymore, that term went by the wayside in Windows NT 4.0

The answer to your question will depend on the length of the outage, and whether you expect your other domain controller(s) to be returned to service.  

If the outage will only last for a few hours, you'd likely only need to seize the PDC Emulator FSMO role over to the other domain controller, as described here: http://support.microsoft.com/kb/255504, confirm that the other DC is a Global Catalog server, as described here: http://www.petri.co.il/configure_a_new_global_catalog.htm, and configure the DR DC with an authoritative time source, as described here: http://support.microsoft.com/kb/816042

For a more extended outage or one where your other DCs will not be returning to service, you'll need to perform the steps above, and in addition seize all 5 FSMO roles and perform a metadata cleanup to remove references to the failed DC(s) from your production environment: http://support.microsoft.com/kb/216498

Brian PiercePhotographerCommented:
One way to provide resilliance is to have two domain controllers, that way if one fails active directory is immediately availabl on the other and can systems be recovered quickly and without downtime.

To add a second domain copntroller Install Windows on another new machine

Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Make sure DNS is also installed on the new Domain Controller, assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other,

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles.

There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned emergency the FSMO roles can be seized (see http://support.microsoft.com/kb/255504 or http://www.petri.co.il/transferring_fsmo_roles.htm)
sitgAuthor Commented:
see i have Domain Cntroller amdn Additional Domain Controller if Domian Controller Fail than how can i use Additional Domain Controller As a Domiain Controller
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now