Solved

Adding more than one SBS 2003 Domain Controller

Posted on 2011-02-14
8
714 Views
Last Modified: 2012-05-11
I find myself in an uncomfortable position that needs to be resolved asap.

Senario:  Small (50 user) network running One SBS 2003 R2 acting as Domain controller.  No Exchange.  This server currently provides user account authentication and file sharing.  Obviously as is now, if/when this server goes down we have a serious problem on our hands.  

I assume that the best way to handle this would to add another Domain server?  If so, can the most recent Microsoft server (2008?) "plug in" to our aging 2003 R2 domain and act as backup?  Are there any special/complicated things that need to be done to make this work?   Would a matching amount of client access licenses need to be purchased for the new server software?

Please advise, I this one server setup keeps me awake at night!
0
Comment
Question by:coolkev99
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 5

Expert Comment

by:zippybungle2003
ID: 34888663
Officially you  cannot have an additional domain controller in sbs 2003, unofficaly you can however it cannot hold any FSMO roles so its nigh on useless in a disater situation,

you need to move to sbs 2008 to have an additional domain cotroller in a small business enviroment.

You need to investigate upgrading :)

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=52b7ea63-78af-4a96-811e-284f5c1de13b

0
 
LVL 11

Assisted Solution

by:Old User
Old User earned 100 total points
ID: 34888687
You can add a second DC to a 2003 SBS domain see below link for details

http://technet.microsoft.com/en-us/library/cc708131(WS.10).aspx
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 400 total points
ID: 34888727
There is a popular misconception that in an SBS domain you cannot add another DC. You can have as many DC's as you like. SBS has to be the first DC in the domain (ignoring a migration scenario) and must retain all FSMO roles.
You cannot however add another SBS to an existing domain, only Server std DC's.

The FSMO roles stay on the SBS, you make the additional DC's global catalog servers, and if the SBS is off line the second DC will allow authentication and DNS.
In the event the SBS is dead, you are not going to replace it, or do a restore, it is possible to seize the FSMO roles.
It is very common in an SBS domain to add a DC, especially in multi-site scenarios.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 400 total points
ID: 34888740
Dttails if required:
Add an additional server to an existing SBS 2003 domain:
If the new server is a newer version such as server 2003 R2 or server 2008 you first need to run adprep, on the SBS, from the new server CD set to "extend the SBS schema".
If the new server is server 2003 R2adprep  it is located on the second CD under \CMPNENTS\R2\ADPREP\
If Server 2008 see: http://www.petri.co.il/windows-server-2008-adprep.htm

-Make sure the SBS is fully up to date with all patches and service packs, which makes it more compatible with the new O/S's (2008, Vista, Win7)
-You need to create a computer account for the new server, on the SBS, using the wizard located under server computers in the server management console of the SBS
-If the new server has more than one NIC, disable all but one while joining the domain. Once completed you can enable others
-Then point the new servers DNS only to the SBS, and join the domain using the wizard  http://SBSname/connectcomputer
-If the new server will not join with connectcomputer (I don't believe 2008 will yet), add it manually under My computer properties / computer name / change, and then in Active Directory move the computer from the Servers OU to the MyBusiness/SBS servers OU
-If you wish the new server to be a domain controller, now you can run DCpromo on the new server. You must use integrated zones when working with SBS. (there are different options in the wizard, just choose defaults and integrated). I would recommend at the same time installing DNS.
-If the server is going to be a terminal server (DC and TS is not recommended) you can add the Terminal Server and TS Licensing Server roles now.

You may want to review the following as well:
Add and Manage Additional Servers in a Windows Small Business Server Domain
http://www.microsoft.com/downloads/details.aspx?FamilyID=6f4015f2-7606-4eaa-828a-00b8df6bd999&displaylang=en
0
 

Author Comment

by:coolkev99
ID: 34889822
Thank you all so much for the quick responses.  Looks like I'll be pushing for a new 2008 server.  Adding it looks pretty straightforward, (assuming things go as planned :)  
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34902374
Everything RobWill posted is accurate, and his answer is already accepted, but I have a concern:

    "This server currently provides user account authentication and file sharing."

Adding a DC *won't* resolve problems related to accessing shared files since they would still be on the "down" server.

If the DC shuts down, workstations should still be allowing logons using cached credentials, so the authentication services being down (temporarily) will also not be an issue.

So my query is, what problem are you trying to solve?  In my mind, adding a DC adds unnecessary complexity to most SBS networks (restores are MUCH more brittle to all but the most experienced AD admins) for very little gain. You'd be better served looking at better options.
0
 

Author Comment

by:coolkev99
ID: 34919147
cgaliher:

Yes, the file share would still be an issue, and I that did come to mind.  The data is backed up, but I would have to recreate the shares if the server hosting the data went down.   I don't know of a way to remedy this situatiion.  I'm trying to keep costs as low as possible and so a better way handle this scenario is much appeciated.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34919247
Honestly, for SBS, again, cached credentials work, and getting HA is a moving target, but here are my current thoughts:

1) A solid server with RAID1 disks for the OS, dual power supplies, dual processors, ECC RAM, plugged into a UPS is damn near bulletproof. Then the problem is software failure/corruption, rarely, if ever, hardware.

2) DAta (Exchange, SQL, fileshares) I move to a dedicated storage device. That has been storage arrays, but Drobo is makign big moves to get into business, so there is some big potential there.

3) Nothing beats a SOLID backup plan. A good backup can recover you from software related failres (see #1) and good hardware prevents hardware failures (see #1) so you don't need a econd DC, or bizarre configurations. You can achieve near 99.9% uptime.
0

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now