Install a Replica DC with DNS AD Integrated Zones

 

This blog provides an overview to add an additional replica DC in the same domain. This assumes the operating system versions are the same and you are not upgrading to a newer operating system version or upgrading Active Directory.

If you are upgrading your AD domain, please see this:
Install a replica DC with DNS AD Integrated Zones

If you have multiple sites, read this article:
Best Practices for Adding Domain Controllers in Remote Sites:
http://technet2.microsoft.com/windowsserver/en/library/6405bc5f-b8bf-449e-b11a-f116d22f858a1033.mspx?mfr=true

Here’s a good article on promoting a machine to a DC and other factors:
How do I install Active Directory on my Windows Server 2003 server?:
http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm

IF you have not done so, then install DNS. For assistance, read this article:
How To Install and Configure DNS Server in Windows Server 2003:
http://support.microsoft.com/kb/814591

Assuming the current zone is AD integrated, DO NOTHING ELSE.
Do NOT create it manually or you will cause numerous problems and headaches.
Sit there and wait. Go to lunch. Upon return, you will find the zone has
automatically populated. Because AD integrated zones are in the actual AD
database, it will automatically replicate to the new machine by the default
AD replication process. There is really nothing else to configure on this
part, that is assuming the zone is already AD integrated. Is it AD
integrated? If so, what scope is it set to on both machines?

More information on DNS AD Integrated Replication Scopes:
http://technet2.microsoft.com/windowsserver/en/library/6c0515cf-1719-4bf4-a3c0-7e3514cef6581033.mspx?mfr=true

More detailed information on how to change AD Integrated DNS zone replication Scopes:
http://technet2.microsoft.com/windowsserver/en/library/e9defcdc-f4e5-43cd-9147-104f9b9d015a1033.mspx?mfr=true

If there is a problem where you cannot change the scope, read this:
You cannot change the replication scope of an Active Directory integrated DNS zone in Windows Server 2003
http://support.microsoft.com/kb/842560

Change the ip properties of this DC to use one of the other DCs as the first
entry, the second as itself. That;s it for this part. I fnot sure how,
follow this article:
825036 – Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/?id=825036

Go into DNS properties, configure a Forwarder to your ISP’s DNS. If not sure
how, this article will show you:
Configure a DNS Server to Use Forwarders – Windows 2008 and 2008 R2 (Includes info on how to create a forwarder)
http://technet.microsoft.com/en-us/library/cc754941.aspx

HOW TO Configure DNS for Internet Access in Windows Server 2003 (forwarding) :
http://support.microsoft.com/?id=323380

Configure a DNS Server to Use Forwarders – Windows 2008 and 2008 R2 (Includes info on how to create a forwarder)
http://technet.microsoft.com/en-us/library/cc754941.aspx

 

WINS

If you have a multi-segmented infrastructure (remote locations), install WINS.
This is done in Add/Remove, Windows Components, Network Services, click on WINS.
For assistance, read these article:

WINS – What Is It, How To Install It, WINS Replication Partner Design Guidelines, How to Configure DHCP Scopes For WINS Client Distribution, and more:
http://msmvps.com/blogs/acefekay/archive/2010/10/27/wins-what-is-it-how-to-install-it-and-how-to-configure-dhcp-scopes-for-wins-client-distribution.aspx

How To Install a WINS server:
http://technet2.microsoft.com/windowsserver/en/library/e4d3c3d8-a846-49b9-aac6-e04f2907aac51033.mspx

If using Windows 2003, when you install WINS, make sure you are using an SP2 integrated i386 source. With Windows 2008 and newer, it’s not necessary. The following will assist with Windows 2003:
How to slipstream SP2 into the i386 folder (good for XP, 2000 and 2003):
http://www.theeldergeek.com/slipstreamed_xpsp2_cd.htm

On the WINS server itself, go to IP properties, Advanced, WINS tab, ONLY point the WINS
address of itself to itself ONLY. Do not add any other WINS addresses. For assistance, see this article:
WINS Best Practices (Use ONLY itself in ip properties):
http://technet2.microsoft.com/windowsserver/en/library/ed9beba0-f998-47d2-8137-a2fc52886ed71033.mspx

This assumes you will be configuring RRAS properties to get client IPs from Windows DHCP and not a manual range or from your firewall/perimeter router (such as your Comcast, Linksys, etc., router).

Once that is done, in DHCP, change the WINS address to the new server in DHCP Option 046. Make sure you have DHCP Option 044 set to 0×8.

•DHCP Option 044: IpAddressOfYourWINSserver
•DHCP Option 046: 0×8

If not sure how to do the above, please read this article:
DHCP Options Not Set by SBS Setup (this is good for SBS and WIndows Server 2003, 2008, 2000, etc):
http://support.microsoft.com/kb/218636

FSMO roles

If you say the other DCs are that unreliable, transfer all the FSMO roles to
this new server.If not sure how, follow this article:
How to view and transfer FSMO roles in Windows Server 2003
http://support.microsoft.com/kb/324801

If you are not sure which server to set a FSMO role, read this:
FSMO placement and optimization on Active Directory domain controllers:
http://support.microsoft.com/kb/223346

Make this DC a GC. If you need assistance: follow this article:
http://technet2.microsoft.com/windowsserver/en/library/93ffc6d8-e4c9-4a5b-8b4c-7d426bcba5a11033.mspx?mfr=true

Matter of fact, make all DCs a GC. More on this:

Global Catalog and FSMO Infrastructure Master Relationship
Published by Ace Fekay, MCT, MVP DS on Oct 1, 2010 at 1:05 PM
http://msmvps.com/blogs/acefekay/archive/2010/10/01/global-catalog-and-fsmo-infrastructure-master-relationship.aspx

Phantoms, tombstones and the infrastructure master.
The GC role will conflict with a global catalog in a multi-domain forest. To overcome this conflict, all DCs are recommended to be GCs.
http://support.microsoft.com/kb/248047

Global Catalog vs. Infrastructure Master
"If a single domain forest, you can have all DCs a GC. If multiple domains, it is recommended for a GC to not be on the FSMO IM Role, unless you make all DCs GCs"
This is the recommendations by AD Microsoft engineers, AD MVPs, and other engineers.
http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/03/08/37975.aspx 

 

Ace Fekay


Suggestions, comments, corrections, etc, are all welcomed.

Leave a Reply