Adding Second Domain Controller

Posted on 2007-10-11
Last Modified: 2008-01-09
Hey gang-
Yesterday I added a second domain controller to my domain. Let's call the old domain controller DC1 and the new one DC2. I'm looking forward to eventually retiring DC1 as it is an old tower style and about 7 years old and doesn't look good in my server cage :)

I also have an exchange server...I mention this because my exchange server get's mad when DC1 is restarted and i have to restart the exchange server every time. It's very annoying to get phone calls at 6 am...

DNS is setup and seems to be working on DC2. It's pointing to only itself for DNS, and the ISP's DNS as a forwarder. DC1 is setup the same, points to itself only, and the ISP's DNS as a forwarder. I have DHCP setup on DC2 (with same settings as DC1, but not activated). DHCP scope options are setup to give out DC1 and DC2 for DNS.  I added DC2 as a global catalog server as well.

So onto my questions now..
1) what command tools can i use to verify that things are working properly on DC2? (besides unplugging or shutting down DC1)

2) and what do i need to do in exchange  to make sure exchange can see and use both DC's in case one goes down or gets' restarted?

3) Once I acitvate DHCP on DC2, and stop DHCP on DC1....Will DHCP on DC2 know not to give out already assigned addresses by DC1?

Thanks in advance
Question by:NetAdmin2436
    LVL 95

    Assisted Solution

    by:Lee W, MVP
    Did you make it a global catalog server and give things time to replicate?
    LVL 3

    Assisted Solution

    by:Joseph Tshiteya
    I'm going to assume that you're running one of the Active Directory versions here.  If not, then disregard these answers.

    1) dcdiag.exe, netdiag.exe (both available in either Win2k or Win2k3 resource kits)
    2) As long as all entries are correct in AD & DNS, this should be transparent to any client system.  You may want to move all FSMO roles over to the new DC...
    3) The way DHCP works, a client always requests the IP address it was initially issued.  If the DHCP server has that address available in its pool, then it will go ahead and reassign the same IP address.
    LVL 9

    Assisted Solution

    Command tools.


    You want to make sure replication is working. (but yea, the easiest way is to unplugg dc1...:) )

    2) Add a second DNS entry on the Exchnage server and point it to DC2.

    3) You will need to re-configure the scope options, or import them from DC1 (

    Here is a MS link to their AD center, it has a bunch of MS Links for troubleshooting and stuff.;EN-US;winsvr2003ad

     - Brugh

    LVL 39

    Accepted Solution

    1) Netdiag and DCDiag - download and install the support tools.
    2) Nothing - Exchange will bind to a server, a random server.
    3) No, it will not know - you will need to migrate it over.  There are a few ways to do this, if you have < 100 machines, just create an exclusion in the DHCP scope for the old range and let it give out a different set - then after 8 days, delete the exclusion.
    LVL 39

    Expert Comment

    For those that think Exchange will "seamlessly fail over" think again - if it is bound to the server that has gone down, it will take up to 30 minutes to sort itself out.  DNS records have absolutely nothing to do with it.
    LVL 29

    Assisted Solution


    You will need to check and transfer the FSMO roles from DC1 to DC2 before you retire it.
    How To Find Servers That Hold Flexible Single Master Operations Roles

    1. You want to use dcdiag, netdiag to check that everything is ok with the new DC2 -

    2. When the Exchange services start they bind to one particular DC. If that DC goes down then Exchange will try to communicate with that DC for about 30 minutes before giving up and failing over to another DC unless the Exchange services are restarted. I know this is stupid but that's how it works and I've never heard of anything to change this behaviour.
    You can manually specify a DC via ESM > Exchange Server Properties > Directory Access but I DO NOT recommend it.

    3. I would normally recommend shutting the clients down when changing the DHCP server so that they go through a DHCP request and acknowledgement when they startup and will only find the new DHCP server.
    LVL 29

    Expert Comment

    Wow everyone's too quick sorry all.
    LVL 12

    Author Comment

    <<Wow everyone's too quick sorry all.
    That's what I was thinking...LOL
    LVL 39

    Expert Comment

    Now it is just a matter of you figuring out who to believe :))
    LVL 12

    Author Comment

    Yes I did make it a Global Catalog. It looks like replication took place to and from.

    Yes, active directory (Windows 2003 R2 compatible). Schema version value =31. I had to run adprep.exe /forestprep on DC1....if that's what your refering too...

    Well, let's just say I dare NOT to bet against you again! I did once in the past about a license question and I ended up called were right.

    Alright, let me use these tools and sort everything out. It's been a while since my college lab classes.

    Thanks to everyone so far.
    LVL 12

    Author Comment

    1) netdiag - everything passed

    dcdiag - Everything passed, except...

         Starting test: frsevent
            There are warning or error events within the last 24 hours after the
            SYSVOL has been shared.  Failing SYSVOL replication problems may cause
            Group Policy problems.
            ......................... DC2 failed test frsevent

    I checked the sysvol folder everything seemed to copy over to DC2 through replication and everything seems to be there. So i don't know if this is legit or some false warning...

    2) Ok, so pretty much nothing I can do about this. That is a weak microsoft design IMHO...

    3) You guys answered it.
    LVL 39

    Expert Comment

    1) That DCDiag error is nothing major - infact I would expect it for a new server.

    2) I agree

    3) I think this is the only thing that isn;t going to matter that much - there are 10 ways to do it, and little can go wrong with dhcp


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Learn more about how the humble email signature can be used as more than just an electronic business card. When used correctly, a signature can easily be tailored for different purposes by different departments within an organization.
    Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now