Posted on 2010-11-11
Last Modified: 2012-05-10
I am adding a new DC to an existing 2003 forest.  Existing has 1 GC and 5 DC's at branch offices connected over MPLS WAN.  We use Sites and services to replicate changes.  Do I join domain at main site, run dcpromo and let AD replicate, then change IP subnet and setup sites for AD replication...or I have the option of hanging new server off a local firewall and running dcpromo from the new subnet.  I thought this might try to pull AD from a BO..   Hope question and explanation is sufficient..Thanks in advance  
Question by:MRamdor
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 27

Expert Comment

ID: 34116476
How large is your AD. There are several option

I would probably just run DCPromo at the branch with only that many DCs.

You could also take a systemstate backup of one DC restore to a seperate directory on the new DC and run dcpromo /adv and point to the file while the DC is in the branch.

Expert Comment

ID: 34116494
Personally i would build the server at the main site, and set up the IP address on the remote subnet. The run DCPROMO from the remote site.

Author Comment

ID: 34116500
AD is not that large.  If I'm going to run it from the branch should I join the domain first dcpromo will take care of that and will it install DNS?  Thanks.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 27

Expert Comment

ID: 34116521
What I usually do is image the DC at the main site join to the domain and ship to the branch. Then run DCPromo from the branch site. If you are worried about the bandwidth of the promo you could put a copy of the system state from another DC on the server and run dcpromo /adv
LVL 24

Expert Comment

ID: 34118336
Its not good practices to join system into domain & then promote as DC, dcpromo should be directly run on server & you should not change IP because mostly DC's are heart of domain & they should not be going through changes or testing.
LVL 27

Expert Comment

ID: 34119325
Awinish, Do you have any documentation that says it is not good practice to run DCPromo on domain joined servers?

There is nothing wrong with changing the IP of a Domain Controller. You need to make sure you follow the proper procedures.
LVL 24

Accepted Solution

Awinish earned 250 total points
ID: 34119440
KenMcF, i don't have reference of any such document but i haven't seen for configuring server as an domain controller, server has to joined to domain first then dcpromo it.

When you do dcpromo, it automatically join the server & while joining the object will be placed in computer ou & then after registering its services as DC,it will be moved to DC OU.

I read somewhere can't recall it,but if you want to configure a server as an DC, directly dcpromo it

In the below articles, can you see anywhere listed, that a server is required  to joined into domain & dcpromo it as its directly going to be DC so why promote it as member server & promote it.

Yes, there is nothing wrong, but when its a domain controller & you don't want to do IP changes,reregister the netlogon services,allow time for replication,until you are changing ISP.

Its better to plan because if you change IP,it has to be updated into client dns setting or other servers, so plan it properly & until its urgent i would not recommend to do it even though it can done.
LVL 27

Assisted Solution

KenMcF earned 250 total points
ID: 34119481
Thanks Awinish, I just wanted to make sure this was not a MS recomendation. there are several reasons we do this.

I agree it is better to plan instead of changing the IP of DCs multiple times. Thats why in one of my previos posts I recomended to run DCPromo once the server was in the branch office. But some times you can not avoid changing the IP. There have been several times where either the remote site has closed or moved and subnets changed, or a network reconfiguration and are forced to change the IP.
LVL 24

Expert Comment

ID: 34119532
Yes, i do believe certain circumstances require us to do changes changes,but making changes on dc esp when users, application & servers depends heavily on it, personally i don't feel comfortable.
So better planning is the key to road ahead, even though its small environment, still we should not make practice, that's what i wanted to guide the author.


Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question