SBS 2000 and SBS 2003: additional Domain Controllers

  • Thread starter Cary Shultz [A.D. MVP]
  • Start date
C

Cary Shultz [A.D. MVP]

Good morning!

I just wanted to spread the word that in SBS 2000 and SBS 2003 environments
you can indeed have another Domain Controller ( so long as it is running
'just' Windows 2000 or Windows 2003 server and N*O*T SBS ) as long as that
additional Domain Controller is simply 'an additional Domain Controller in
an existing Domain'. In fact, for clarification you may have multiple
additional Domain Controllers

Furthermore, the SBS box needs to hold all five of the FSMO Roles ( Schema
Master, Domain Naming Master, PDC Emulator, RID Master and Infrastructure
Master ).

The other more common restriction is that there can be no Trust set up in an
SBS environment [ except, naturally, in the case whereby you set up a
temporary Trust ( seven days ) to migrate from SBS 2000 to SBS 2003, IIRC ].

There seems to be a common misconception that the SBS server is the only
allowed Domain Controller. This is simply not the case. Just understand
that the SBS box has to be the first Domain Controller ( as each
installation of SBS starts a new forest ) in the environment!

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
L

Lanwench [MVP - Exchange]

Cary said:
Good morning!

I just wanted to spread the word that in SBS 2000 and SBS 2003
environments you can indeed have another Domain Controller ( so long
as it is running 'just' Windows 2000 or Windows 2003 server and N*O*T
SBS ) as long as that additional Domain Controller is simply 'an
additional Domain Controller in an existing Domain'. In fact, for
clarification you may have multiple additional Domain Controllers

Furthermore, the SBS box needs to hold all five of the FSMO Roles (
Schema Master, Domain Naming Master, PDC Emulator, RID Master and
Infrastructure Master ).

The other more common restriction is that there can be no Trust set
up in an SBS environment [ except, naturally, in the case whereby you
set up a temporary Trust ( seven days ) to migrate from SBS 2000 to
SBS 2003, IIRC ].

There seems to be a common misconception that the SBS server is the
only allowed Domain Controller. This is simply not the case. Just
understand that the SBS box has to be the first Domain Controller (
as each installation of SBS starts a new forest ) in the environment!

Yep - all true. Sadly, most people probably won't read/search/lurk in the
newsgroups to find & read this before posting questions about same....
 
C

Chriss3 [MVP]

Hello Cary, I have done several deployments with additional DCs to SBS
envoirments for redundancy porpuse.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
T

Thelazyadmin.com

I always thought that was stupid but have never dabbled in SBS much. I
guess everything you read on the internet is not true :)

--

Rodney Buike MCSE 2000/2003
http://thelazyadmin.com


Chriss3 said:
Hello Cary, I have done several deployments with additional DCs to SBS
envoirments for redundancy porpuse.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

Cary Shultz said:
Good morning!

I just wanted to spread the word that in SBS 2000 and SBS 2003
environments you can indeed have another Domain Controller ( so long as
it is running 'just' Windows 2000 or Windows 2003 server and N*O*T SBS )
as long as that additional Domain Controller is simply 'an additional
Domain Controller in an existing Domain'. In fact, for clarification you
may have multiple additional Domain Controllers

Furthermore, the SBS box needs to hold all five of the FSMO Roles (
Schema Master, Domain Naming Master, PDC Emulator, RID Master and
Infrastructure Master ).

The other more common restriction is that there can be no Trust set up in
an SBS environment [ except, naturally, in the case whereby you set up a
temporary Trust ( seven days ) to migrate from SBS 2000 to SBS 2003,
IIRC ].

There seems to be a common misconception that the SBS server is the only
allowed Domain Controller. This is simply not the case. Just understand
that the SBS box has to be the first Domain Controller ( as each
installation of SBS starts a new forest ) in the environment!

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
L

Lanwench [MVP - Exchange]

Thelazyadmin.com said:
I always thought that was stupid but have never dabbled in SBS much.
I guess everything you read on the internet is not true :)

Sure it is! Look, it's even got a nice font. It must be.
Chriss3 said:
Hello Cary, I have done several deployments with additional DCs to
SBS envoirments for redundancy porpuse.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

Cary Shultz said:
Good morning!

I just wanted to spread the word that in SBS 2000 and SBS 2003
environments you can indeed have another Domain Controller ( so
long as it is running 'just' Windows 2000 or Windows 2003 server
and N*O*T SBS ) as long as that additional Domain Controller is
simply 'an additional Domain Controller in an existing Domain'. In
fact, for clarification you may have multiple additional Domain
Controllers

Furthermore, the SBS box needs to hold all five of the FSMO Roles (
Schema Master, Domain Naming Master, PDC Emulator, RID Master and
Infrastructure Master ).

