Adding a second site

[Alex Anderson]

Hello Everyone,

When I add an addition site to my domain, do I dcpromo the server first
then add it to an existing domain, or do I set up the site links, subnets
under ADSS first? Simply, what is the order of operation when adding an
addition site to your domain?

Thank you
Alex Anderson

 

[Herb Martin]

Hello Everyone,

When I add an addition site to my domain, do I dcpromo the server first
then add it to an existing domain
or do I set up the site links, subnets
under ADSS first?

If you set up the second site first, and install the new
server IN one of it's subnets then when you DCPromo it
it SHOULD end up in the correct site.

If not, or if you do it the other way around, you can "right-click
& Move" it.

Simply, what is the order of operation when adding an
addition site to your domain?

Add it when you add the network.

Or at your first opportunity after the forest is created.

 

[Alex Anderson]

Herb,

Okay, so what you're saying is, set up the new second site first under
ADSS then dcpromo the new server into that site? Also, at this site, they
are currently authenticating to the existing domain, when I add this new
site to my existing domain, will my current clients that are authenticating
to the first default site (existing DC) be affected in any way?

Thank you
Alex Anderson

 

[Herb Martin]

Herb,

Okay, so what you're saying is, set up the new second site first under
ADSS then dcpromo the new server into that site? Also, at this site, they

I am saying "That works." but it is not essential to do it
that way.

are currently authenticating to the existing domain, when I add this new
site to my existing domain, will my current clients that are authenticating
to the first default site (existing DC) be affected in any way?

Yes, they will start PREFERRING the local (same site) DC but
still authenticate against the other one (other site) if it is down.

 

[Alex Anderson]

Herb,

I'm a bit confused by your statement "but it is not essential to do it
that way." Are you saying, yeah you can do it that way but its not the
right way, or yeah you can do it that way but not necessary? As for the
last question I posed, once I have added the new site successfully into my
forest, will my clients experience downtime in way? My plan was to get the
site up, then go around and join the computers to the new site. Will I have
to join the computers to the new site or will there be another DC (the new
site) in the GINA login drop-down box? I've never done this before, so I'm
not sure what to expect.

Thank you for your help.

Alex Anderson

 

[Cary Shultz [A.D. MVP]]

Alex,

I think that Herb is trying to tell you that you can do it that way. As
with most Microsoft products, there are usually a couple of ways to do
something.

As to your question, so long as the computer accounts exist in the domain
you do not need to worry about what shows up in the 'log on to...' box. The
only thing that will show up is the domain of which the computer account is
a member as well as any other domains which have a trust with that domain.

I am not sure that I understand your question about joining the computers to
another Site. Computer accounts do not join Sites, they join domains. The
only thing that shows up in the 'log on to...' box is domains ( as explained
in the previous paragraph ).

Your clients should not experience any downtime. It should be pretty
seamless. You might want to have them reboot the next morning so that they
for sure have the correct IP Address lease and information. As Herb stated,
they should authenticate against the 'local' DC. However, as he stated it
is technically possible that they could authenticate against any DC in the
domain. If the 'local' DC is not available then they will look for any
other DC in that Site and then any other available DCs in the Domain.

Here are two links that describe how clients ( WIN2000 and WIN XP ) locate
Domain Controllers:

http://support.microsoft.com/?id=247811
http://support.microsoft.com/?id=314861

This should show you how important it is to set up Sites correctly.

Also, I think that you might not fully understand the whole concept of Sites
yet. No worries on that - it will come. Essentially, Sites are a new
concept in WIN2000 that allow you to have one domain spread across multiple
geographic locations. So, instead of having a child domain for each
location ( for example ) you can have the same domain in multiple locations.
What most people will tell you is that you use Sites to control Active
Directory Replication as well as 'assist' clients in logging on to the
'local' Domain Controller ( where 'local' is typically defined as within the
same subnet - which is why it is important to set up Sites and then set up
the Subnets and associate each Subnet with the correct Site ).

HTH,

Cary

 

[Alex Anderson]

Cary,

Here's my dilemma, I currently have a WAN connection between two sites,
we'll call them Site A and Site B. At Site A is where my DOMAIN sits.
Clients from Site B authenticate over the WAN link (because there is no
local DC) and what I'm trying to do is have Site B's authentication only
happen at Site B. When setting up Sites, I'm not sure if there will be a
new distinguished DOMAIN name at Site B. It seems when I add this new Site
B DC I'm just branching over my existing domain to that site and that's it,
no new domain names or anything of that nature are created. I was under the
assumption by adding a new site DC to Site B I would have
newDCname.existingdomain.com and my clients would authenticate to that DC
not the DC at Site A. I understand that replication traffic will occur
between Site A and B but client authentication would be just at Site B. I
hope this clears up some confusion on exactly I want to accomplish.

