Here's the current situation: Los Angeles location is using the DC at New York location. We are shipping a new server out to act as a DC in LA. We want LA to look to that DC - not the one in NY. We don't want to create a child domain because we want to provide redundancy in case one of DC's goes down. Is there a way to do this? Thanks for any help.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Adding a second DC in a different location 2
- Thread starter dcfly
- Start date
-
2
- #2
1. Create two sites in AD: one for LA and one for NY.
2. You need to use 2 subnets: one for LA and one for NY.
3. Assign one Domain Controller to LA and the second Domain Controller to NY (through Active Directory Sites and Services).
4. Make both the Domain Controllers as DNS servers. Set LA Domain Controller (also a DNS server) as the Preferred DNS server for the clients in LA and set NY Domain Controller as Alternate DNS server for the clients in LA. Likewise, set NY Domain Controller as the Preferred DNS Server for the NY clients and set LA Domain Controller as the Alternate DNS server for the NY clients. This way, even if one Domain Controller goes down, clients will be able to use the other Domain Controller for authentication.
Clients will always try to look for a Domain Controller in their own subnet first.
Hope this helps.
-Keshav
2. You need to use 2 subnets: one for LA and one for NY.
3. Assign one Domain Controller to LA and the second Domain Controller to NY (through Active Directory Sites and Services).
4. Make both the Domain Controllers as DNS servers. Set LA Domain Controller (also a DNS server) as the Preferred DNS server for the clients in LA and set NY Domain Controller as Alternate DNS server for the clients in LA. Likewise, set NY Domain Controller as the Preferred DNS Server for the NY clients and set LA Domain Controller as the Alternate DNS server for the NY clients. This way, even if one Domain Controller goes down, clients will be able to use the other Domain Controller for authentication.
Clients will always try to look for a Domain Controller in their own subnet first.
Hope this helps.
-Keshav
- Thread starter
- #3
- Thread starter
- #7
- Thread starter
- #9
Which particular step you are talking about?
The changes you did in "Active Directory Sites and Services" are domain wide (not unique to that Domain Controller). They will automatically reflect in the other Domain Controller(s). So you don't have to do them again in the other Domain Controller(s).
If you are talking about GC, yes, you have to go to each Domain Controller and enable them as Global Catalog servers.
Hope this helps.
-Keshav / IT Consultant
The changes you did in "Active Directory Sites and Services" are domain wide (not unique to that Domain Controller). They will automatically reflect in the other Domain Controller(s). So you don't have to do them again in the other Domain Controller(s).
If you are talking about GC, yes, you have to go to each Domain Controller and enable them as Global Catalog servers.
Hope this helps.
-Keshav / IT Consultant
- Thread starter
- #11
Keshav:
Thanks for the response.
That is the behavior that I expected but when I logged-in to the NY DC (changes were made on the LA server), AD Sites and Services did not reflect the changes - even after several hours. I'm currently working to find out why.
Thanks for the response.
That is the behavior that I expected but when I logged-in to the NY DC (changes were made on the LA server), AD Sites and Services did not reflect the changes - even after several hours. I'm currently working to find out why.
- Thread starter
- #12
Another thing - when I changed the admin password in AD on the NY DC, the changes did not come into effect on the LA DC; it is still using the old password. Combined with the situation above, it seems that there is a problem with the new DC - it is not syncing with Active Directory across the domain.
1. The basic test first: Are the servers able to ping each other?
2. Check eventlogs on both the domain controllers for any errors related to AD replication.
3. Use DCDIAG on both the Domain Controllers to check for any errors.
4. Check the settings in Active Directory Sites and Services are proper.
5. You can check replication between Domain Controllers using REPLMON. What if you try forcing replication between Domain Controllers?
-Keshav
2. Check eventlogs on both the domain controllers for any errors related to AD replication.
3. Use DCDIAG on both the Domain Controllers to check for any errors.
4. Check the settings in Active Directory Sites and Services are proper.
5. You can check replication between Domain Controllers using REPLMON. What if you try forcing replication between Domain Controllers?
-Keshav
- Thread starter
- #15
Thanks again Keshav. So far, it looks to be a DNS issue.
Firewall is disabled on both DC's.
I can ping both ways successfully by IP address but not by DNS name.
Event Log gives File Replication Event ID 13508 on both DC's (pasted below).
I have yet to run DCDiag, but will soon.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 8/29/2007
Time: 12:04:15 PM
User: N/A
Computer: SERVERDC2
Description:
The File Replication Service is having trouble enabling replication from SERVERDC1 to SERVERDC2 for c:\windows\sysvol\domain using the DNS name SERVERDC1.domain.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name SERVERDC1.domain.local from this computer.
[2] FRS is not running on SERVERDC1.domain.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
Firewall is disabled on both DC's.
I can ping both ways successfully by IP address but not by DNS name.
Event Log gives File Replication Event ID 13508 on both DC's (pasted below).
I have yet to run DCDiag, but will soon.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 8/29/2007
Time: 12:04:15 PM
User: N/A
Computer: SERVERDC2
Description:
The File Replication Service is having trouble enabling replication from SERVERDC1 to SERVERDC2 for c:\windows\sysvol\domain using the DNS name SERVERDC1.domain.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name SERVERDC1.domain.local from this computer.
[2] FRS is not running on SERVERDC1.domain.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
- Thread starter
- #16
- Thread starter
- #17
Check this:
Hope this helps.
-Keshav
Hope this helps.
-Keshav
- Status
Similar threads
- Locked
- Question
- Locked
- Question