Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DCPROMO Order

Posted on 2010-11-11
9
Medium Priority
?
817 Views
Last Modified: 2012-05-10
I am adding a new DC to an existing 2003 forest.  Existing has 1 GC and 5 DC's at branch offices connected over MPLS WAN.  We use Sites and services to replicate changes.  Do I join domain at main site, run dcpromo and let AD replicate, then change IP subnet and setup sites for AD replication...or I have the option of hanging new server off a local firewall and running dcpromo from the new subnet.  I thought this might try to pull AD from a BO..   Hope question and explanation is sufficient..Thanks in advance  
0
Comment
Question by:MRamdor
9 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 34116476
How large is your AD. There are several option

I would probably just run DCPromo at the branch with only that many DCs.

You could also take a systemstate backup of one DC restore to a seperate directory on the new DC and run dcpromo /adv and point to the file while the DC is in the branch.
0
 
LVL 4

Expert Comment

by:sire_harvey
ID: 34116494
Personally i would build the server at the main site, and set up the IP address on the remote subnet. The run DCPROMO from the remote site.
0
 

Author Comment

by:MRamdor
ID: 34116500
AD is not that large.  If I'm going to run it from the branch should I join the domain first dcpromo will take care of that and will it install DNS?  Thanks.
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
LVL 27

Expert Comment

by:KenMcF
ID: 34116521
What I usually do is image the DC at the main site join to the domain and ship to the branch. Then run DCPromo from the branch site. If you are worried about the bandwidth of the promo you could put a copy of the system state from another DC on the server and run dcpromo /adv
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34118336
Its not good practices to join system into domain & then promote as DC, dcpromo should be directly run on server & you should not change IP because mostly DC's are heart of domain & they should not be going through changes or testing.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34119325
Awinish, Do you have any documentation that says it is not good practice to run DCPromo on domain joined servers?

There is nothing wrong with changing the IP of a Domain Controller. You need to make sure you follow the proper procedures.

http://technet.microsoft.com/en-us/library/cc758579(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc794931(WS.10).aspx
0
 
LVL 24

Accepted Solution

by:
Awinish earned 1000 total points
ID: 34119440
KenMcF, i don't have reference of any such document but i haven't seen for configuring server as an domain controller, server has to joined to domain first then dcpromo it.


When you do dcpromo, it automatically join the server & while joining the object will be placed in computer ou & then after registering its services as DC,it will be moved to DC OU.

I read somewhere can't recall it,but if you want to configure a server as an DC, directly dcpromo it

In the below articles, can you see anywhere listed, that a server is required  to joined into domain & dcpromo it as its directly going to be DC so why promote it as member server & promote it.

Yes, there is nothing wrong, but when its a domain controller & you don't want to do IP changes,reregister the netlogon services,allow time for replication,until you are changing ISP.

Its better to plan because if you change IP,it has to be updated into client dns setting or other servers, so plan it properly & until its urgent i would not recommend to do it even though it can done.

http://www.windowsreference.com/windows-server-2003/how-to-create-an-additional-domain-controller-in-win-server-2003/
http://www.petri.co.il/how_to_install_active_directory_replica_on_windows_2003.htm
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 1000 total points
ID: 34119481
Thanks Awinish, I just wanted to make sure this was not a MS recomendation. there are several reasons we do this.

I agree it is better to plan instead of changing the IP of DCs multiple times. Thats why in one of my previos posts I recomended to run DCPromo once the server was in the branch office. But some times you can not avoid changing the IP. There have been several times where either the remote site has closed or moved and subnets changed, or a network reconfiguration and are forced to change the IP.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34119532
Yes, i do believe certain circumstances require us to do changes changes,but making changes on dc esp when users, application & servers depends heavily on it, personally i don't feel comfortable.
So better planning is the key to road ahead, even though its small environment, still we should not make practice, that's what i wanted to guide the author.

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question