Announcement

Collapse
No announcement yet.

Additional DC For Existing Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Additional DC For Existing Domain

    Hi All! This is a new Windows Server 2003 single domain forest with one Exchange 2007 server and 3 Windows 2003 Terminal Servers. There is a single R2 SP2 DC that is the DHCP server, all on a single subnet. I want to run dcpromo on a fifth Windows 2003 server to set up a second DC. I want it to be able to handle all domain functions including GCS, DNS, DHCP and GP so that if the first DC goes down the fail-over will be automatic. Should that happen, the first DC would be brought back on line with all due haste so seizing FSMO roles is not an issue. I just want the domain to continue to function until the first DC is brought back online, probably within 24 - 48 hours.

    Of course, nothing is ever simple. For disaster recovery purposes, I want to locate the second DC off site at a remote location which is on a different private network. There is a L2L VPN between the sites with Cisco ASA's on either side. Both DCs would need to talk to each other across subnets (virtually, they would both be on the same network) Im hoping that after a fail-over the second DC would provide DHCP to clients on the other physical network. Presently, both servers are together on the single subnet.

    The dcpromo wizard sounds pretty straight forward but I would like to keep the painful surprises to a minimum and get it right the first time. Any suggestions, recommendations or pointers would be greatly appreciated!

    Thank you. Thank you very much.

  • #2
    Re: Additional DC For Existing Domain

    Wow, was it something I said?

    Comment


    • #3
      Re: Additional DC For Existing Domain

      I thought i'd answered this one. Actually i'm sure i did.

      Anyway here's what i would do.

      Create 2 sites in AD Sites and Services. Associate correct IP with site.
      Install and build new DC in the remote site and give it a static IP in that range.
      On new DC ensure that it has GC, DNS installed.
      Allow replication to occur.

      That should take care of everything except your DHCP server. For this i would install DHCP on a 2nd server on site then split your scope 80/20 so that some clients will still get serviced. Depending on how big the site is and your scope you could do it 50/50.

      If thats not suitable for you then you'd be looking at something a bit more fiddly like IPHelpers on switches or DHCP relay's.

      Comment


      • #4
        Re: Additional DC For Existing Domain

        wullieb1, thanks for the response(s)

        Main site A
        Remote site B

        The site B DC would be acting as if it was on site A. The remote location is just for physical disaster recovery. Clients at site B get DHCP from the ASA. Users at site B do all their work on the Terminal Servers at site A. So there is no need for site B's DC to provide local DHCP. If site A's DC choked, it would fail-over to site B's DC. The domain would continue to function as it does now, with one DC.

        Can I do the dcpromo now, with both servers at site A? That way I have a second DC up and running for the domain now. Then shortly thereafter, I would create the second site in AD Sites and Services on the main DC and relocate the 'new' one to site B.

        Comment


        • #5
          Re: Additional DC For Existing Domain

          Ahh now i get you lol. Sorry for the confision.

          Does the siteB still reside in the same IP range as siteA???

          Comment


          • #6
            Re: Additional DC For Existing Domain

            No, the two sites are connected by a VPN.

            Comment


            • #7
              Re: Additional DC For Existing Domain

              Thats fine.

              What you'll need to do is associate the 2nd range of IP addresses with the initial site. This can be done in Sites and Services and you'll need an Enterprise Admin account for that.

              Install your DC and make it a GC with DNS and any other services you'll need. Once it has noved to the new site assign it a new static IP and update DNS, ipconfig /registerdns should work or netdiag /fix

              DHCP is another problem though and i'm just trying to think of a solution to the problem. Quick thinking points me to installing DHCP on another of your servers onsite and using the 80/20 split. If you really must have DHCP on the other site then we'll need to think of something else.

              Comment


              • #8
                Re: Additional DC For Existing Domain

                If I understand you correctly, the order of steps would be:

                1. Run dcpromo on the server in it's present location, site A. Install DNS and make it a GC. Setup DHCP 80/20 split with the 1st DC. (total clients <75, so maybe a 50/50 split?) At this point, it will be a functioning additional DC for the domain. I could shutdown the original DC and the domain would function properly.