Thank you
Alex Anderson

 

[Cary Shultz [A.D. MVP]]

Alex,

I am pretty sure that there never was any confusion on what you are trying
to accomplish. What you are trying to accomplish is a very basic set up.
;-)

There should be no problem doing what you are trying to accomplish.

Why would there be a new domain at Site B? And what is a 'distinguished'
domain?

Please take a look at the following MSKB Articles:

http://support.microsoft.com/?id=318480
http://support.microsoft.com/?id=321253
http://support.microsoft.com/?id=313994
http://support.microsoft.com/?id=306602

When you add the DC to Site B I might suggest to you that you make that DC a
Global Catalog Server as well.

There is a whole lot more to this but let's stick to the basics for right
now.

HTH,

Cary

 

[Herb Martin]

I'm a bit confused by your statement "but it is not essential to do it

that way." Are you saying, yeah you can do it that way but its not the
right way, or yeah you can do it that way but not necessary? As for the

Hey, I was the one who suggested it -- but if you go back and read my
message you will see that I said it was not really that important.

It is perhaps slightly better (less error prone really, not "better" per se)
to do it this way.

last question I posed, once I have added the new site successfully into my
forest, will my clients experience downtime in way?

From adding a site? No.

The only POSSIBILITY is doing a few extra DNS lookups trying to find
a DC, but I understand they actually find that by contacting the site where
they thought they were previously.

My plan was to get the
site up, then go around and join the computers to the new site.

Computers don't "join" a site in any way you can notice.

They find out about the sites from the DCs.

Will I have
to join the computers to the new site or will there be another DC (the new
site) in the GINA login drop-down box? I've never done this before, so I'm
not sure what to expect.

You don't do anything on the clients to "join" a site. DCs must be moved
(or initially installed) into a site. The clients find this out (from the
DCs)
and find the DC IN THAT site.

 

[Herb Martin]

Here's my dilemma, I currently have a WAN connection between two
sites,

we'll call them Site A and Site B. At Site A is where my DOMAIN sits.
Clients from Site B authenticate over the WAN link (because there is no
local DC) and what I'm trying to do is have Site B's authentication only
happen at Site B. When setting up Sites, I'm not sure if there will be a
new distinguished DOMAIN name at Site B. It seems when I add this new Site
B DC I'm just branching over my existing domain to that site and that's it,
no new domain names or anything of that nature are created. I was under

the

You are just ASSIGNING a set of Subnets to a Site and putting (one or more)
DCs in that site.

And yes, each DC has your domain so no, you aren't creating any new domains.

assumption by adding a new site DC to Site B I would have
newDCname.existingdomain.com and my clients would authenticate to that DC
not the DC at Site A.

That will be their preference -- but they (usually) will still authenticate
to another DC IF the "same site" DC is down.

I understand that replication traffic will occur
between Site A and B but client authentication would be just at Site B. I
hope this clears up some confusion on exactly I want to accomplish.

99% of the time.

 

[Alex Anderson]

Cary,

About the new domain at Site B, that was my lack of understanding and
what I meant about the distinguished name, I mean fully qualified name,
sorry. So should I follow the order of those KB you gave me when setting up
the new site at Site B? This is the order in my head how I should tackle
this.

1) Create a new W2k server
2) Set up DNS and authorize the DHCP services
3) Create the new Site and associate the proper subnet to that site under
ADSS
4) DCPROMO the new W2k server and add it to an existing DOMAIN
5) Check under ADSS to see if the server was placed in the right subnet, if
not move it
6) Set up replication to occur off peak hours
7) Make sure the new site DC has a global catalog

If there is anything I left out or if I have something that needs to
go before or after something else let me know. Again, thank you for holding
my hand in this one.

Thank you
Alex Anderson

 

[Alex Anderson]

Cary,

On my last post, I didn't hear from you but is that how I should proceed
setting up a second site in my domain?

Thank you
Alex Anderson

 

[Cary Shultz [A.D. MVP]]

Alex,

Sorry. I thought that Herb had answered your question.

Cary

 

[Alex Anderson]

Cary,

About the new domain at Site B, that was my lack of understanding and
what I meant about the distinguished name, I mean fully qualified name,
sorry. So should I follow the order of those KB you gave me when setting up
the new site at Site B? This is the order in my head how I should tackle
this.

1) Create a new W2k server
2) Set up DNS and authorize the DHCP services
3) Create the new Site and associate the proper subnet to that site under
ADSS
4) DCPROMO the new W2k server and add it to an existing DOMAIN
5) Check under ADSS to see if the server was placed in the right subnet, if
not move it
6) Set up replication to occur off peak hours
7) Make sure the new site DC has a global catalog

If there is anything I left out or if I have something that needs to
go before or after something else let me know. Again, thank you for holding
my hand in this one.

Let me know if that is the order i should tackle adding an addition site to
my domain. From what I was reading, Herb was reiterating what you already
explained to me, sorry for the mix up.

Thank you
Alex Anderson