AD or DNS first on new AD server

[Slimline]

When setting-up a second 2003 AD server should the AD or DNS role be
installed first?

If DNS is installed first then it cannot be an AD integrated domain as it is
in the primary AD server because AD is not yet running on the secondary
server.

If AD is installed first then you get an error when instaling the AD role
that says the AD server cannot be located because it can't be found via DNS
(which isn't installed yet).

This seems like a catch 22 and I'm interested int he cleanest way to add a
secondary AD server to an existing domain.
Scott

 

[Herb Martin]

When setting-up a second 2003 AD server should the AD or DNS role be
installed first?

It's not critical here -- since you can use the original DNS
(the one used by the first DC) to provide DNS services.

If that is impractical (because of WANS or some such) then
DNS first since it is easier.

If in doubt, DNS first since it is easier and less difficult to change
later.

If DNS is installed first then it cannot be an AD integrated domain as it is
in the primary AD server because AD is not yet running on the secondary
server.

No, but it is trivial to change a DNS secondary (or even primary) to be
AD-Integrated (once the DC is installed.)

If AD is installed first then you get an error when instaling the AD role
that says the AD server cannot be located because it can't be found via DNS
(which isn't installed yet).

The old and new DC client IP properties (NIC\IP\DNS Server) must
point to the DYNAMIC DNS you installed for the first DC.

If you change the DNS to dynamic (to fix this) or change the original
DC then you need to restart NetLogon service on that DC.

This seems like a catch 22 and I'm interested int he cleanest way to add a
secondary AD server to an existing domain.

The new machine SHOULD have been a DNS client of the existing
DNS and then it would have worked.