Windows Domain Controller Notes

http://srvcore.wordpress.com/2010/02/06/active-directory-windows-2008-and-2008-r2-useful-documentation/

http://www.jppinto.com/2010/07/dcpromo-on-windows-server-2008/

Branch site will have a Domain Controller including Global Catalog (GC) and DNS server.

1. Verify intra-site replication first
   1. http://technet.microsoft.com/en-us/library/cc736355%28WS.10%29.aspx
   2. Requires install of Support Tools
   3. http://technet.microsoft.com/en-us/library/cc755360%28WS.10%29.aspx
   4. repadmin /showrepl
   5. repadmin /showrepl backupdcname
2. Prepare the forest and domain for the new 2008 DC
   1. Use the 2008 (R2) media on 2003 PDC
      1. You can use the free MagicISO to mount the ISO file
   2. d:\support\adprep\adprep32 /forestprep
   3. d:\support\adprep\adprep32 /domainprep /gpprep
3. Use ADSS to verify main and branch sites are created
4. Verify correct subnets assigned to both sites
5. Use DNS Manager to create reverse lookup zones (AD integrated) for each subnet
6. If you can, build the branch office DC and join to domain as member server
   1. Do not DCPromo yet
   2. Install DNS server role

1. Switch on new DC (still a member server)
2. Configure IP address for new site
3. Verify DNS Server role is installed
   1. AD integrated
4. Make sure new DC has main site DC as its primary DNS server
5. Check that VPN is established
   1. Ping main site DC by name
   2. Ping main site DC by FQDN
6. DCPromo (will be slower than at main site)
   1. Make new server a Global Catalog server
   2. Make new server a DNS server
   3. If static IPv4 address is assigned, you can ignore the DHCP warning
   4. If you see a DNS delegation warning, you can click Yes to continue
7. Use ADSS
   1. Check that new server is in the correct site
   2. Right-click NTDS Settings object under PDC
      1. All Tasks → Check Replication Topology
   3. Refresh Sites folder
      1. Connections should appear under all NTDS Settings objects in both sites
   4. Check that site links have been created under Inter-Site Transports/IP
      1. From old to new
      2. New to old
      3. Manually create them on both DCs if needed
8. Create test objects in AD at both ends and wait until they have replicated to the other server
   1. Be patient
9. Change networking on new DC to point to itself for first DNS server and main site DC as second

http://srvcore.wordpress.com/2010/02/04/domain-controllers-and-active-directory-domains-part-3/

http://technet.microsoft.com/en-us/library/cc816705%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc794962%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc749943.aspx

http://technet.microsoft.com/en-us/library/cc749914.aspx

• Create a new Site

• Prefix
  • 192.168.1.0/24
• Assign new subnet to new site
• Multiple subnets possible per site
• This is how authentication and apps know which DC to contact

• Properties
  • Verify both sites are using the same Site Link
  • Replication interval
    • 15 min
• AD Intersite Change Notification (optional)
  • http://www.frickelsoft.net/blog/?p=145

• Static IP Address
  • Matches subnetting above
• Primary DNS Server
  • Use the PDC or other existing DC/DNS server

• If a firewall exists between the sites/DCs
  • See KB179442

• dcpromo.exe
  • Choose new site created above
  • Add roles
    • DNS
    • Global Catalog
• Reboot server

• Active Directory Sites and Services
  • Browse to (new site) → Servers → ServerName → NTDS Settings
  • Right-click → Replicate Now
    • A warning may not represent a real problem
      • especially after first reboot

• Right-click top level and change to another DC
  • Try the same tests

• Troubleshooting
  • Be patient and wait for the replication to occur
  • Reboot again
  • Review firewall configuration

• Reverse Lookup Zone for new subnet
  • DNS Manager
    • Review the Forward Lookup records for the new DC
    • Create new PTR records for new DC and clients in new site
    • Create new Reverse Lookup Zone
      • Primary zone
      • Store the zone in AD (replicated)
      • All DNS servers running on DCs
      • Network ID
        • 192.168.1
      • Only secure dynamic updates

http://support.microsoft.com/kb/825036

• Set the Primary DNS server to PDC
  • Consider setting the Primary DNS server to own IP after replication is successful
• Set the Secondary DNS Server to the PDC or closest DC
• Advanced TCP/IP Settings
  • Add remote DC/DNS server(s) as backup
  • Add additional DNS servers if desired

• Configure DHCP server to hand out local DC/DNS server as primary
• Configure DHCP server to hand out remote DC/DNS server as backup

dcdiag /test:dns

dcdiag -v |more