Second domain controller

  • Thread starter Thread starter Warda
  • Start date Start date
W

Warda

I have a one domain controller setup at the moment. That is the dhcp server,
exchange server and file server. We have a small company so that is the
setup we have. I wanted to have another domain controller for redundancy
purposes. So that if the 1st one went down and I had to repair it, I could
atleast have users' logon to the network and connect to the internet. What
do I have to do on the second domain controller that they can still get IP
addresses if the 1st server(both servers will be Windows 2000 active
directory) went down, connect to the internet etc. Also, I know that there
is there a way in Windows 2000 that people can keep offline copies of their
my documents folders and outlook. Do I have to enable that specifically? Can
you share with me how I can do that?

Thank you.
 
-----Original Message-----
I have a one domain controller setup at the moment. That is the dhcp server,
exchange server and file server. We have a small company so that is the
setup we have. I wanted to have another domain controller for redundancy
purposes. So that if the 1st one went down and I had to repair it, I could
atleast have users' logon to the network and connect to the internet. What
do I have to do on the second domain controller that they can still get IP
addresses if the 1st server(both servers will be Windows 2000 active
directory) went down, connect to the internet etc. Also, I know that there
is there a way in Windows 2000 that people can keep offline copies of their
my documents folders and outlook. Do I have to enable that specifically? Can
you share with me how I can do that?

Thank you.


.
Click to expand...
Essentially what you would do would be to create the
second DC - like you are doing - and set it up to be a
DHCP Server as well. However, before you do that you will
have to redo the scope on the first DHCP Server. Most
people use the 80/20 rule - but you might want to consider
60/40 or even 50/50. Once you have done this set up the
second DC's DHCP Server with the other half ( or whatever
% you decide ). It is extremely important that you do not
have overlapping scopes.

You might also want to consider making the second DC a
GC. Also, familiarize yourself with the five FSMO roles
in AD. The first DC holds them all. There is really no
need to change this once the second DC is up and running.

HTH,

Cary
 
One of the major reasons that cause domain controller
promotion to fail with the error "the domain cannot be
contacted" is because a DNS zone cannot be located that
indicates that the domain is an active directory domain.
You see, duing the the AD promotion, the new DC checks
its network settings for a DNS server that has a zone for
your AD domain. Not only should the DNS server have the
zone, but the zone must be configured to allow dynamic
updates, and the zone must contain the SRV records for
AD. These are the following things you can do to resolve
the issue:

1) Check the LAN settings on the new DC and make sure
that it is configured to use the DNS server that the 1st
on uses. If it is not, then configure it to do so.
2) If the 2nd DC's LAN settings are configured
identically to the 1st DC, then check the DNS server for
the AD zone by running nslookup "yourdomain.xxx"
(where "yourdomain.xxx" is the FQDN of your AD domain).
If the DNS server responds affirmatively, then run this
query to verify that SRV records exist in the zone:
nslookup gc._msdcs."yourdomain.xxx". If the DNS server
responds affirmatively, then check your 2nd DC to make
sure that it is connecting to the DNS server and that it
can create its own A record in the zone through dynamic
updates. You can force a dynamic updates by running on
the command prompt: ipconfig /registerdns
3) If the DNS server in step 2 does not give your the GC
record for your domain, then it means that either the
zone is not setup to allow dynamic updates or that DC 1
has not automatically created the SRV records. Normally,
it takes a couple of mins after the installation of AD
for the new DC to start creating these records. Another
way to force it to do so is to open AD users and
computers and AD sites and services.

The steps above can allow you to verify that DNS is not
the problem. In my experience, you get that error message
because of DNS.
 
Back
Top