?
Solved

Server 2008 New DC

Posted on 2010-01-13
9
Medium Priority
?
319 Views
Last Modified: 2012-05-08
okay will try to explain as best as can.....

currently have 5 sites connected through MPLS.....all different locations..we will call these sites A-E

At site A we have 2 DC`s win 2003 Server...only DC`s on domain....

Currently at site B we need to add an application Server for the apps on this server will not cross the T1 line....they have to be ran locally...

Going to add 2008 DC to site B....am also going to add 2008 DC to site A

so that would be 4 DC...3 at site A and 1 at site B....

at site A i am planning on making the New Server 2008 the PDC and taking one of the 2003 DC machines out......

question....i assume my first step is to switch which is the PDC....when I check the box to make the New Server 2008 the PDC will the current PDC be demoted automatically to BDC...allthough i already have a BDC....I want the BDC to remain the BDC....from my reading this is what i thought....

also for the above question...i am i going about this the right way....is there a better alternative? is there anything i should watch out for or worry about?

come the end i want the PDC and BDC at site A...the PDC will be running Server 2008 and the BDC will be running Server 2003....

At site B I will have Server 2008 DC....which would be ?????WHAT??????Just a DC?????\\

as from above you can see i am a little confused as to which way to go about this.. if anyone could also explain why one way is better than the other also.......any help is appreciated....or if there are better alternatives...please advise........

 
0
Comment
Question by:westhelpdesk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 5

Expert Comment

by:marcokrecic
ID: 26303028
In active-directory all domain controllers are at same level (multimaster).

PDC and BDC is only referred to NT Domains.

One DC in the forest host a 2 single roles (Schema Master Role and Domain Name Master Role)
and one DC in the domain host other 3 single roles (RID MAster Role,PDC Emulator Master Role,infrastructure master role).
A SINGLE DC CAN HOST ALL FIVE ROLES (FSMO ROLES)


A domain controller also has "Global Catalog" property.

You have to acquire skills about this arguments prior to planning an active directory deployment.



0
 

Author Comment

by:westhelpdesk
ID: 26303226
well you lost me.....somewhat....so the solution was????
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 26303271
By 'PDC' I assume you mean the PDC Emulator, one of the 5 FSMOs right?

When considering the placement of the PDC, I would just make sure it is on a well-connected DC, and I would also personally place it in the largest site, the one with the most clients. As it also acts as a DC for pre-2000 machines, you should consider where these are if you have any older clients.

As marco says, there is no PDC/BDC setup in Active Directory. All DCs are equal.

First promote the new server into Site A. To remove the older DC from site A, simply demote it using dcpromo. First make sure it's not being used as a primary DNS server by clients, and also make sure it's not the only GC in Site A. Also transfer any FSMO roles it holds to another DC, probably the new one.

To find out where the FSMOs are held, run 'netdom query fsmo'
To transfer FSMO roles : http://www.petri.co.il/transferring_fsmo_roles.htm

The main thing is to ensure that site A still has at least one GC, and all it's clients are still using a valid local DNS server.

Tony
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:bluntTony
ID: 26303413
And the server in site B, since it's the only DC in that site, make it a DC, GC and DNS server (in fact I would say make ALL of your DCs GCs)

Then configure your clients in that site to use it as primary DNS. This localises all AD requests and DNS and saves them having to go across the MPLS.

No real need to worry about FSMO placement apart from the PDC as I said in the first post.
0
 

Author Comment

by:westhelpdesk
ID: 26303644
we have all xp pro sp3 clients....the machine at site A is the Primary DNS Server...also our current application server, our only GC Server and holds all roles itself.... we do have another 2003 DC as an DNS Server....so if machine A goes down..client authenticate to machine B.........

so you are saying first...the other DC in site A make it a GC....then install the new Server 2008 making it DC, GC, and DNS Server....tranfer all the roles to the new server and then demote the current Primary DNS, GC,.......

in site B just go ahead and make this our DC, GC and DNS and point client to this machine at site B to provide less traffic over MPLS Circuit...

At Site A do the Same for DNS....point clients at the new Server 2008....and Secondary DNS......

Can all DC`s be a GC Server....i was under the impression that you can have only have one GC on the domain???????

sorry about all these newbi questions....just trying to learn the best approach without making a mess of things....also if anyone would have some good articles on this it would be great...thanks for all your help....
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 26303867
That's pretty much it, yes.

No, you can have as many GCs as you wish. Before when site links may have been very low bandwidth, you might have had to be more selective about GC placement to avoid excessive replication traffic over the WAN, but nowadays in most cases you're good to make them all GCs. If it's only a single domain then there is literally nothing to worry about as it generates no additional replication traffic.

One other thing we haven't touched upon - since you are now adding a DC to site B, you will need to ensure it is defined as a site in AD Sites and Services (ADSS). Once you've created the new site in ADSS, move the server object for the server in site B to the site container in ADSS. The servers are probably all currently sitting in a site called 'Default-First-Site-Name'. You can rename this to 'Site A', and create a new sit called 'Site B'. Then you need to create subnet objects to represent the different subnet addresses you have in both of these sites and associate them with the correct site.

This process is what allows clients to use their local DC. Otherwise they could be using any DC and this defeats the point of adding a local DC. For those physical sites that do not have a DC, make sure you associate their subnet objects with the site whose DC you want to serve their clients' requests.

The two sites will now been replicating between each other governed by the rules on the DEFAULTIPSITELINK object (Inter-Site Transports > IP). The replication interval is how often, in minutes, the sites will replicate. Change this to suit your needs. You can also rename this site link object if you wish, something like Site A to Site B would make sense!

Don't worry about asking the questions, that's what we're here for!
0
 

Author Comment

by:westhelpdesk
ID: 26304010
from my understanding under sites and services...i would only add the site and subnet for the locations that are going to have a DC.....there is no sense in me adding a site that is on a different subnet that doesnt have a DC.....is my thinking correct?
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 2000 total points
ID: 26304269
Yes that's correct.

However if you want to make the clients without a local DC (C, D and E) prefer a particular site for authentication (i.e. Site A's DCs or Site B's DCs), then create and associate their subnet objects with either site A or B. This is just a quick and easy way to get them to prefer a particular site's DC.

Tony
0
 

Author Closing Comment

by:westhelpdesk
ID: 31676621
thanks alot!!! you have shed alot of light on this subject!!!!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month12 days, 11 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question