[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

secondary AD - for backup

Hi,

I have a freshly installed windows 2003 server with AD and I have an older version win2k server and I was thinking, can I use that as a backup incase anything happens to the main DC?

If so, do I set it up as additional domain controller for the existing domain? If I turned off the main DC my win2k server will take over?

Cheers!
0
mikesteven
Asked:
mikesteven
  • 5
  • 4
  • 3
  • +3
3 Solutions
 
Darius GhassemCommented:
What is your Forset Functional Level? If the forest functional is 2003 then you can't all DCs must be at least 2003.

http://www.petri.co.il/raise_forest_function_level_in_windows_2003.htm
0
 
Shift-3Commented:
Yes, you can DCPROMO the 2000 server, make it a Global Catalog server, and it will handle authentication if the other DC is down.  Make sure that other services such as DNS are also fault-tolerant in order for clients to find the new DC.
 
 Note that if the other DC were to die permanently then you would eventually need to seize the FSMO roles, but that is not a short-term concern.
0
 
Shift-3Commented:
Ah, yes, assuming the functional level permits it.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
CreditSoupTechCommented:
Well make sure your primary domain controller is at the default functionality level. If it has been changed to windows 2003 only that will have to be changed. Also make sure the Win2k is not a member server in any domain. Then just launch 'dcpromo' from the Win2k box and add it as 'additional domain controller in and existing domain'. I would recommend installing the DNS service on the Win2k box before running dcpromo though, just to keep things simple.  Make sure everything replicated correctly to the backup domain controller and you are done, just update your DHCP with the additional DNS server info.

If you turned off your main Win23k domain controller yes the win2k server will take over, but only for a little while. You have to manually transfer the FSMO roles. I would say if the primary is gone for over 1-2 full days you should consider transfering the roles.
Does anyone have any other reccomendations on how long before the FSMO roles should be transfered?

http://support.microsoft.com/kb/324801


http://technet.microsoft.com/en-us/library/cc526434.aspx

Hope this points you in the right direction.
0
 
CreditSoupTechCommented:
Another article on forcing the FSMO transfer.
http://www.petri.co.il/transferring_fsmo_roles.htm
0
 
FTWNJCommented:
Yep, ,your win2k DC should take over if anything were to happen with your current DC.  Just remember to install DNS and make sure it is replicating properly before you promote the server to a domain controller.  And once finished make sure it is configured as a Global Catalog server.
0
 
AmericomCommented:
If you only have a win2k3 DC, why use a win2k as an additional DC? Why not just trash the win2k OS and get it on Win2k3 before dcpomo it as additional DC? Unless there's application you have in the Win2k3 cannot be interrupted. Otherwise, adding a Win2k as an additional DC will only hold you up to have only win2k native mode which will downgrade some of the Windows Server 2003 native mode. So, I would suggest you take a slight effort to add win2k3 DC rather than going backward with win2k DC.
0
 
AmericomCommented:
As mentioned from the above experts, if you have raised you win2k3 to navtive mode, you can't add a win2k DC to a win2k3 domain with native mode.
0
 
mikestevenAuthor Commented:
Finish isntalling DNS on the win2k, do I need to setup replication before I hit dcpromo? How can do I replicate dns?
0
 
Darius GhassemCommented:
No, go a head and click dcpromo but the easier way to install DNS is allow dcpromo to install it for you. Or install DNS after you promote the server to a DC. Make sure the server is pointing to a existing DNS server as primary before you do a dcpromo and don't change it until you know AD replication is fully done.
0
 
mikestevenAuthor Commented:
dariusq,

Finish executing dcpromo, When I open the users & computer AD, it looks to be the same as the main DC and sadly for DNS there was nothing defined on forward and reverse...I think it's not yet configured. What can we do?
0
 
Darius GhassemCommented:
Go to DNS then right-click Forward Lookup Zones then create a new zone.


http://support.microsoft.com/kb/323445
0
 
mikestevenAuthor Commented:
thanks! I thougth the DNS will be replicated?
0
 
Darius GhassemCommented:
Once you install the zones then it will replicate but the DNS server and AD needs to see the zones listed so it knows to replicate.
0
 
mikestevenAuthor Commented:
dariusq,

I added the forward & reverse zones with AD integration, it has been 1 day and no replication yet...not sure what I'm missing..
0
 
AmericomCommented:
Just make sure both DNS are configured as Active Directory-Integrated zone type and with the same exactly zone name under the forward and reverse lookup zone. If you don't see it, just restart the netlogon services of your win2k3 DC. Otherwise, restart DNS services then restart netlogon services.
0
 
Darius GhassemCommented:
I agree with Americom post.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

  • 5
  • 4
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now