The other more common restriction is that there can be no Trust set
up in an SBS environment [ except, naturally, in the case whereby
you set up a temporary Trust ( seven days ) to migrate from SBS
2000 to SBS 2003, IIRC ].

There seems to be a common misconception that the SBS server is the
only allowed Domain Controller. This is simply not the case. Just
understand that the SBS box has to be the first Domain Controller (
as each installation of SBS starts a new forest ) in the
environment!

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
C

Cary Shultz [A.D. MVP]

Agreed.

I guess that I started ( some three+ years ago ) simply looking through the
newsgroups at the posts and trying to find the answer on my own in the lab.
I then started searching for things ( such as 'replication' ) and became
quite used to searching first, then posting. That is not to say that I did
not sometimes post a question without looking for a similar topic ( and
reply ). I think that everyone does this sometimes. But a lot of people
would find answers within minutes were they to simply search first.

How many times do we see the topic - in one form or another - of 'account
lockout' or 'remove dead DC' or 'password policy' or 'Native Mode' each
week? It seems to me that the same seven or eight questions are asked every
week. I am not complaining. If people were to search before they posted
they would probably have an answer faster! Minutes instead of hours or
days! But it is all good!

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Lanwench [MVP - Exchange]"
Cary said:
Good morning!

I just wanted to spread the word that in SBS 2000 and SBS 2003
environments you can indeed have another Domain Controller ( so long
as it is running 'just' Windows 2000 or Windows 2003 server and N*O*T
SBS ) as long as that additional Domain Controller is simply 'an
additional Domain Controller in an existing Domain'. In fact, for
clarification you may have multiple additional Domain Controllers

Furthermore, the SBS box needs to hold all five of the FSMO Roles (
Schema Master, Domain Naming Master, PDC Emulator, RID Master and
Infrastructure Master ).

The other more common restriction is that there can be no Trust set
up in an SBS environment [ except, naturally, in the case whereby you
set up a temporary Trust ( seven days ) to migrate from SBS 2000 to
SBS 2003, IIRC ].

There seems to be a common misconception that the SBS server is the
only allowed Domain Controller. This is simply not the case. Just
understand that the SBS box has to be the first Domain Controller (
as each installation of SBS starts a new forest ) in the environment!

Yep - all true. Sadly, most people probably won't read/search/lurk in the
newsgroups to find & read this before posting questions about same....
 
L

Lanwench [MVP - Exchange]

Cary said:
Agreed.

I guess that I started ( some three+ years ago ) simply looking
through the newsgroups at the posts and trying to find the answer on
my own in the lab. I then started searching for things ( such as
'replication' ) and became quite used to searching first, then
posting. That is not to say that I did not sometimes post a question
without looking for a similar topic ( and reply ). I think that
everyone does this sometimes. But a lot of people would find answers
within minutes were they to simply search first.

How many times do we see the topic - in one form or another - of
'account lockout' or 'remove dead DC' or 'password policy' or 'Native
Mode' each week? It seems to me that the same seven or eight
questions are asked every week. I am not complaining. If people
were to search before they posted they would probably have an answer
faster! Minutes instead of hours or days! But it is all good!

Yep - and google is everyone's friend. ;)
"Lanwench [MVP - Exchange]"
Cary said:
Good morning!

I just wanted to spread the word that in SBS 2000 and SBS 2003
environments you can indeed have another Domain Controller ( so long
as it is running 'just' Windows 2000 or Windows 2003 server and
N*O*T SBS ) as long as that additional Domain Controller is simply
'an additional Domain Controller in an existing Domain'. In fact,
for clarification you may have multiple additional Domain
Controllers

Furthermore, the SBS box needs to hold all five of the FSMO Roles (
Schema Master, Domain Naming Master, PDC Emulator, RID Master and
Infrastructure Master ).

The other more common restriction is that there can be no Trust set
up in an SBS environment [ except, naturally, in the case whereby
you set up a temporary Trust ( seven days ) to migrate from SBS
2000 to SBS 2003, IIRC ].

There seems to be a common misconception that the SBS server is the
only allowed Domain Controller. This is simply not the case. Just
understand that the SBS box has to be the first Domain Controller (
as each installation of SBS starts a new forest ) in the
environment!

Yep - all true. Sadly, most people probably won't read/search/lurk
in the newsgroups to find & read this before posting questions about
same....
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top