?
Solved

Best Practices to add a new DC

Posted on 2008-09-30
3
Medium Priority
?
597 Views
Last Modified: 2012-05-05
I have a remote site with a single Windows 2003 Domain Controller that is replicating to the DC's at Headquarters..  It is setup as a separate site in Active Directory.  What are the steps I should take to add a new DC in that site including replicating to that's sites Domain Controller?  Is there anything I need to do in Sites & Services or should my focuse be on replication to the remote site?  The remote site is running Integrated DNS; should the new DC run Integrated DNS as well and if so what steps need to be taken?Please give me granular bullets that I should perform.
0
Comment
Question by:iNetSystem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 2000 total points
ID: 22611313
Assuming that you have already go the necessary site.subnets set up in AD sites and services then the process is as follows

The process is as follows

Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network on the approprate site

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller) on the desired site

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2
you need to run

adprep /forestprep
and
adprep /domainprep

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

In AD sites and services allocate the new DC to the correct site.

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Chnage the prefered DNS server settings on the new DC/DNS server to that it uses itself as the preferred DNS server and another server (same site) as the first alternate DNS server (you can add multiple alternates in the Advanced Tab if needed)

You need to add this new DNS server as a DNS server in the client preferences on the site (via static TCP/IP settingd or DHCP options)

Job Done
0
 

Author Comment

by:iNetSystem
ID: 22611398
WOW
Extremely well stated...very impressed.
Please clarif why the new DC running DNS would have the first DNS server pointed to iteself.  The existing single DC in the remote site IS running DNS but is pointing to the PDC at headquarters as well as the secondary DNS server at Headquarters.  A little confused here as the setup seems to run great.  

What else do I need to do to ensure replication throughout and to prepare for, in the event of the original DC going down?  Since remote sites is a bit new for me, what would happen if the single DC failed, would my users there authenticate to Headquarters OK since I have a dedicated MPLS circuit between the sites?

THANKS!
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22611426
All DNS servers should point to themselves as preferred DNS server - it avoids nework traffic for DNS lookups - especially id it involves cross site lookups. (are you sure the existing DC in the site had had DNS installed - check - if not this would be a great idea !)

So long as you have muultiple Global catalogs availabe (which I why I siggested make the new DC a GC and DNS is available then authentication can occur - again worth checking that the current DC on the site is a GC)

To avoid cross-site DNS lookups, you also need to make sure that all machines are configured with the DNS servers relating to their own site.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question