We help IT Professionals succeed at work.

budiling new server as secondary DC

82 Views
Last Modified: 2020-10-06
hi guys,
got a server 2012r2 as dc and it has all fsmo roles

planning to install a new vm and make it as secondary Dc
is there any recommended step to carry forward to get second dc up and running. ??
or can I just install adds service, promote as dc- join to existing domain. and everything should sync by itself with primary ??
Comment
Watch Question

Technology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
what u mean by potential pitfalls to restore dc ? - am not trying to restore any
how do I find which way is used currently dfsr or frs?
what should I use to sync my new dc with existing dc ?
where can I find the instructions ?
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Udara PeirisSystem Engineer
CERTIFIED EXPERT

Commented:
Hi Mr.X,
Install all available windows patches on it to fully patch.
Join that Server into the domain.
Then install ADDC role on it.

As other experts have mentioned above, It's good to do FRS to DFSR migration first before installing AD role on it.
Refer following guidance,
https://techcommunity.microsoft.com/t5/storage-at-microsoft/streamlined-migration-of-frs-to-dfsr-sysvol/ba-p/425405 

Make sure to allow required ports if that server is located in another network.
https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts 

Once installation and configuration  is completed, make sure to install good AV and add AV exclusions.
https://support.microsoft.com/en-us/help/822158/virus-scanning-recommendations-for-enterprise-computers 

Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
planning to install a new vm and make it as secondary Dc
This is pretty straightforward. Set up the server, join it to the domain, and install ADDS. Then use dcdiag to verify that everything works.

There are a few steps you might want to do after that:
1. Raise domain and forest functional level to the highest possible (in your case it will be DFL and FFL Windows Server 2012)
- For Domain: Active Directory Users and Computers -> Right-click on your domain -> Raise Domain Functional Level
- For Forest: Active Directory Sites and Trusts -> Right-click on Active Directory Domains and Trusts -> Raise Forest Functional Level

2. Verify that you use DFSR as suggested by Lee W. If you still use FRS, this is what you should do:
- On all DCs: Server Manager -> Manage -> Add Roles and Features -> select the DFS Replication role -> Install
- Then run from the PDC:
Dfsrmig /setglobalstate 1
Dfsrmig /getmigrationstate
Dfsrmig /setglobalstate 2
Dfsrmig /getmigrationstate
Dfsrmig /setglobalstate 3
Dfsrmig /getmigrationstate

planning to install a new vm and make it as secondary Dc 
You probably want to have redundant DNS and DHCP as well so don't forget to install these roles.

Author

Commented:
hi,
i installed the secondary dc - named it as dc2.. i added role adds. promoted as dc.-successfully completed.

in my previous dc - dc1- in active directory users&computers- in domain controller - i can see dc2
in sites & replication- i can see dc2

but in dc2- when i log in- i cannot see any active directory users&computers/domain&trusts or sites or anything related to Domain controller in the administrative tools section.   should i do anything else ?

attached a pic - shows adds is installed. but no ad in administrative tools
Udara PeirisSystem Engineer
CERTIFIED EXPERT

Commented:
Hi Mr.X,
Did you promote it as a Domain controller?
You need to promote it as a domain controller once you install the role.

Author

Commented:
hi, yes - i did promote as dc
i told - in my old dc- in adusers&computer- domain controller ou- i can see my new dc
and also in ad sites&services- i can see my new dc
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Did you reboot?

Author

Commented:
yes i did rebooted many times by now
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
hi, even in server manager , i cant find it.
i can see few warnings 1153. related to directory service though
and also can see active directory module for powershell . ./ ??

Author

Commented:
only thing I can find is , windows is not activated yet. but will it affect active director ?
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Open Server Manager -> Add Roles and Features -> click on Next until you get to the features -> scroll down to Remote Server Administration Tools and select all missing items.

Author

Commented:
hi,
thanks a lot
I just installed ad ds snap in and it brought up everything.
I tried creating and deleting users, it perfectly replicated across both dc now
Thank you
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
You are welcome!

Author

Commented:
why installing ad ds I selected dns and global catalog.
does it mean the dns also willl be synching and I can use it as dns sever too ?
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Yes! Now you have two DNS servers. I also suggest installing DHCP on DC02 to provide redundancy.

Author

Commented:
after installing dhcp role. wil the sync happen automatically ? how do  i force it ?
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Seth SimmonsLead Systems Administrator
CERTIFIED EXPERT

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- 'Lee W, MVP' (https:#a43094295)
-- 'Lee W, MVP' (https:#a43094323)
-- 'Hello There' (https:#a43094524)
-- 'Hello There' (https:#a43095241)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer