Two Domain Controller 1

[idsi]

I installed a new system windows 2003 Standard Edition as a domain controller with AD and had my DNS set up with forward and reverse zone. My LAN users where able to join the domain and is getting authenticated and no issues.
Then i installed another new machine with Windows 2003 Standard edition and joined to the new domain. When i tried activating the AD on this it asked me to configure the DNS and i was a newbie , i was not sure how to do it. I tried adding the first domains details , but it came up with error stating that zones couldnt be transferred. Then i tried with the same machines details, then it was able to add and activate the AD.
But after restart during login it doesn't give the machines name, but it gives only the first domain controller to login and i have to give the administrator and password of that domain to login to this machine. Then under AD i could see all the users , computers and groups being migrated. I am wondering whether this is the correct way or something else.
Also if the first domain goes down, will the second domain controller can authenticate the users because of this type of login and dns setup.
Appreciate a quick help

 

[bofhrevenge2]

Well the reason that you can't logon to the local machine is that all local machine
accounts are deleted when the computer becomes a DC.

If the first domain controler goes down with your setup you will have problems as
this machine is also your DNS server, if you add DNS to your second DC then you
will be ok for a short while without your frist DC but for any extended length of
time you would need to seize the FSMO roles.

http://www.computerperformance.co.uk/w2k3/W2K3_FSMO.htm

Hope that helps.

 

[idsi]

Appreciate Your quick response.

When i added the dns to the second DC I should add the ip and details of the second machine or should i add the details of the first one .

Also on the client side, do i need to add the second DC's ip also so that if the first DC goes down the second will authenticate so that the users in the LAN could browse their resources.

Looking for a quick response.
You are right on your statement at your link - Professionals will know what FSMO means and its significance, amateurs just frown. I confess that i am amateur.

 

[Jpoandl]

By default, when you created your first DC, it should have automatically create the DNS service and structure in AD Integrated mode.

What AD Integrated means is that your DNS records are included in AD replication. Therefore, if you properly add another DC to the same domain the DNS database is automatically replicated to the new DC. You can then add the DNS service on the new DC to make this a second DNS services server (And point all clients to this server in TCP/IP settings using the secondary DNS server configuration on the clients).

So, if you have already joined the domain properly on the new server AND promoted this server to a Domain Controller, you should be in good shape. The new DC should have a unique IP address and should be pointing to the existing DC's IP address for DNS (TCP/IP setting).

If all of this is true, then you just need to install the DNS service on the NEW DC. Once you install DNS, you will be able to see the DNS settings on the NEW DC (Start --> Programs --> Admin Tools --> DNS)

Yes, you do need to add the NEW DC's IP address to your clients. This way, if the primary existing DNS/DC goes down, your clients will use the NEW DC/DNS for resolution/logons. You can test this by disconnecting your existing DNS server to see if the fail over works properly.

-hope this helps..

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[bofhrevenge2]

Oh sorry idsi that isn't my page and i wasn't aware of the statement at the bottom, no offence intended it just seemed a good article.