Step-by-Step Setting up Additional Domain Controllers

Introduction

An Active Directory service deployment is made up of one or more forests, where a forest has one or more domains. Creating the initial domain controller (DC) in a network creates the first domain in a forest—you cannot have a domain without at least one domain controller. The first domain created is the root domain of the first forest. Additional domains in the same domain forest may be child domains or tree root domains. A domain immediately above another domain in the same domain tree is its parent.

Domains are used to accomplish network management goals, such as structuring the network, delimiting security, applying Group Policy, and replicating information.

The Windows 2000 operating system supports multimaster replication: all of a domain’s domain controllers can receive changes made to objects, and can replicate those changes to all other domain controllers in that domain. A domain is a directory partition. By default, the first domain controller created in a forest is a global catalog server, which contains a full replica of all objects in the directory for its domain and a partial replica of all objects stored in the directory of every other domain in the forest.

Replicating Active Directory data among domain controllers provides benefits for information availability, fault tolerance, load balancing, and performance. In this step-by-step guide, you can take advantage of the greater fault tolerance provided in the multimaster model by installing multiple domain controllers so that the Active Directory remains available even if a single domain controller stops working.

Prerequisites

This step-by-step guide requires that you have installed Windows 2003 Server on two computers in your network and that you can log on as an Administrator.

The common infrastructure documents specify a particular hardware and software configuration. If you are not using the common infrastructure, you must take this into account when using the guide.

In Part 1 of the Step-by-Step Guide to a Common Infrastructure for Windows 2000 Server Deployment, you installed Windows 2000 Server on a computer and promoted the server to domain controller of the fictitious domain Reskit. When you promoted the server to a domain controller, the Configure Your Server wizard automatically installed Active Directory, DNS, and DHCP on that server. After populating the Active Directory containers on the domain controller (computer name HQ-RES-DC-01), you installed Windows 2000 Professional on a workstation in that domain using Part 2 of the Guide to a Common Infrastructure.

Use this document to continue setting up the common infrastructure network for Active Directory step-by-step guides. This guide will provide you with the procedures to configure a computer running Windows 2000 Server as the first domain controller of a child domain of the parent domain Reskit, and configure an additional domain controller to function as a replication partner. This requires that in addition to the first DC in the network (Reskit.com), you have two more computers running Windows 2000 Server that can be promoted to DCs. This simply entails installing Windows 2000 Server on those computers; use the Getting Started guide supplied with your Windows 2000 Server CD for instructions.

See the Product Compatibility Search site to make sure that your server meets the minimum requirements for Windows 2000 Server.

Installing Static IP Addresses Back to Top

Best Practice: While not strictly required, Microsoft highly recommends that domain controllers, DHCP servers, routers, and printers have static IP addresses assigned to them for stability.

The following steps should be performed on a computer that has Windows 2000 Server installed, is connected to an existing network (in our example, the Reskit network established in the Step-by-Step Guide to the Common Infrastructure), and which is not the first domain controller in the network.

Install a static IP address on the first child domain DC and replication partner DC

1. Right-click My Network Places, and click Properties. 2. In the Network and Dial-up Connection dialog box, right-click Local Area Connection, and then click

Properties.

3. In the Local Area Connection dialog box, double-click Internet Protocol.

4. Select Use the following IP address, and enter

IP address for first child domain DC: 10.0.4.2IP address for replication DC: 10.10.1.3Subnet mask: 255.255.255.0Default gateway: 10.10.1.2

5. Select Preferred DNS server, type 10.10.1.1, and click OK. 6. In the Local Area Connection dialog box, click OK.

7. Close the Network and Dial-up Connection dialog box.

Configuring a Child Domain

Run the Configure Your Server wizard

1. Click Start, point to Programs, point to Administrative Tools, and then click Configure Your Server. The Configure Your Server wizard appears.

