Windows Server 2008 R2 Thread, Adding second domain controller in Technical; Hi All,
We set up our new server 2008 R2 domain over summer and now have a second server that ...
18th October 2012, 08:11 AM #1
Adding second domain controller
We set up our new server 2008 R2 domain over summer and now have a second server that we can add as DC2.
We have installed Server 2008 R2 on it and are about to DCPROMO it.
Are there any extra settings I should be aware of before we go ahead and do this?
This is not the sort of thing we do every day!!
18th October 2012, 08:13 AM #2
Making the server into a DC will likely install DNS services, you may want to add that second servers IP as a secondary DNS server in your DHCP settings? Just for load sharing etc
Other than that it should be fairly straight forward
Thanks to themightymrp from:
reggiep (18th October 2012)
18th October 2012, 08:28 AM #3
Should be fairly easy - it leads you through it in the dcpromo anyway. If you're just putting your second DC in you might want to consider splitting your DHCP scopes between the two servers - set the entire scope up on each, then disable half the range on each one, so that if a server ever goes down you can just remove the restriction and your full DHCP scope is serviceable still. Fairly brute-force load balancing, but fairly common as well.
3 Thanks to sonofsanta:
Davit2005 (18th October 2012), laserblazer (18th November 2012), reggiep (18th October 2012)
18th October 2012, 02:24 PM #4
Only thing you have to watch out for when splitting a DHCP scope between two servers is to make sure the subnet has twice as many addresses available as the total number of clients in it. If one of your domain controllers does stop functioning you could run out of addresses in the scope on the backup.
Originally Posted by sonofsanta
Make sure the new DC is a global catalog server too so it can process login requests.
Thanks to Duke5A from:
reggiep (19th October 2012)
19th October 2012, 09:00 AM #5
I'll take note of that.
Originally Posted by Duke5A
19th October 2012, 08:56 PM #6
also consider balancing out your FSMO roles, if you only have one DC now, it will hold all of them. Consider transferring some of them to the new DC.
Thanks to ADMaster from:
reggiep (25th October 2012)
25th October 2012, 03:37 PM #7
Last time we moved fsmo roles between DCs we couldn't move them back to demote one of them! We had to live with a slightly faulty domain DC for a year as we couldn't demote it!
18th November 2012, 12:03 PM #8
Originally Posted by reggiep
if there were no roles on it, you could have just turned it off reinstalled over the top and used ntdsutil to remove any reference of it from the domain
18th November 2012, 01:43 PM #9
In small environments i prefer to have them in one place. You can always steal the roles in it fails.
Originally Posted by dana_lehman
I've also read somewhere you shouldn't run DHCP from a DC for security purposes but can't remember why.
Thanks to glennda from:
reggiep (19th November 2012)
19th November 2012, 03:10 PM #10
- Rep Power
19th November 2012, 05:03 PM #11
Originally Posted by glennda
i think its because the account that the DHCP service runs as has more access on a DC than on a Member Server.
19th November 2012, 05:15 PM #12
- Rep Power
It's better to have the firewall handle dhcp if in te event the dc gets compromised you can still kick sessions and isolate it for damage control.
Originally Posted by oxide54
19th November 2012, 07:45 PM #13
Originally Posted by rslulz
no idea what your on about tbh, buti don't think about it being a security risk myself, i was just offering reasoning to what glennda had read.
By sultan966 in forum Windows Server 2000/2003
Last Post: 23rd July 2011, 12:03 AM
By Andi in forum Wireless Networks
Last Post: 27th June 2007, 01:22 PM
By Dos_Box in forum Windows
Last Post: 13th June 2007, 05:17 PM
By Oops_my_bad in forum Windows
Last Post: 19th April 2007, 05:54 PM
By ajbritton in forum Windows
Last Post: 1st April 2006, 04:13 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)