Question

Locked

Windows 2000 Problem

By erfan_anwar ·
I have two new servers and have made the first one as domain
controller. I've installed and configured the active directory OU's,
DNS and DHCP.

All workstations now talk to the server and hence are following all
Group policies over network.

The problem is, I want to add the second server and replicate the
Active directory and also create a secondary DHCP scope. I'm not too
sure how to make the second domain controller and how to get
replication and dhcp to work.

FSMO comes to mind but it's a bit too technical.

HELP!

Thanks

Erfan Anwar

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

dcpromo

by retro77 In reply to Windows 2000 Problem

You'll want to run dcpromo on that other member server. If your not familuar with FSMO roles, leave them default.

For DHCP, are the 2 servers on the same subnet? If so then you really only need one DHCP server.

Collapse -

Thanks for the reply

by erfan_anwar In reply to dcpromo

Both are on same subnet eg network address =1
0.242.220.0 and 1st dc ip = 10.242.220.x and 2nd ip =
10.242.220.(x+1)

I agree with you on DHCP. My friend had transfered FSMO
from an old server to my first domain controller. This is
why I believe that the first domain controller has FSMO
roles assigned to it.

I've looked at help files on FSMO and see that all are used
in cmd. I think I need to transfer or replicate the first
domain controller roles to second.

The Active directory has close relationship with FSMO s I
don'tthink I have any choice but to get these roles over to
second controller.

For this do I need to install Active Directory onto 2nd DC?
how to make 2nd and 1st dc's get to replicate AD?

It's commonsense to say that they share the same domain
eg if first controller name = 2ksrv01 then full name =
2ksrv01.instittion.local and second domain controller =
2ksrv02 then full name = 2ksrtv02.institution.local where
institution.local is domain name.

I feel a bit lost but I know this isn't too diffecult to solve


HELP!

thanks again,


erfan anwar

Collapse -

It's imperative that you understand what FSMO roles are

by ManiacMan In reply to Thanks for the reply

as they are the core components that make AD what it is, especially in a multidomain forest where you will have multiple domain controllers holding FSMO roles pertaining to either forest or domain operations masters roles. If you ever have a DC fail and it holds a critical FSMO role, depending on what role it is, your AD environment can come to a grinding halt as you won't be able to create new users or join new machines to the domain, just to give an example. You'll need to read up on FSMO roles, how to move roles to different domain controllers, and how to seize roles from crashed domain controllers. It's not hard to do, but if you don't understand the basics, it will be quite a challenge to accomplish when you need it the most.

Collapse -

It also depends ...

by Churdoo In reply to Thanks for the reply

... on what you're trying to accomplish.

If you just want a replica of AD so that in the event of a catastrophic server crash of 2ksrv01, that your AD is not lost, then by DCPROMO 2ksrv02, you will have that, as replication and DNS are configured automatically as part of the DCPROMO. This replication is regardless of how you may or may not distribute the Roles, so in the event of a catastrophic crash of 2ksrv01, 2ksrv02 would hold a copy of the AD and you could seize any/all roles onto 2ksrv02. In this scenario, the copy of AD on 2ksrv02 would be as up to date as 2ksrv01 as the last successful replication, which being on the same LAN, "should" be right on.

If however, you're looking for absolute DC redundancy such that users can still log onto the network and not lose any services even if 2ksrv01 is down for maintenance, then there are a couple more considerations. In this scenario, you need to configure 2ksrv02 to hold a copy of the "Global Catalog". This will allow 2ksrv02 to process logins.
http://technet2.microsoft.com/windowsserver/en/library/7b1c3e1c-ef32-4b8e-b4c4-e73**0575f611033.mspx?mfr=true.

Next, back to your DHCP question, with AD and GC on 2ksrv02, DHCP becomes a single point of failure for workstations starting up and requesting leases if DHCP only resides on 2ksrv01. And of course, then you have to consider any other services that your 2ksrv01 is providing -- print server, file server, etc.

edited: typo

Collapse -

Read Up

by retro77 In reply to Thanks for the reply

Check this out:
http://support.microsoft.com/kb/324801

How to see where your FSMO roles are now. If you use dcpromo to remove a DC, it transfers the FSMO roles for you.

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Forums