Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Best Practices to add a new DC

Posted on 2008-09-30
Medium Priority
Last Modified: 2012-05-05
I have a remote site with a single Windows 2003 Domain Controller that is replicating to the DC's at Headquarters..  It is setup as a separate site in Active Directory.  What are the steps I should take to add a new DC in that site including replicating to that's sites Domain Controller?  Is there anything I need to do in Sites & Services or should my focuse be on replication to the remote site?  The remote site is running Integrated DNS; should the new DC run Integrated DNS as well and if so what steps need to be taken?Please give me granular bullets that I should perform.
Question by:iNetSystem
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 70

Accepted Solution

KCTS earned 2000 total points
ID: 22611313
Assuming that you have already go the necessary site.subnets set up in AD sites and services then the process is as follows

The process is as follows

Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network on the approprate site

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller) on the desired site

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2
you need to run

adprep /forestprep
adprep /domainprep

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

In AD sites and services allocate the new DC to the correct site.

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Chnage the prefered DNS server settings on the new DC/DNS server to that it uses itself as the preferred DNS server and another server (same site) as the first alternate DNS server (you can add multiple alternates in the Advanced Tab if needed)

You need to add this new DNS server as a DNS server in the client preferences on the site (via static TCP/IP settingd or DHCP options)

Job Done

Author Comment

ID: 22611398
Extremely well stated...very impressed.
Please clarif why the new DC running DNS would have the first DNS server pointed to iteself.  The existing single DC in the remote site IS running DNS but is pointing to the PDC at headquarters as well as the secondary DNS server at Headquarters.  A little confused here as the setup seems to run great.  

What else do I need to do to ensure replication throughout and to prepare for, in the event of the original DC going down?  Since remote sites is a bit new for me, what would happen if the single DC failed, would my users there authenticate to Headquarters OK since I have a dedicated MPLS circuit between the sites?

LVL 70

Expert Comment

ID: 22611426
All DNS servers should point to themselves as preferred DNS server - it avoids nework traffic for DNS lookups - especially id it involves cross site lookups. (are you sure the existing DC in the site had had DNS installed - check - if not this would be a great idea !)

So long as you have muultiple Global catalogs availabe (which I why I siggested make the new DC a GC and DNS is available then authentication can occur - again worth checking that the current DC on the site is a GC)

To avoid cross-site DNS lookups, you also need to make sure that all machines are configured with the DNS servers relating to their own site.

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question