How to create a backup domain controller?

[ljCharlie]

We have a Windows 2003 Server Enterprise edition for our domain controller. Now, I want to create a backup domain controller so when the primary domain controller is crashed or shutodwn for maintence users can still login. What are the steps? Any sources to how this is done is appreciated.

ljCharlie

 

[bofhrevenge2]

Just install Active Directory the same as you did on the first server, as it is a multiple master setup it will be a second domain controller by default.

 

[bofhrevenge2]

Here's a couple of links that should help.

http://www.microsoft.com/resources/...2003/all/deployguide/en-us/dssbl_dfr_txor.asp

http://www.petri.co.il/how_to_install_active_directory_replica_on_w2k.htm

 

[JerryLan]

Log in to your 2003 Server and call up the Help and support center.
Enter the words "Backup Controller" with no quotes.
You will see all kinds of great info. Half way down the choices is "Creating additional domain controllers".
That's really all you need.
You will be replicating your disk onto the backup controller in order to make it happen.

 

[ljCharlie]

Many thanks for the responses.

ljCharlie

 

[ljCharlie]

So, just to confirmed if this is what I'm hoping to accomplish. By having a second domain controller using a restore System State Data from the primary, I should be able to shutdown the primary controller for maintence without affecting any users, correct?

ljCharlie

 

[bofhrevenge2]

If they are on the same LAN then you are better just installing Active Directory and letting the first server replicate all the info accross, unless you have a massive directory.

Yes you should be able to have periods of downtime and the second server will authenticate users, you shouldn't run into many problems unless the downtime is extensive.
Things to be aware of are the first server will hold all of the master roles one of which is the PDC emulator so if you have a trust with an NT4 domain you might have problems after a while. The first server will also be your network time server, this will also be missed after a while.
Take a look at this link for details on FSMO roles.

http://www.computerperformance.co.uk/w2k3/W2K3_FSMO.htm

Overall you shouldn't have and problems if it's only for a few hours.

 

[technome]

Two cents..
Bofhrevenge2 is correct, should you take the FSMO down for maintenance, a second DC will allow logins to the network as long as DNS is working on the second DC, and the TCP/IP client settings have the second DCs IP in the alternate DNS server entry box.

Basically you want at least two DCs, you do NOT want to restore the system state from the FSMO to another DC which is "on line" or will be on line, all hell will break loose.

Should the FSMO give warning of impending disaster, you would transfer the AD roles to the second DC (5 at most). With sudden death of the FSMO, you would need to seize the AD rolls on the second DC.

If after repairing an FSMO which dies suddenly, you can do an authoritative restore, with the server using the same name, which is possible, but can be dangerous, done it twice on small networks with only a few DCs, with no problems (considering you do not transfer/seize the roles to a second DC.

 

[bofhrevenge2]

Ooops yes well pointed out technome DNS is also a key service that will need to be on the second server.