Solved

Best Practices to add a new DC

Posted on 2008-09-30
3
586 Views
Last Modified: 2012-05-05
I have a remote site with a single Windows 2003 Domain Controller that is replicating to the DC's at Headquarters..  It is setup as a separate site in Active Directory.  What are the steps I should take to add a new DC in that site including replicating to that's sites Domain Controller?  Is there anything I need to do in Sites & Services or should my focuse be on replication to the remote site?  The remote site is running Integrated DNS; should the new DC run Integrated DNS as well and if so what steps need to be taken?Please give me granular bullets that I should perform.
0
Comment
Question by:iNetSystem
  • 2
3 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 22611313
Assuming that you have already go the necessary site.subnets set up in AD sites and services then the process is as follows

The process is as follows

Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network on the approprate site

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller) on the desired site

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2
you need to run

adprep /forestprep
and
adprep /domainprep

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

In AD sites and services allocate the new DC to the correct site.

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Chnage the prefered DNS server settings on the new DC/DNS server to that it uses itself as the preferred DNS server and another server (same site) as the first alternate DNS server (you can add multiple alternates in the Advanced Tab if needed)

You need to add this new DNS server as a DNS server in the client preferences on the site (via static TCP/IP settingd or DHCP options)

Job Done
0
 

Author Comment

by:iNetSystem
ID: 22611398
WOW
Extremely well stated...very impressed.
Please clarif why the new DC running DNS would have the first DNS server pointed to iteself.  The existing single DC in the remote site IS running DNS but is pointing to the PDC at headquarters as well as the secondary DNS server at Headquarters.  A little confused here as the setup seems to run great.  

What else do I need to do to ensure replication throughout and to prepare for, in the event of the original DC going down?  Since remote sites is a bit new for me, what would happen if the single DC failed, would my users there authenticate to Headquarters OK since I have a dedicated MPLS circuit between the sites?

THANKS!
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22611426
All DNS servers should point to themselves as preferred DNS server - it avoids nework traffic for DNS lookups - especially id it involves cross site lookups. (are you sure the existing DC in the site had had DNS installed - check - if not this would be a great idea !)

So long as you have muultiple Global catalogs availabe (which I why I siggested make the new DC a GC and DNS is available then authentication can occur - again worth checking that the current DC on the site is a GC)

To avoid cross-site DNS lookups, you also need to make sure that all machines are configured with the DNS servers relating to their own site.
0

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now