Adding more than one SBS 2003 Domain Controller

Posted on 2011-02-14
Last Modified: 2012-05-11
I find myself in an uncomfortable position that needs to be resolved asap.

Senario:  Small (50 user) network running One SBS 2003 R2 acting as Domain controller.  No Exchange.  This server currently provides user account authentication and file sharing.  Obviously as is now, if/when this server goes down we have a serious problem on our hands.  

I assume that the best way to handle this would to add another Domain server?  If so, can the most recent Microsoft server (2008?) "plug in" to our aging 2003 R2 domain and act as backup?  Are there any special/complicated things that need to be done to make this work?   Would a matching amount of client access licenses need to be purchased for the new server software?

Please advise, I this one server setup keeps me awake at night!
Question by:coolkev99
  • 2
  • 2
  • 2
  • +2

Expert Comment

ID: 34888663
Officially you  cannot have an additional domain controller in sbs 2003, unofficaly you can however it cannot hold any FSMO roles so its nigh on useless in a disater situation,

you need to move to sbs 2008 to have an additional domain cotroller in a small business enviroment.

You need to investigate upgrading :)

LVL 11

Assisted Solution

by:Old User
Old User earned 100 total points
ID: 34888687
You can add a second DC to a 2003 SBS domain see below link for details
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 400 total points
ID: 34888727
There is a popular misconception that in an SBS domain you cannot add another DC. You can have as many DC's as you like. SBS has to be the first DC in the domain (ignoring a migration scenario) and must retain all FSMO roles.
You cannot however add another SBS to an existing domain, only Server std DC's.

The FSMO roles stay on the SBS, you make the additional DC's global catalog servers, and if the SBS is off line the second DC will allow authentication and DNS.
In the event the SBS is dead, you are not going to replace it, or do a restore, it is possible to seize the FSMO roles.
It is very common in an SBS domain to add a DC, especially in multi-site scenarios.
LVL 77

Accepted Solution

Rob Williams earned 400 total points
ID: 34888740
Dttails if required:
Add an additional server to an existing SBS 2003 domain:
If the new server is a newer version such as server 2003 R2 or server 2008 you first need to run adprep, on the SBS, from the new server CD set to "extend the SBS schema".
If the new server is server 2003 R2adprep  it is located on the second CD under \CMPNENTS\R2\ADPREP\
If Server 2008 see:

-Make sure the SBS is fully up to date with all patches and service packs, which makes it more compatible with the new O/S's (2008, Vista, Win7)
-You need to create a computer account for the new server, on the SBS, using the wizard located under server computers in the server management console of the SBS
-If the new server has more than one NIC, disable all but one while joining the domain. Once completed you can enable others
-Then point the new servers DNS only to the SBS, and join the domain using the wizard  http://SBSname/connectcomputer
-If the new server will not join with connectcomputer (I don't believe 2008 will yet), add it manually under My computer properties / computer name / change, and then in Active Directory move the computer from the Servers OU to the MyBusiness/SBS servers OU
-If you wish the new server to be a domain controller, now you can run DCpromo on the new server. You must use integrated zones when working with SBS. (there are different options in the wizard, just choose defaults and integrated). I would recommend at the same time installing DNS.
-If the server is going to be a terminal server (DC and TS is not recommended) you can add the Terminal Server and TS Licensing Server roles now.

You may want to review the following as well:
Add and Manage Additional Servers in a Windows Small Business Server Domain
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.


Author Comment

ID: 34889822
Thank you all so much for the quick responses.  Looks like I'll be pushing for a new 2008 server.  Adding it looks pretty straightforward, (assuming things go as planned :)  
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34902374
Everything RobWill posted is accurate, and his answer is already accepted, but I have a concern:

    "This server currently provides user account authentication and file sharing."

Adding a DC *won't* resolve problems related to accessing shared files since they would still be on the "down" server.

If the DC shuts down, workstations should still be allowing logons using cached credentials, so the authentication services being down (temporarily) will also not be an issue.

So my query is, what problem are you trying to solve?  In my mind, adding a DC adds unnecessary complexity to most SBS networks (restores are MUCH more brittle to all but the most experienced AD admins) for very little gain. You'd be better served looking at better options.

Author Comment

ID: 34919147

Yes, the file share would still be an issue, and I that did come to mind.  The data is backed up, but I would have to recreate the shares if the server hosting the data went down.   I don't know of a way to remedy this situatiion.  I'm trying to keep costs as low as possible and so a better way handle this scenario is much appeciated.
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34919247
Honestly, for SBS, again, cached credentials work, and getting HA is a moving target, but here are my current thoughts:

1) A solid server with RAID1 disks for the OS, dual power supplies, dual processors, ECC RAM, plugged into a UPS is damn near bulletproof. Then the problem is software failure/corruption, rarely, if ever, hardware.

2) DAta (Exchange, SQL, fileshares) I move to a dedicated storage device. That has been storage arrays, but Drobo is makign big moves to get into business, so there is some big potential there.

3) Nothing beats a SOLID backup plan. A good backup can recover you from software related failres (see #1) and good hardware prevents hardware failures (see #1) so you don't need a econd DC, or bizarre configurations. You can achieve near 99.9% uptime.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now