Additional Domain Controller

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

Additional DC intro

Pioneers LAB forest Diagram

when looking at above Pioneers environment , its  nice hierarchical structure 

but you will find something , each domain has ONLY one domain controller 

so what could happen if that DC down and hardware failed ?  

this situation called [ domain controller single point of failure ]

this lead us to install additional domain controller to avoid  [   single point of failure ]

HOW Additional DC work ?

Pioneers LAB with Single Domain Controller

let’s look to above network diagram of pioneers.lab , you will find :

ALL network objects [like users , group , computer ,…etc. ] in one directory service [ which is located at c:\windows\NTDS\ntds.dit ] 

NOW imagine what could happened if server DC0101 accidentally power down or even hardware failure

to avoid this possible RISK : pioneers company has availability plan which dictate that directory service is critical asset and should be redundant 

then IT team move to apply availability plan and install additional domain controller called DC102 as below diagram

Pioneers LAB with Redundant Domain Controllers

if you look at above diagram : 

we have two servers [domain controllers DC101, DC102 ] , 

each server has it’s own copy of directory service [ntds.dit ] – actually each copy of ntds.dit is called [ replica ] 

let us suppose that we have logged on to DC101 and  open  console Active directory user & computer  ADUC  then create new account  account called amani@pioneers.lab 

this update to directory service will be replicated to the other directory service in the other server DC102 

so any update to active directory on one DC  will replicated to other DC 

 

you may ask : what if DMZ switch down or whole Data center down because Natural disasters like earthquick , fire , Electrical fault etc.

this will lead us to another concept of availability called [ DRS disaster recovery site ] , which will be detailed in another chapter 

Active Directory and DNS

as we know : DNS is  fully integrated with Active Directoy and in most cases DNS installed on same DC 

in our case DNS is NOT except and also installed on DC101 

so it;s very sense to install DNS on another domain conteroller DC102 

this step is NOT enough : we have also to configure ALL computer to use DC102 as second DNS server in case DC101 failed 

don’t feel confused , this is easy step and will be DONE in this article 

 

but NOW , let to focus on implementing additional DC , let’s GO

prepare server

preparing server will include three steps :

  • sysprep 
  • IP address 
  • rename computers 

which  we have explained it in many different areas 

Run > SysPrep
Waite until server restart > set new administrator password
set IP address
this Computer > properties > rename serve

Install Feature ADDS

installing Active directory  ADDS include the following steps

open server manager  

open server manager
next
select this server
select ADDS
accept install requirements
process started
some notes regarding DNS
review settings then next
make sure win2016 DVD inserted and select alternatice sources D:\sources\SXS to accelerate installation
installation process progress

Promote server DC102 as additional DC

now it’s time to promote DC102 as additional domain controller 

click configure 

select promote this server as DC
take care of this step

step above is Crossroad

the first time when we was promoting DC101 as first DC in domain : we have selected new forest 

but now we will select add DC to exist domain 

 back to article [ forest and trees ] you will notes that if we would like to  create new tree in same forest with domain [leaders;lab ] : then we will select new domain in exist forest 

select domain pioneers
provide administrative credential
select available domains
verify password provided
set DSRM password , which will be used in case AD failed to start
normal warning about DNS
import AD from any DC , currently we have only DC101
select DC101
deafult installation path
review and accept
promoting process started
some DNS warning > its OK > select install
once finished > restart server to take effect

Verify Install Additional DC

now we have promote DC102 as additional domain controller , 

but we need to verify that just to make sure every is working properly 

change login credential
login as pioneers\administrator
open administrativr tools > new console added
open active directory site and services > two DCs
open active directory user and computer > OU domain controller > two DCs
on DC102 > open c:\windows\ntds where AD file reside
open shared folder \\DC102 > we will see shared folder for GPO , which will be fully discussed later

Verify DNS installation on DC102

as you remember that we have installed DNS beside of ADDS , 

so in case DC101 failed for some reason , then DC102 will fully take place as DC and DNS 

let now to verify DNS installation also 

on DC102 open DNS console you will ALL DNS records replicated from DC101
same thing for reverse zone
both DC101 , DC102 has SRV record as DNS servers

Test Replication between DC101 DC102

now we know there is replication created  between DC101 , and DC102 as domain controllers , 

this replication is managed by console [Active directory Site And Services ] 

we will test this replication by create user in DC101 called samer@pioneers.lab  , then check if users has been replicated to DC102 

let’s GO 

on DC101 open Active Directory user and computer ADUC – open OU employees — create new OU called accounting — then create new user called samer@pioneers.lab

on DC101 create new OU
also on DC101 create new user
on DC101 new OU and user are created
on DC102 OU and user are replicated from DC01

Coclusion

Active Directory is considered one of the most valuable asset in company 

work on Only one Domain controller will leave IT environment in single point of failure

Domain controller should be protected by HA plan [ High Availability  ] 

currently we have make additional DC in same datacenter which is NOT enough in case if site failed at ALL for any natural disaster

 

this will lead us to new concept called DRS disaster Recovery  site , 

DRS will be explained later when move to Deep diving

Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Maher Mustafa islaieh

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us