                2. In preparing to moving it to site B, associate the 2nd range of IP addresses (10.0.0.0) with the initial site (172.16.0.0)

                3. When ready, move it to site B and give it a static IP address on the 10.0.0.0 network and update DNS.

                For the fail-over, I want the site B server to provide DHCP to site A clients. When you say install DHCP on another server onsite, do you mean site B? Will the fail-over be automatic and can both DC's share the DHCP database with the same address pool? Maybe the whole 'off site 2nd DC' thing is unnecessary.

                If I flubb the dcpromo, can I demote it and start again?

                Comment


                • #9
                  Re: Additional DC For Existing Domain

                  Originally posted by vndic8 View Post
                  If I understand you correctly, the order of steps would be:

                  1. Run dcpromo on the server in it's present location, site A. Install DNS and make it a GC. Setup DHCP 80/20 split with the 1st DC. (total clients <75, so maybe a 50/50 split?) At this point, it will be a functioning additional DC for the domain. I could shutdown the original DC and the domain would function properly.

                  2. In preparing to moving it to site B, associate the 2nd range of IP addresses (10.0.0.0) with the initial site (172.16.0.0)

                  3. When ready, move it to site B and give it a static IP address on the 10.0.0.0 network and update DNS.

                  For the fail-over, I want the site B server to provide DHCP to site A clients. When you say install DHCP on another server onsite, do you mean site B? Will the fail-over be automatic and can both DC's share the DHCP database with the same address pool? Maybe the whole 'off site 2nd DC' thing is unnecessary.

                  If I flubb the dcpromo, can I demote it and start again?
                  1. Exactly right.

                  2. Right again.

                  3. And again.

                  The DHCP failover will be alittle more tricky than that as DHCP broadcasts are not routable so will not traverse over to the 10.0.0.0 netowrk without some help.

                  Couple of options are a) DHCP Relay agent or b) IP Helper command on switch or router.

                  DHCP Relay agent will listen on the same network as you are on then forward packets to a specific DHCP server.

                  IP Helper command does pretty much the same thing.

                  More info here on both

                  DHCP Relay Agent

                  http://technet.microsoft.com/en-us/l...03(WS.10).aspx

                  IP Helper

                  http://routergod.com/trinity/

                  At the moment we have 3 VLAN's configured on our switch and we have 1 DHCP server that serves all these VLAN's using the IPHelper command on our HP Switches.

                  Comment


                  • #10
                    Re: Additional DC For Existing Domain

                    Thanks for the Router God link. I'd take any advice Trinity had to give

                    Houston, DC2 has landed.

                    "Active Directory is now installed on this computer for the domain mydomain.lan. This domain controller is assigned to the site Default-First-Site-name."

                    On the new DC, the File Replication and Directory Services started. At the net share command, both NETLOGON and SYSVOL are correct, same as DC1. No errors in the event logs.

                    On DC1, C:\WINDOWS\SYSVOL\staging areas is 4k. On DC2, C:\WINDOWS\SYSVOL\staging areas is 7MB. ??


                    Should I split the DHCP now or wait for the move? At the moment, the DHCP scope on DC1 is 172.16.1.0 - 172.16.1.254 with 172.16.1.1 - 172.16.1.100 excluded.

                    Comment


                    • #11
                      Re: Additional DC For Existing Domain

                      I would split now and make sure its issuing addresses before the move.

                      Comment


                      • #12
                        Re: Additional DC For Existing Domain

                        wullieb1

                        I would like to setup DHCP on DC2, which is listed as a DNS server and a WINS server under Server Options in DC1's scope, but I have a few questions before I proceed. Would it be more appropriate for me to post in this thread or start a new one?

                        Thanks!

                        Comment


                        • #13
                          Re: Additional DC For Existing Domain

                          I would start a new thread for each unrealted question. You can always link back to this one if necessary

                          Comment

                          Working...
                          X