?
Solved

Adding more than one SBS 2003 Domain Controller

Posted on 2011-02-14
8
Medium Priority
?
765 Views
Last Modified: 2012-05-11
I find myself in an uncomfortable position that needs to be resolved asap.

Senario:  Small (50 user) network running One SBS 2003 R2 acting as Domain controller.  No Exchange.  This server currently provides user account authentication and file sharing.  Obviously as is now, if/when this server goes down we have a serious problem on our hands.  

I assume that the best way to handle this would to add another Domain server?  If so, can the most recent Microsoft server (2008?) "plug in" to our aging 2003 R2 domain and act as backup?  Are there any special/complicated things that need to be done to make this work?   Would a matching amount of client access licenses need to be purchased for the new server software?

Please advise, I this one server setup keeps me awake at night!
0
Comment
Question by:coolkev99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 5

Expert Comment

by:zippybungle2003
ID: 34888663
Officially you  cannot have an additional domain controller in sbs 2003, unofficaly you can however it cannot hold any FSMO roles so its nigh on useless in a disater situation,

you need to move to sbs 2008 to have an additional domain cotroller in a small business enviroment.

You need to investigate upgrading :)

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=52b7ea63-78af-4a96-811e-284f5c1de13b

0
 
LVL 11

Assisted Solution

by:Old User
Old User earned 400 total points
ID: 34888687
You can add a second DC to a 2003 SBS domain see below link for details

http://technet.microsoft.com/en-us/library/cc708131(WS.10).aspx
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 1600 total points
ID: 34888727
There is a popular misconception that in an SBS domain you cannot add another DC. You can have as many DC's as you like. SBS has to be the first DC in the domain (ignoring a migration scenario) and must retain all FSMO roles.
You cannot however add another SBS to an existing domain, only Server std DC's.

The FSMO roles stay on the SBS, you make the additional DC's global catalog servers, and if the SBS is off line the second DC will allow authentication and DNS.
In the event the SBS is dead, you are not going to replace it, or do a restore, it is possible to seize the FSMO roles.
It is very common in an SBS domain to add a DC, especially in multi-site scenarios.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 77

Accepted Solution

by:
Rob Williams earned 1600 total points
ID: 34888740
Dttails if required:
Add an additional server to an existing SBS 2003 domain:
If the new server is a newer version such as server 2003 R2 or server 2008 you first need to run adprep, on the SBS, from the new server CD set to "extend the SBS schema".
If the new server is server 2003 R2adprep  it is located on the second CD under \CMPNENTS\R2\ADPREP\
If Server 2008 see: http://www.petri.co.il/windows-server-2008-adprep.htm

-Make sure the SBS is fully up to date with all patches and service packs, which makes it more compatible with the new O/S's (2008, Vista, Win7)
-You need to create a computer account for the new server, on the SBS, using the wizard located under server computers in the server management console of the SBS
-If the new server has more than one NIC, disable all but one while joining the domain. Once completed you can enable others
-Then point the new servers DNS only to the SBS, and join the domain using the wizard  http://SBSname/connectcomputer
-If the new server will not join with connectcomputer (I don't believe 2008 will yet), add it manually under My computer properties / computer name / change, and then in Active Directory move the computer from the Servers OU to the MyBusiness/SBS servers OU
-If you wish the new server to be a domain controller, now you can run DCpromo on the new server. You must use integrated zones when working with SBS. (there are different options in the wizard, just choose defaults and integrated). I would recommend at the same time installing DNS.
-If the server is going to be a terminal server (DC and TS is not recommended) you can add the Terminal Server and TS Licensing Server roles now.

You may want to review the following as well:
Add and Manage Additional Servers in a Windows Small Business Server Domain
http://www.microsoft.com/downloads/details.aspx?FamilyID=6f4015f2-7606-4eaa-828a-00b8df6bd999&displaylang=en
0
 

Author Comment

by:coolkev99
ID: 34889822
Thank you all so much for the quick responses.  Looks like I'll be pushing for a new 2008 server.  Adding it looks pretty straightforward, (assuming things go as planned :)  
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 34902374
Everything RobWill posted is accurate, and his answer is already accepted, but I have a concern:

    "This server currently provides user account authentication and file sharing."

Adding a DC *won't* resolve problems related to accessing shared files since they would still be on the "down" server.

If the DC shuts down, workstations should still be allowing logons using cached credentials, so the authentication services being down (temporarily) will also not be an issue.

So my query is, what problem are you trying to solve?  In my mind, adding a DC adds unnecessary complexity to most SBS networks (restores are MUCH more brittle to all but the most experienced AD admins) for very little gain. You'd be better served looking at better options.
0
 

Author Comment

by:coolkev99
ID: 34919147
cgaliher:

Yes, the file share would still be an issue, and I that did come to mind.  The data is backed up, but I would have to recreate the shares if the server hosting the data went down.   I don't know of a way to remedy this situatiion.  I'm trying to keep costs as low as possible and so a better way handle this scenario is much appeciated.
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 34919247
Honestly, for SBS, again, cached credentials work, and getting HA is a moving target, but here are my current thoughts:

1) A solid server with RAID1 disks for the OS, dual power supplies, dual processors, ECC RAM, plugged into a UPS is damn near bulletproof. Then the problem is software failure/corruption, rarely, if ever, hardware.

2) DAta (Exchange, SQL, fileshares) I move to a dedicated storage device. That has been storage arrays, but Drobo is makign big moves to get into business, so there is some big potential there.

3) Nothing beats a SOLID backup plan. A good backup can recover you from software related failres (see #1) and good hardware prevents hardware failures (see #1) so you don't need a econd DC, or bizarre configurations. You can achieve near 99.9% uptime.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question