[Webinar] Streamline your web hosting managementRegister Today


Adding more than one SBS 2003 Domain Controller

Posted on 2011-02-14
Medium Priority
Last Modified: 2012-05-11
I find myself in an uncomfortable position that needs to be resolved asap.

Senario:  Small (50 user) network running One SBS 2003 R2 acting as Domain controller.  No Exchange.  This server currently provides user account authentication and file sharing.  Obviously as is now, if/when this server goes down we have a serious problem on our hands.  

I assume that the best way to handle this would to add another Domain server?  If so, can the most recent Microsoft server (2008?) "plug in" to our aging 2003 R2 domain and act as backup?  Are there any special/complicated things that need to be done to make this work?   Would a matching amount of client access licenses need to be purchased for the new server software?

Please advise, I this one server setup keeps me awake at night!
Question by:coolkev99
  • 2
  • 2
  • 2
  • +2

Expert Comment

ID: 34888663
Officially you  cannot have an additional domain controller in sbs 2003, unofficaly you can however it cannot hold any FSMO roles so its nigh on useless in a disater situation,

you need to move to sbs 2008 to have an additional domain cotroller in a small business enviroment.

You need to investigate upgrading :)


LVL 11

Assisted Solution

by:Old User
Old User earned 400 total points
ID: 34888687
You can add a second DC to a 2003 SBS domain see below link for details

LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1600 total points
ID: 34888727
There is a popular misconception that in an SBS domain you cannot add another DC. You can have as many DC's as you like. SBS has to be the first DC in the domain (ignoring a migration scenario) and must retain all FSMO roles.
You cannot however add another SBS to an existing domain, only Server std DC's.

The FSMO roles stay on the SBS, you make the additional DC's global catalog servers, and if the SBS is off line the second DC will allow authentication and DNS.
In the event the SBS is dead, you are not going to replace it, or do a restore, it is possible to seize the FSMO roles.
It is very common in an SBS domain to add a DC, especially in multi-site scenarios.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

LVL 78

Accepted Solution

Rob Williams earned 1600 total points
ID: 34888740
Dttails if required:
Add an additional server to an existing SBS 2003 domain:
If the new server is a newer version such as server 2003 R2 or server 2008 you first need to run adprep, on the SBS, from the new server CD set to "extend the SBS schema".
If the new server is server 2003 R2adprep  it is located on the second CD under \CMPNENTS\R2\ADPREP\
If Server 2008 see: http://www.petri.co.il/windows-server-2008-adprep.htm

-Make sure the SBS is fully up to date with all patches and service packs, which makes it more compatible with the new O/S's (2008, Vista, Win7)
-You need to create a computer account for the new server, on the SBS, using the wizard located under server computers in the server management console of the SBS
-If the new server has more than one NIC, disable all but one while joining the domain. Once completed you can enable others
-Then point the new servers DNS only to the SBS, and join the domain using the wizard  http://SBSname/connectcomputer
-If the new server will not join with connectcomputer (I don't believe 2008 will yet), add it manually under My computer properties / computer name / change, and then in Active Directory move the computer from the Servers OU to the MyBusiness/SBS servers OU
-If you wish the new server to be a domain controller, now you can run DCpromo on the new server. You must use integrated zones when working with SBS. (there are different options in the wizard, just choose defaults and integrated). I would recommend at the same time installing DNS.
-If the server is going to be a terminal server (DC and TS is not recommended) you can add the Terminal Server and TS Licensing Server roles now.

You may want to review the following as well:
Add and Manage Additional Servers in a Windows Small Business Server Domain

Author Comment

ID: 34889822
Thank you all so much for the quick responses.  Looks like I'll be pushing for a new 2008 server.  Adding it looks pretty straightforward, (assuming things go as planned :)  
LVL 61

Expert Comment

by:Cliff Galiher
ID: 34902374
Everything RobWill posted is accurate, and his answer is already accepted, but I have a concern:

    "This server currently provides user account authentication and file sharing."

Adding a DC *won't* resolve problems related to accessing shared files since they would still be on the "down" server.

If the DC shuts down, workstations should still be allowing logons using cached credentials, so the authentication services being down (temporarily) will also not be an issue.

So my query is, what problem are you trying to solve?  In my mind, adding a DC adds unnecessary complexity to most SBS networks (restores are MUCH more brittle to all but the most experienced AD admins) for very little gain. You'd be better served looking at better options.

Author Comment

ID: 34919147

Yes, the file share would still be an issue, and I that did come to mind.  The data is backed up, but I would have to recreate the shares if the server hosting the data went down.   I don't know of a way to remedy this situatiion.  I'm trying to keep costs as low as possible and so a better way handle this scenario is much appeciated.
LVL 61

Expert Comment

by:Cliff Galiher
ID: 34919247
Honestly, for SBS, again, cached credentials work, and getting HA is a moving target, but here are my current thoughts:

1) A solid server with RAID1 disks for the OS, dual power supplies, dual processors, ECC RAM, plugged into a UPS is damn near bulletproof. Then the problem is software failure/corruption, rarely, if ever, hardware.

2) DAta (Exchange, SQL, fileshares) I move to a dedicated storage device. That has been storage arrays, but Drobo is makign big moves to get into business, so there is some big potential there.

3) Nothing beats a SOLID backup plan. A good backup can recover you from software related failres (see #1) and good hardware prevents hardware failures (see #1) so you don't need a econd DC, or bizarre configurations. You can achieve near 99.9% uptime.

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question