• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 216
  • Last Modified:

Additional domain controller server 2003

I have a client that has a 2003 DC and 4 member servers. One of the member servers is running DNS also. If I run DCPROMO on the member server running DNS it says that I need to remove the certificate services first. Can I assume that it is not a secondary DC? If I promote another member server as a DC will it give me logon redundancy if DC1 goes down or will I have to manually tell DC2 to assume that role?
0
jeffreychorba
Asked:
jeffreychorba
  • 4
  • 4
  • 2
  • +1
1 Solution
 
mrklaxonCommented:
Logon redundancy is automatic.  You may want to research other roles like Global Catalog to consider how redundant you want to be.

Look in Active Directory Users and Computers under Domain Controllers for a list of current DCs.
0
 
GovvyCommented:
On first DC run 'netdom query dc' to confirm your current domain controllers

The member server which runs certificate services excludes it from being a DC - you can check your PKI configuration via ADSIEDIT>Configuration>Services>Public Key Services

If you promote another member server to a DC it will provide logon redundancy
0
 
Jason WatkinsIT Project LeaderCommented:
Once Certificate Services is installed on a server, it cannot be changed and should not. Find another machine to be a DC.

0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
jeffreychorbaAuthor Commented:
Thanks everyone, I think I have my answers. The only other question is do I need to make any changes to the dns server on dc1 in order for it to propagate to dc2?
0
 
Jason WatkinsIT Project LeaderCommented:
I would make sure the DNS zone can be transferred to another server. In '03 DNS zones are set to not be transferred by default. I would place DNS replication in with Active Directory, which will now be a factor with 2+ DC's in operation.

0
 
jeffreychorbaAuthor Commented:
Firebar, are there any docs that describe step by step this process or can you click me through it?
0
 
Jason WatkinsIT Project LeaderCommented:


http://technet.microsoft.com/en-us/library/cc782181(WS.10).aspx#BKMK_ui

On step 4, I would go with option three and just list the new DC's IP address.
0
 
jeffreychorbaAuthor Commented:
Do I need to do the same on the new DC and list the main dc ip also for transfers back?
0
 
Jason WatkinsIT Project LeaderCommented:
I dont think so. Once AD/Dns replication are together, you're fine
0
 
jeffreychorbaAuthor Commented:
ok I am going to do this later today
0
 
mrklaxonCommented:
If it's AD integrated DNS (and it should be) replication is setup.  Zone transfer settings aren't needed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now