Adding more than one SBS 2003 Domain Controller

Posted on 2011-02-14
Last Modified: 2012-05-11
I find myself in an uncomfortable position that needs to be resolved asap.

Senario:  Small (50 user) network running One SBS 2003 R2 acting as Domain controller.  No Exchange.  This server currently provides user account authentication and file sharing.  Obviously as is now, if/when this server goes down we have a serious problem on our hands.  

I assume that the best way to handle this would to add another Domain server?  If so, can the most recent Microsoft server (2008?) "plug in" to our aging 2003 R2 domain and act as backup?  Are there any special/complicated things that need to be done to make this work?   Would a matching amount of client access licenses need to be purchased for the new server software?

Please advise, I this one server setup keeps me awake at night!
Question by:coolkev99
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2

Expert Comment

ID: 34888663
Officially you  cannot have an additional domain controller in sbs 2003, unofficaly you can however it cannot hold any FSMO roles so its nigh on useless in a disater situation,

you need to move to sbs 2008 to have an additional domain cotroller in a small business enviroment.

You need to investigate upgrading :)

LVL 11

Assisted Solution

by:Old User
Old User earned 100 total points
ID: 34888687
You can add a second DC to a 2003 SBS domain see below link for details
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 400 total points
ID: 34888727
There is a popular misconception that in an SBS domain you cannot add another DC. You can have as many DC's as you like. SBS has to be the first DC in the domain (ignoring a migration scenario) and must retain all FSMO roles.
You cannot however add another SBS to an existing domain, only Server std DC's.

The FSMO roles stay on the SBS, you make the additional DC's global catalog servers, and if the SBS is off line the second DC will allow authentication and DNS.
In the event the SBS is dead, you are not going to replace it, or do a restore, it is possible to seize the FSMO roles.
It is very common in an SBS domain to add a DC, especially in multi-site scenarios.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 77

Accepted Solution

Rob Williams earned 400 total points
ID: 34888740
Dttails if required:
Add an additional server to an existing SBS 2003 domain:
If the new server is a newer version such as server 2003 R2 or server 2008 you first need to run adprep, on the SBS, from the new server CD set to "extend the SBS schema".
If the new server is server 2003 R2adprep  it is located on the second CD under \CMPNENTS\R2\ADPREP\
If Server 2008 see:

-Make sure the SBS is fully up to date with all patches and service packs, which makes it more compatible with the new O/S's (2008, Vista, Win7)
-You need to create a computer account for the new server, on the SBS, using the wizard located under server computers in the server management console of the SBS
-If the new server has more than one NIC, disable all but one while joining the domain. Once completed you can enable others
-Then point the new servers DNS only to the SBS, and join the domain using the wizard  http://SBSname/connectcomputer
-If the new server will not join with connectcomputer (I don't believe 2008 will yet), add it manually under My computer properties / computer name / change, and then in Active Directory move the computer from the Servers OU to the MyBusiness/SBS servers OU
-If you wish the new server to be a domain controller, now you can run DCpromo on the new server. You must use integrated zones when working with SBS. (there are different options in the wizard, just choose defaults and integrated). I would recommend at the same time installing DNS.
-If the server is going to be a terminal server (DC and TS is not recommended) you can add the Terminal Server and TS Licensing Server roles now.

You may want to review the following as well:
Add and Manage Additional Servers in a Windows Small Business Server Domain

Author Comment

ID: 34889822
Thank you all so much for the quick responses.  Looks like I'll be pushing for a new 2008 server.  Adding it looks pretty straightforward, (assuming things go as planned :)  
LVL 58

Expert Comment

by:Cliff Galiher
ID: 34902374
Everything RobWill posted is accurate, and his answer is already accepted, but I have a concern:

    "This server currently provides user account authentication and file sharing."

Adding a DC *won't* resolve problems related to accessing shared files since they would still be on the "down" server.

If the DC shuts down, workstations should still be allowing logons using cached credentials, so the authentication services being down (temporarily) will also not be an issue.

So my query is, what problem are you trying to solve?  In my mind, adding a DC adds unnecessary complexity to most SBS networks (restores are MUCH more brittle to all but the most experienced AD admins) for very little gain. You'd be better served looking at better options.

Author Comment

ID: 34919147

Yes, the file share would still be an issue, and I that did come to mind.  The data is backed up, but I would have to recreate the shares if the server hosting the data went down.   I don't know of a way to remedy this situatiion.  I'm trying to keep costs as low as possible and so a better way handle this scenario is much appeciated.
LVL 58

Expert Comment

by:Cliff Galiher
ID: 34919247
Honestly, for SBS, again, cached credentials work, and getting HA is a moving target, but here are my current thoughts:

1) A solid server with RAID1 disks for the OS, dual power supplies, dual processors, ECC RAM, plugged into a UPS is damn near bulletproof. Then the problem is software failure/corruption, rarely, if ever, hardware.

2) DAta (Exchange, SQL, fileshares) I move to a dedicated storage device. That has been storage arrays, but Drobo is makign big moves to get into business, so there is some big potential there.

3) Nothing beats a SOLID backup plan. A good backup can recover you from software related failres (see #1) and good hardware prevents hardware failures (see #1) so you don't need a econd DC, or bizarre configurations. You can achieve near 99.9% uptime.

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question