Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

server 2012 -  2nd DC

Posted on 2015-02-11
7
Medium Priority
?
72 Views
Last Modified: 2015-02-12
Hi All,
i have setup a 2nd DC for my environment as below:
I built the 2nd sever - then added the Roles ADDS & DNS - then promoted it to a DC - followed the steps to add it too a existing domain then followed the wizard all seems ok..  after this i have made sure replication works - also on DC1 within DHCP i have added the IP for DC2 in the DNS servers - is there anything else that needs to be done?? also does below look ok?  i dont need to add the DNS IP of DC2 in DC1 do i?
DC1:
IP: 192.168.1.2
Sub:255.255.255.0
gateway: 192.168.1.1
DNS: 192.168.1.2

DC2:
IP: 192.168.1.3
sub & gateway same as DC1
DNS Primary: 192.168.1.2
DNS secondary: 192.168.1.3
0
Comment
Question by:jag b
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 1000 total points
ID: 40603489
You should have a secondary IP from another DNS server in the DNS settings on the domain controller. This will mitigate the island affect if something becomes wrong with the Domain Controller in question. Same goes for DC1, it should have DNS for DC2 as a secondary.

The only other thing i would suggest if you haven't already would be to setup DC2 as a Global Catalog server as well. This is done via Sites and Services.

Check replication and health using the following commands...
repadmin /replsum
repadmin /showprepl
repadmin /bridgeheads

netdom query dc
netdom query fsmo

dcdiag /v

Because you are using DSF-R for sysvol replication I would also recommend adding the DFS role on the domain controller from there you can run health reports against the domain controllers in your environment.

If all of the tests are successful you should be fine.

Will.
0
 

Author Comment

by:jag b
ID: 40603535
will - thanks for above..
I have now added the IP of DC2 to DC1 DNS as secondary DNS..
Global Catalog is ticked on both DC's under site&services NTDS Settings...

DFS role is this only on DC2?? (DFS replication under files and services?  whats the benefit of this and is it needed?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40603570
This is located under File Server, Distributed File System> check off DFS Replication. This allows you to run health reports, propegation tests and reports as well, from the DFS Management Console. I would recommend doing this as it is easy and useful info that is provided.

You can install this feature on both DC's.

Will.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:jag b
ID: 40603579
cheers mate - i havent used this before as we only have 1 file server...... nothing else needs to be done on DC2 does it?
if in the long run i wanted to get rid of DC1 can this be done? (im using a old server that has sever 2012)  or is this bad practice?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40603626
Yeah you dont want to install the DFS namespace feature just the management feature.

if in the long run i wanted to get rid of DC1 can this be done?

You can just demote the 2012 server in the future if needed and re-promote a new 2012R2 server.

Will.
0
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 1000 total points
ID: 40603715
I would also recommend running the AD Best Practices Analyzer on your boxes. You can do this in Server Manager: http://deployhappiness.com/best-practice-analyzer-consulant-box/
0
 

Author Closing Comment

by:jag b
ID: 40605170
excellent advice
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question