How to Deploy win 2k DC

[Antonia Jasper]

In NT 4 there is a BDC for the user to log on in case the pdc die off.

How about in WIN 2k , if I want the same concept to have a second server
actting as a DC to authenticate the logging on process when the first DC die
offf.

1. What should I do ?

2. How should I design my two DC DNS name space if my first root DC
domain name space is :"abc.com"

 

[milt]

Greetings: When you run DCPromo on the second W2K server
on your network the system will prompt you as you
proceed. You will be asked if this is a new DC for a new
domain or additional DC for an existing domain. Select
this. The process will continue you to prompt you as you
proceed. Since the second DC will be in the same domain,
the domain namespace will be the same. If you create
another domain, you will be creating a tree. This is not
what you want to do as you have stated. milt

 

[Conrad Lawes]

In a Windows 2000 domain there is no primary or backup domain controller.
All domain controllers are equal. They can all handle user authentication.

So as long as you have 2 or more domain controllers running there is nothing
that you have to do.

I would advice you to do more research of Windows 2000 Active Directory to
gain a better understanding of Windows 2000 domain controllers and how they
operate.

 

[Antonia Jasper]

Hi Milt,

Are you right to say if my first DC FQDN is dc1.abc.com. Then if i want it
to be in the same abc.com tree. Then I should name my second DC FQDN as
dc2.abc.com. as a child domain of abc root domain.

My question is

How is the root domain DC (dc1.abc.com) die off. what will happen to the
child domain (dc2.abc.com).

Will the workstation be able to log on if I initially confirgure all
workstation to log on the dc1.abc.com

 

[Antonia Jasper]

Hi milt

Are you right to say if I want both dc to under one tree.

Then I should name my first dc as (dc1.abc.com) follow by my second dc
(dc2.dc1.abc.com).as a child of my parent domain

So my question is If I initially configure all workstation to log on to
dc1.abc.com.

will the workstation still able to be authenticate and log on if
(dc1.abc.com) die off.

 

[Antonia Jasper]

Hi conrad,

I'm puzzle how to confirgure my second DC.

should i place it under the child domain of my root domain
(abc.com)

My orgainstaion is very small only about 50 user. I don't think it is
necessary to have another domain tree.

I 'm just wonder If my root doamin die off then what will happen to those
child domain under it.

Can my worksation still be able to log on if I initially configure all
workstation to log on to the root domain.

 

[Conrad Lawes]

There is no reason to create a child domain especially in a small
organization. All your domain controllers can join the root domain.

 

[Antonia Jasper]

Hi conrad

So am I right to say

If my first dc FQDN is (dc1.abc.com) then the second dc FQDN should be
(dc2.abc.com).

Which DC should I create my user account info and configure my client to log
on ?

 

[SaltPeter]

Hi conrad

So am I right to say

If my first dc FQDN is (dc1.abc.com) then the second dc FQDN should be
(dc2.abc.com).

Which DC should I create my user account info and configure my client to log
on ?

Whatever DC you like, replication will duplicate the user account onto the
other DC(s). The client will use DNS records to locate and logon to the
closest DC. Thats why its important to configure the DNS server for the
abc.com zone. How you distribute the DNS server's ip_address to clients
depends on how you are distributing ip_addresses. If a dhcp server and dhcp
scope is involved, specify the DNS in scope options.

The reason there is no need to create a child domain is because an
Organizational Unit (OU) is the equivalent of an NT4 domain.

 

[Cary Shultz [A.D. MVP]]

Antonia,

If you follow what Milt is trying to suggest ( adding a DC to an existing
domain ) you will not have a child domain. You will simply have an
additional DC in the abc.com domain. What is what you are trying to
accomplish!

HTH,

Cary

 

[Cary Shultz [A.D. MVP]]

Again, I think that you are getting confused by the Fully Qualified Domain
Name ( FQDN ). Your domain name is abc.com. The computer account is dc1.
Thus, the FQDN of this computer account ( the only Domain Controller in your
abc.com domain as of the moment ) is going to be 'dc1.abc.com'. There is -
at the moment - no child domain. When you dcpromo the second DC - assuming
that the computer account is dc2 - you will have that additional DC in the
abc.com domain. It's FQDN will be dc2.abc.com. Let's assume that you have
no client workstations at the moment. You install WIN2000 Professional on
three computers. You join these three computers to the abc.com domain. You
name them WS001, WS002 and WS003. The FQDN of each computer would be
ws001.abc.com and ws002.abc.com and ws003.abc.com. Still, at the moment
you have no child domain at all. You have only the abc.com - which is the
first domain tree ( the abc.com domain ) in the forest ( abc.com forest ).

HTH,

Cary

 

[Cary Shultz [A.D. MVP]]

Antonia,

Yes! You have it now. You have the abc.com domain / tree / forest ( as it
is the first domain in the forest it is called the forest root ) and the
FQDN of each computer account is going to be the computer name ( dc1 and dc2
in your example ) followed by the DNS name of the domain ( abc.com in your
example ). In essence, the most left 'name' is going to be the name of the
computer account and everything else is going to be the domain name. Put
another way - the computer account name is the name in front of the first
"." and everything else is the domain name.

You can create your user accounts on any DC in the appropriate domain. In
WIN2000 all domain controllers are created equally ( well, .... ). You can
sit down at dc1 and create 15 user accounts and then 20 minutes later sit
down at dc2 and create another 10 user accounts and all 25 user accounts
will exist.

Active Directory follows the Multi-Master mode; thus, there is no more
PDC/BDC concept like we had in WINNT 4.0 where the PDC had the only writable
SAM. In WIN2000 Active Directory the actual file is called ntds.dit and all
Domain Controllers 'synchronize' their ntds.dit database via Active
Directory Replication ( Intra-Site / Inter-Site ). Thus, if you created
the 15 users on dc1 and were to immediately sit in front of dc2 and look in
the ADUC you might not see those newly created 15 user accounts. Give it a
few minutes ( 15 minutes tops ) and those 15 user accounts would indeed be
there. Same goes for those 10 user accounts that you created on dc2.

You really would not need a child domain - unless there is something that
you are not telling us. To gain closure on this issue, let's just say that
there was a compelling reason for you to create a child domain ( say the
finance department wanted, no, demanded on having a strong password policy
but your other people were dead set against that as they would have a hard
time remembering the passwords ).

You would take a new WIN2000 Server and run dcpromo on it. Now, you would
do the opposite of what Conrad was suggesting: you would create a new dc in
a new domain. Again, remember that we are creating a child domain for the
sake of this example. When all was said and done, you would have something
like finance.abc.com as the child domain of abc.com. So, the FQDN of any
computer accounts ( including Domain Controllers ) would be
xxxxxx.finance.abc.com. Let's say that you called the Domain Controller in
this child domain 'Greed'. The FQDN would be greed.finance.abc.com.

Does this help you?

Cary