jeffreychorba
asked on
Additional domain controller server 2003
I have a client that has a 2003 DC and 4 member servers. One of the member servers is running DNS also. If I run DCPROMO on the member server running DNS it says that I need to remove the certificate services first. Can I assume that it is not a secondary DC? If I promote another member server as a DC will it give me logon redundancy if DC1 goes down or will I have to manually tell DC2 to assume that role?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Once Certificate Services is installed on a server, it cannot be changed and should not. Find another machine to be a DC.
ASKER
Thanks everyone, I think I have my answers. The only other question is do I need to make any changes to the dns server on dc1 in order for it to propagate to dc2?
I would make sure the DNS zone can be transferred to another server. In '03 DNS zones are set to not be transferred by default. I would place DNS replication in with Active Directory, which will now be a factor with 2+ DC's in operation.
ASKER
Firebar, are there any docs that describe step by step this process or can you click me through it?
http://technet.microsoft.com/en-us/library/cc782181(WS.10).aspx#BKMK_ui
On step 4, I would go with option three and just list the new DC's IP address.
ASKER
Do I need to do the same on the new DC and list the main dc ip also for transfers back?
I dont think so. Once AD/Dns replication are together, you're fine
ASKER
ok I am going to do this later today
If it's AD integrated DNS (and it should be) replication is setup. Zone transfer settings aren't needed.
The member server which runs certificate services excludes it from being a DC - you can check your PKI configuration via ADSIEDIT>Configuration>Ser
If you promote another member server to a DC it will provide logon redundancy