Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 608
  • Last Modified:

Best Practices to add a new DC

I have a remote site with a single Windows 2003 Domain Controller that is replicating to the DC's at Headquarters..  It is setup as a separate site in Active Directory.  What are the steps I should take to add a new DC in that site including replicating to that's sites Domain Controller?  Is there anything I need to do in Sites & Services or should my focuse be on replication to the remote site?  The remote site is running Integrated DNS; should the new DC run Integrated DNS as well and if so what steps need to be taken?Please give me granular bullets that I should perform.
  • 2
1 Solution
Assuming that you have already go the necessary site.subnets set up in AD sites and services then the process is as follows

The process is as follows

Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network on the approprate site

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller) on the desired site

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2
you need to run

adprep /forestprep
adprep /domainprep

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

In AD sites and services allocate the new DC to the correct site.

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Chnage the prefered DNS server settings on the new DC/DNS server to that it uses itself as the preferred DNS server and another server (same site) as the first alternate DNS server (you can add multiple alternates in the Advanced Tab if needed)

You need to add this new DNS server as a DNS server in the client preferences on the site (via static TCP/IP settingd or DHCP options)

Job Done
iNetSystemAuthor Commented:
Extremely well stated...very impressed.
Please clarif why the new DC running DNS would have the first DNS server pointed to iteself.  The existing single DC in the remote site IS running DNS but is pointing to the PDC at headquarters as well as the secondary DNS server at Headquarters.  A little confused here as the setup seems to run great.  

What else do I need to do to ensure replication throughout and to prepare for, in the event of the original DC going down?  Since remote sites is a bit new for me, what would happen if the single DC failed, would my users there authenticate to Headquarters OK since I have a dedicated MPLS circuit between the sites?

All DNS servers should point to themselves as preferred DNS server - it avoids nework traffic for DNS lookups - especially id it involves cross site lookups. (are you sure the existing DC in the site had had DNS installed - check - if not this would be a great idea !)

So long as you have muultiple Global catalogs availabe (which I why I siggested make the new DC a GC and DNS is available then authentication can occur - again worth checking that the current DC on the site is a GC)

To avoid cross-site DNS lookups, you also need to make sure that all machines are configured with the DNS servers relating to their own site.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now