Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Does Group Policy Settings replicate to a new Secondary Domain controller?

Posted on 2008-06-26
15
Medium Priority
?
696 Views
Last Modified: 2011-04-14
Hi,
 I have a few questions about secondary dc and group policy.
NB: Server A
            Exchange server2003, AD, DNS, DHCP
            File Server
      Server B(new)
            Server 2003Will Setup as secondary DC and GC

Presently Server A is operational and clients can login ok.  I however want to take some load off the one server.
I am proposing to setup secondary dc and have clients login to this instead of server A.  I do want to keep Group policy settings and Folder Redirection.  Is this possible and how  will it affect exchange client and exixting user profiles?

Thanks in advance
0
Comment
Question by:TechGSC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +1
15 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 2000 total points
ID: 21878439
Group Policy will be automatically replicated to the new server when it is promoted as a Domain Controller.

You cannot easily take load off either server because as long as both servers are in the same site, they will both be contacted to process user logons. Doing simple Active Directory actions like logons isn't a too difficult job for any server though. Even if you moved one DC to another site, you would then find the DC on the workstation's local subnet will always receive the logon requests first.

What I do suggest you do is ensure the DNS service is installed to the new DC, and perhaps configure the new DC in your DHCP scope settings to be the preferred (highest preference) DNS server for the network. That may reduce some workload from DC A.

For roaming profiles, they will still work from Server A unless you move them to Server B. Adding a new DC won't actually affect the operation of roaming profiles though.

Furthermore, Exchange will remain on Server A until it is moved to another server. Since Exchange is installed on a Domain Controller, it is ONLY going to use Server A to process Active Directory lookup requests, and Server B will not be seen by Exchange at all. This is the reason why you must keep Server A as a DC and GC at all times.

I should remind you that running the dcpromo wizard on any server with Exchange installed WILL break Exchange - do not do this to demote or promote any server whilst Exchange is still installed.

-tigermatt
0
 
LVL 13

Expert Comment

by:TheCapedPlodder
ID: 21878471
Cracking answer tigermatt.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21878479
Thanks ;-)
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:TechGSC
ID: 21879940
tigermatt:

Thanks for the response.
I would also like to transfer fsmo to secondary dc as well.  If this can be done or recommended pls let know how.
Also I will Tranfer  ' Shared Data'  and 'My Documents'(Folder Redirected) to the secondary server.  I am assuming I have to change the UNC path in Group policy for folder redirection to work.
\\SecondaryDC\newshare\%username%    ?


Please let me know if there are other considerations.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21879992
sure you can move them over - are you looking at replacing that original DC, if so follo wmy guide here it covers everything
http://www.block.net.au/help/replace-dc/
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21881384
You can move FSMO roles as per what James as mentioned above. There's also a guide at http://www.petri.co.il/transferring_fsmo_roles.htm which you can read too. Whatever you do go and read, ensure you are reading about *transferring* the roles - anything which mentions seizing them should be disregarded in this situation.

For your other data folders, you just need to create the share and then change the shortcuts at workstations and the path in the Group Policy. At their next logon, users' data will be moved to their new redirected location.

-tigermatt
0
 

Author Comment

by:TechGSC
ID: 21888231
Hi Guys:
I setup the secondary DC.  AD is setup  and enabled GC.  
However DNS seems to have not replicated.  Please advise on best way to setup dns on secondary dc keeping in mind that i want users to login to the secondary DC instead of the first

tigermatt:
how do I "configure the new DC in your DHCP scope settings to be the preferred (highest preference) DNS server" ?

Your prompt response is appreciated as I have to implement tomorrow.
Thanks
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21889719
restart the netlogon and dns server services - or youc an force replication in sites and services....

under your scope options in DHCP - you need to specify the new server as the first DNS server
0
 
LVL 13

Expert Comment

by:TheCapedPlodder
ID: 21889893
Have you installed DNS and are your zones AD integrated?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21890114
TechGSC,

You need to open the DHCP console on your DHCP server and find the scope settings. Within there, you can see all your configured DNS servers, Add the IP of the new server, but then use the Up and Down buttons to move it to the top of the list, making it the DNS server with highest preference.

For DNS, you will need to ensure your zones are Active Directory-integrated zones so they replicate automatically. See http://support.microsoft.com/kb/198437
0
 

Author Comment

by:TechGSC
ID: 21902839
tigermatt:
   I was able to do everything as planned with your help.   One last question which might be quite simple but I don't know.  How do can you know/verify that users  are logging into the secondary domain and not the PDC?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21902862
You cannot control which server the users are logging into, except perhaps to a certain extent through Active Directory Sites and Services. However, you can find out which server a client used for processing their login by opening a command prompt and typing the SET command. Look for the LOGONSERVER variable.

-tigermatt
0
 

Author Comment

by:TechGSC
ID: 21903493
ok
How would I control(to a extent) which server the user logs into using 'Active Directory Sites and Services' ?

thanks
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21905346
You'd have to open Active Directory Sites and Services, create a new Site, then move the existing server into that site. The complicated part is that the server in the other site must be on a different IP subnet to the server in the local site and all the workstations, which means you are going to need a lot of additional network hardware to achieve this.

There shouldn't be any requirement to control which server is used for logons - Active Directory manages this itself, automatically.

-tigermatt
0
 

Author Closing Comment

by:TechGSC
ID: 31471158
Thanks for the assistance. It was really helpful.
Cheers
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question