iSiek's forum about Microsoft Windows services

Full Version: Additional Domain Controller within Windows Serer 2008R2
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi Sir,

I`ve read your post on "Adding first Windows Server 2012 Domain Controller within Windows 2003/2008/2008R2 network"

Please let me know if your post is applicable on my current situation.

My current server is running on Windows Server 2008 R2 and it`s the only primary domain controller configured in my office with around 50 workstations connected as domain user.

Therefore for purpose of domain controller redundancy, I would like to add another 2nd new domain controller running Windows Server 2012 which O/S & ADDS services just newly installed.

Can I just define the server for Global Catalog only and exclude DNS role? What will be the output? What does RODC does?

Is there any harm or risk to try this out? I`m afraid after adding the 2nd domain controller, will mess up the existing primary domain controller.
e.g. user unable to login to domain controller, crashes/conflict with the 1st domain controller & etc.

Your advise is much appreciated on this. Thank you.
Hello,

yes of course you can follow this article to promote additional (redundant) Domain Controller in your environment. It is supported in your scenario.

Quote:Can I just define the server for Global Catalog only and exclude DNS role? What will be the output? What does RODC does?

When you are promoting new Domain Controller you should designate it as Global Catalog, especially if you are going to remove your old DC from the environment.
Of course for business continuity, you need to have at least 2 Domain Controllers and 2 DNS servers for your domain.

For DNS server role, why don't you want to have it also redundant? Is there any requirements to not promote it as additional DNS server? It's good to have additonal DNS server. What if this only one would fail?

RODC is Read-Only Domain Controller and I think this is not applicable in your environment. You can use it for unsecure remote locations where no "real" server room is in-place or if there are not to many users but you wish to allow them authenticate within their site. To implement RODC at least Windows Server 2003 Forest Functional Level is required and at least 1 Windows Server 2008 writable DC in a domain.

RODC authenticates users locally (if appropriate configuration is deployed) and does not make permanent changes in AD database. All changes are redirected to writable Domain Controller over LAN/WAN (depends on deployment scenario). If RODC is not appropriate configured with password replication policy, users are also authenticated over writable DC which uses LAN/WAN link.

Quote:Is there any harm or risk to try this out? I`m afraid after adding the 2nd domain controller, will mess up the existing primary domain controller.

No, by default deploying additional Domain Controller does not do any harm in the environment. You can simply do that but if you afraid, first try to check your domain's health. You can check this article on my blog with some tools allowing you to verify its health at http://kpytko.pl/active-directory-domain...ing-tools/

When no errors are found in your environment, promoting additional DC should be straightforward process and AD database with SYSVOL should be replicated without any issues. Your users would not see anything during this process, they will work uninterruptedly.

If you have more questions, do not hesitate to ask
Oh, and please post your implementing results, here, ok? Other users might find them useful.

Thank you in advance
(06-02-2015, 11:12 AM)iSiek Wrote: [ -> ]Oh, and please post your implementing results, here, ok? Other users might find them useful.

Thank you in advance

Ok. Thank you sir for your brief explanation. I will try it out soon and post my results here.
That would be great! Thank you.