creating a secondary domain controller

[ben]

Not an expert here, but need a bit of advice..

we have a DC, small network, win2k server, but about to expand it so
that a branch in India can access the network here... or more to the
point, so they can VPN into our network...

my question, we are considering putting a second domain controller in,
so that if there is a problem, everything automatically falls back on
the second DC..

1. if its not called secondary domain controller, what is it called in
w2k terms
2. What would the steps be?

TIA
Ben

 

[Herb Martin]

Not an expert here, but need a bit of advice..

we have a DC, small network, win2k server, but about to expand it so
that a branch in India can access the network here... or more to the
point, so they can VPN into our network...

my question, we are considering putting a second domain controller in,
so that if there is a problem, everything automatically falls back on
the second DC..

1. if its not called secondary domain controller, what is it called in
w2k terms

It is, i.e., called a secondary -- but it's not the only choice.

A Secondary DNS server takes about 20 seconds to setup plus
a couple of minutes if you have to actually install the DNS service,
unless you have to mess with the firewalls between it and
the Primary (or actually it's Master which might be ANOTHER
Secondary).

2. What would the steps be?

Configure the DNS server (install if necessary.)
(e.g., Add Remove Program --> Windows components.)
Right click on the server in the DNS MMC, create new zone,
choose Secondary and give the IP of the Master (usually
the primary but technically any other DNS server of the
same domain.)
If it doesn't work, check firewalls and the settings on the master
which might disallow zone transfers or need to specify this
server as part of the set of authoritative servers.

Other choices: with an available DC, you can switch the Primary
and the other DNS to "Active Directory Integrated."

With Win2003 you get even more choices.

 

[Yor Suiris]

Hey Herb! His question was about Domain Controllers not DNS, although DNS is
part of his needs.

Yes, in a Win2K Domain MS says all DCs are equal. Don't you believe it.
There are SIX functions (5 FSMO Roles & Global Cat) that an AD Domain needs
a server/s to take care of. When you set up a second DC you should review
the Six roles and Balance them out as best you can. Then when one of the DCs
dies you will have to transfer/seize the roles it held to a remaining DC.
And Yes you will want a Secondary DNS Zone on your second DC as Herb
outlined, as AD will not function with out one.
Also be aware of other Network Server Services that you will/may have to
move/restore/re-create, such as IIS, DHCP, Certificate Server, License
Servers, etc.

Check out:
http://support.microsoft.com/default.aspx?scid=kb;en-us;257288&Product=win2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690

Hope this helps,

 

[Herb Martin]

Hey Herb! His question was about Domain Controllers not DNS, although DNS is
part of his needs.

I must have been asleep. <grin>

Actually, it was probably the word "secondary".

Yes, in a Win2K Domain MS says all DCs are equal. Don't you believe it.
There are SIX functions (5 FSMO Roles & Global Cat) that an AD Domain needs
a server/s to take care of. When you set up a second DC you should review
the Six roles and Balance them out as best you can. Then when one of the DCs
dies you will have to transfer/seize the roles it held to a remaining DC.
And Yes you will want a Secondary DNS Zone on your second DC as Herb
outlined, as AD will not function with out one.
Also be aware of other Network Server Services that you will/may have to
move/restore/re-create, such as IIS, DHCP, Certificate Server, License
Servers, etc.

 

[ben]

Although the DNS info is helpful, the Domain info is better..

will try in a test environment first so dont make any mistakes..
thanks