Secondary Domain Controller Setup
-
I am working on setting up a new virtual secondary DC to replace our current one that is physical. I have read so many articles and think I have the process down but since I have never done this before, I am hesitant. (Like when you read a walk through and it seems too easy, so you think you must be missing something)
So I have setup the VM, its on the domain, it has a static IP address, I have installed AD services
Question I think the answer is yes but want to verify: Should I have DNS installed on the secondary DC as well?
If yes, the next step is to go into AD Directory services and point it back to my PDC to replicate?
I know I will need to go in and fix DNS stuff but since right now the other 2 are working, I am going to wait until the 3rd is replicated 1st. (plan is to decommission one of them once the 3rd is up and running properly)
-
I would definitely check and make sure that DNS was installed on your second DC. Have you actually gone through the process to promote it from being a member server yet?
-
Bringing up a secondary domain controller is really simple. Windows does most of the work for you by replicating the LDAP database automatically (once the role is installed). Make sure you correctly decommission the physical domain controller. That process should do most of the role assignments automatically as well.
-
@dafyre No, I wanted to make sure that before I promoted it I was not missing anything. Like I said it just seems too easy so I am questioning myself.
-
DNS is generally a good thing to have installed along side a domain controller (I thought it was required as part of the promotion process?)
-
@coliver Is right. It really is "that easy" lol. And I think that it does install DNS as part of the AD Promotion process too, so really all that is left is to back up the first DC (if you are paranoid as I am) and then promote the second one.
\ -
If I don't plan on decommissioning anything right away, there is not much of a need for backups is there? Nothing I am about to do will affect production at all will it? (if it slows slightly during replication, that is fine.)
-
Generally, no. But if anything goes sideways, it's always better safe than sorry, lol.
-
Do you need backups? sounds like it's not critical, but hopefully you are backing up at least one of your DCs.
DNS isn't required, or mandated by the promotion (unless that was changed in 2012 R2) but I'd highly recommend it (might even be considered best practices) and should be offered to be installed during promotion if you don't already have it installed.
The rest of the guys are right, it really is that simple... you don't need to do anything to setup replication. The system takes care of that during AD promotion.
-
@bbiAngie said:
Question I think the answer is yes but want to verify: Should I have DNS installed on the secondary DC as well?
Yes, if you are using your DCs as your DNS servers (which is by far the most common option) then you will want redundant DNS just like you want redundant AD. Without the redundant DNS, the secondary DC will not be useful as DNS will be down when it is needed.
-
@Dashrender Both my current DC's are getting backed up nightly. Only reason I question is because if there is any chance this will bring down the "primary" DC, I need to wait to do it.
-
@Dashrender said:
Do you need backups?
You already have these, I hope! Is your DC currently not part of a daily backup process?
-
Based on what you all say, all I really need to do is promote it to a DC, then point it back to my current "primary," let it do its thing then I should be done. (besides re-pointing DNS)
-
@dafyre said:
I would definitely check and make sure that DNS was installed on your second DC. Have you actually gone through the process to promote it from being a member server yet?
That will install with AD DS
-
@scottalanmiller said:
@Dashrender said:
Do you need backups?
You already have these, I hope! Is your DC currently not part of a daily backup process?
lol that was really rhetorical
-
@bbiAngie said:
Based on what you all say, all I really need to do is promote it to a DC, then point it back to my current "primary," let it do its thing then I should be done. (besides re-pointing DNS)
You don't even need to do that. Promoting it will do all of this for you.
-
@Dashrender said:
DNS isn't required, or mandated by the promotion (unless that was changed in 2012 R2) but I'd highly recommend it (might even be considered best practices) and should be offered to be installed during promotion if you don't already have it installed.
DHCP isn't required. DNS very much is a required part of a DC (but doesn't have to be on the same server)
-
Cool, like I said, it just seemed way to easy to be correct. Glad made sure before!
-
A delegation for the DNS server cannot be created because the authoritative parent zone cannot be found or it does not run in Windows NS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "domain.name.". Otherwise, no action is required.
Translation?
-
@bbiAngie said:
Based on what you all say, all I really need to do is promote it to a DC, then point it back to my current "primary," let it do its thing then I should be done. (besides re-pointing DNS)
Pretty much - I've never seen a failure when promoting a DC. Before you promote the DC, make sure the primarily DNS points to one of the other DCs (which it probably already does). You don't need to change this until just before you demote the old one.
