Solved

Windows 2012 Server Domain Controller & DNS

Posted on 2013-11-14
6
381 Views
Last Modified: 2014-03-01
I need help to ensure I am setting the servers correctly.

I have 5 servers and they are all in the same forest and root domain.

mydomain.com

There servers are setup in the following configuration:

Servers:

1) server001.mydomain.com:  Main Domain Controller and DNS Server / FILE SERVER
2) server002.mydomain.com:  Secondary Domain Controller and DNS Server / Extra Web Server.

They are both domain controllers and they are syncing and mirroring the DNS and Active Directory.

The other servers: 3,4 and 5.

They all have specific roles. I know the exchange and share team servers need a but more than just a member server requires.

But I setting up the servers.

They have been named and setup and are at the point of being added to the domain.

Do I need to make all of them domain controllers.  I know this use to be taboo because of all the unnecessary networking talking it would cause between servers.

However, Many of the updated info on Windows 2012 Servers.

I added server 003 which is going to be the web server / help desk server.
I added the DNS as a secondary so it would be syncing with the domain controllers but I do what the DNS to be self-reliant so if they domain controllers go down etc..

Especially for the exchange server which must have active directory access and DNS.

The other serves will do as follows:

3) server003.mydomain.com:  Web Server IIS 8.0
4) server004.mydomain.com:  Exchange Server 2013
5) server005.mydomain.com:  Share Team Server 2013

Ideas, thoughts and information will be greatly appreciated.  Thanks.
0
Comment
Question by:Clint Jones
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 167 total points
ID: 39650078
No don't make them all DCs just having 1 and 2 as DCs is fine.   The other 3 servers can point to the AD boxes for DNS.   I'm assuming they will all be in the same AD site.

Make both DCs global catalogs too.

Thanks


Mike
0
 

Author Comment

by:Clint Jones
ID: 39650158
Yes they are all in the same domain and forest infrastructure.

When you say - "point to AD boxes for DNS".

It is more than just the IP addresses of the other DB and servers in the DNS setting of the NIC cards.  

I am adding them to the Domain which works but the DNS I have to setup as primary DNS for each server 3, 4 and 5 if I do secondary so it updates the DC's but I guessing that is not what I want to accomplish.  DC DNS is of course adding the other servers as they are added to the domain to its DNS and AD so is that all needs to be done or ???

Need a more step by step understanding.  Thank You...
0
 
LVL 15

Assisted Solution

by:Skyler Kincaid
Skyler Kincaid earned 166 total points
ID: 39650247
You last question is really confusing...

You should have the DNS role installed on both DCs. You should have the other three servers set with static IPs and the DNS should be set with the primary of DC1 and the secondary set as DC2. It is that simple.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 167 total points
ID: 39650277
In general it is recommended that at least two DCs in a domain for high availablity and fault tolerance, but how many DCs at each site will depend on your requirement. Normally one DC at each site can serve thousands of users with regard to authentication. To me it's OK with 2 DCs in your scenario.There is no need to make other member server as DNS/DC server.

You can read MS article and the previous discussion:

Domain controllers # Determining the number of domain controllers you need
http://technet.microsoft.com/en-us/library/cc759623(v=WS.10).aspx

How many domain controllers are recommended
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/991d4f68-5178-4c9a-8b7d-8f2b5f53867e

Hope this helps
0
 

Author Comment

by:Clint Jones
ID: 39657132
The DNS is what I am needing help with the most and doing research on....

The 2 main DNS are the 2 Domain Controllers. With the Exchange Server and the Share Team server. That when I make user name and permissions.  

When I add the other servers to the Domain Controllers.  I add them as a member server but I have to have DNS setup on those servers to add the "A" records on the Web Server IIS and with exchange 2013 on that server the "A" and "MX" records..

So I am just added the new servers, added as a member to the domain...

Making the DNS when setting it up as a PRIMARY DNS... I thought maybe secondary so its sending and a copy of itself to the MAIN DNS Servers on the 2 domain controllers.

I tried secondary and it fails if I try to add...

Thanks for your help....
0
 

Author Closing Comment

by:Clint Jones
ID: 39897703
Thanks to everyone that gave input =)
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question