2. Select One or more servers are already running in my network, and click OK.

3. On the next wizard page, click Active Directory in the list of services on the left. On the Active Directory information page, scroll to Start the Active Directory Installation Wizard, and click Start. (To make this server a domain controller, you must install Active Directory.)

Note: Because you must have a partition formatted with NTFS to host Active Directory, you might receive a message asking you to convert the file system on your computer to NTFS. Click Yes. The process of converting the partition to NTFS begins, which includes disk check, processing files on the volume, and converting the file system. When the conversion is complete, you can return to step 3, and click Start to start the Active Directory Installation wizard.

4. Click Next, and then click New, and then click Next again. 5. Select Create a new child domain in an existing domain tree, and click Next.

6. In the Network Credentials box, enter the user name as Administrator, do not enter a password, type the domain name as Reskit, and click Next.

7. On the Child Domain Installation page, enter the parent domain as Reskit.com and the child domain as Vancouver. Note that the complete DNS name of the new domain is displayed now as Vancouver.reskit.com. Click Next.

8. In the NetBIOS Domain Name box, accept the defaults and click Next.

9. On the Database and Log on Locations page, accept the defaults and click Next.

10. On the Shared System Volume page, accept the defaults and click Next.

11. If your testbed will contain machines running pre-Windows 2000 operating systems, select Permissions compatible with pre-Windows 2000 servers. If you plan on having a Windows 2000-only testbed, select Permissions compatible only with Windows 2000 servers. Click Next.

12. When prompted to Restore Mode Administrator Password, click No and then click Next.

13. On the Summary page, click Next, and the wizard configures Active Directory.

14. Click Finish on the Completing Active Directory Installation page.

Before the wizard restarts Windows, the Completing the Active Directory Installation page appears, which confirms that Active Directory is installed on this computer and specifies that it is a domain controller assigned to the site, "Default-First-Site." Sites, which are configured with the Active Directory Sites and Services tool, determine how replication occurs.

Role of Sites in Active Directory Replication Back to Top

Sites enable the replication of directory data both within and among sites. Active Directory replicates information within a site more frequently than across sites, which means that the best-connected domain controllers receive updates first. The domain controllers in other sites receive all changes to the directory, but less frequently, reducing network bandwidth consumption.

A site is delimited by subnet, and is usually geographically bounded. A site is separate in concept from Windows 2000-based domains. A site can span multiple domains, and a domain can span multiple sites. Sites are not part of the domain namespace. Sites control replication of your domain information and help to determine resource proximity. For example, a workstation will select a DC within its site with which to authenticate.

Directory information can be exchanged using the following transports: RPC over TCP/IP and SMTP. See the “Step-by-Step Guide to Active Directory Sites and Services” for information about configuring sites, subnets, and IP-based replication. See the Step-By-Step Guide to Setting up ISM-SMTP Replication for information about SMTP replication.

Configuring a Replication Partner

To take advantage of multimaster replication, you can set up another domain controller to serve as a replication partner for the first DC of the child domain, Vancouver.

Configure an additional domain controller as replication partner

1. Click Start, point to Programs, then to Administrative Tools, and then click Configure Your Server. 2. On the first wizard page, select One or more servers already running in my network, and click Next.

3. Click Active Directory in the list on the left and scroll to Start the Active Directory Wizard, and click Start.

4. On the Active Directory Installation Wizard welcome page, click Next.

5. On the Domain Controller Type page, select Additional domain controller. This creates the domain controller as a replication partner.

6. On the Network Credentials page, log on as administrator, type the domain name Reskit, and click Next.

7. On the Additional Domain Controller page, click Next.

8. On the Database and Log Location page, accept the defaults and click Next.

9. On the Shared System Volume page, click Next.

10. Leave the Restore Mode Administrator Password page blank, and click Next.

11. On the Summary page, click Next. The wizard configures Active Directory.

12. When the Completing Active Directory wizard page appears, click Finish, and restart Windows.