Step-by-Step Guide to Setting up Additional Domain Controllers
An Active DirectoryTM service deployment is made up of one or more forests, where a forest has one or more domains. Creating the initial domain controller (DC) in a network creates the first domain in a forest—you cannot have a domain without at least one domain controller. The first domain created is the root domain of the first forest. Additional domains in the same domain forest may be child domains or tree root domains. A domain immediately above another domain in the same domain tree is its parent.
Domains are used to accomplish network management goals, such as structuring the network, delimiting security, applying Group Policy, and replicating information.
Active Directory allows Windows® 2000 domain controllers function as peers, and clients can make updates to Active Directory on any Windows 2000 domain controller in the domain. This is a change from the read-write/read-only roles played by Windows NT® Server Primary Domain Controllers (PDCs) and Backup Domain Controllers (BDCs). The Windows NT Server domain system supports single-master replication—all changes must be made on the PDC.
The Windows 2000 operating system supports multimaster replication: all of a domain’s domain controllers can receive changes made to objects, and can replicate those changes to all other domain controllers in that domain. A domain is a directory partition. By default, the first domain controller created in a forest is a global catalog server, which contains a full replica of all objects in the directory for its domain and a partial swiss made replica watches of all objects stored in the directory of every other domain in the forest.
Replicating Active Directory data among domain controllers provides benefits for information availability, fault tolerance, load balancing, and performance. In this step-by-step guide, you can take advantage of the greater fault tolerance provided in the multimaster model by installing multiple domain controllers so that the Active Directory remains available even if a single domain controller stops working.
This step-by-step guide requires that you have installed Windows 2000 Server on two computers in your network and that you can log on as an Administrator.
The common infrastructure documents specify a particular hardware and software configuration. If you are not using the common infrastructure, you must take this into account when using the guide.
In Part 1 of the Step-by-Step Guide to a Common Infrastructure for Windows 2000 Server Deployment, you installed Windows 2000 Server on a computer and promoted the server to domain controller of the fictitious domain Reskit. When you promoted the server to a domain controller, the Configure Your Server wizard automatically installed Active Directory, DNS, and DHCP on that server. After populating the Active Directory containers on the domain controller (computer name HQ-RES-DC-01), you installed Windows 2000 Professional on a workstation in that domain using Part 2 of the Guide to a Common Infrastructure.
Use this document to continue setting up the common infrastructure network for Active Directory step-by-step guides. This guide will provide you with the procedures to configure a computer running Windows 2000 Server as the first domain controller of a child domain of the parent domain Reskit, and configure an additional domain controller to function as a replication partner. This requires that in addition to the first DC in the network (Reskit.com), you have two more computers running Windows 2000 Server that can be promoted to DCs. This simply entails installing Windows 2000 Server on those computers; use the Getting Started guide supplied with your Windows 2000 Server CD for instructions.
See the Product Compatibility Search site to make sure that your server meets the minimum requirements for Windows 2000 Server.
Installing Static IP Addresses Back to Top
Best Practice: While not strictly required, Microsoft highly recommends that domain controllers, DHCP servers, routers, and printers have static IP addresses assigned to them for stability.
The following steps should be performed on a computer that has Windows 2000 Server installed, is connected to an existing network (in our example, the Reskit network established in the Step-by-Step Guide to the Common Infrastructure), and which is not the first domain controller in the network.
Install a static IP address on the first child domain DC and replication partner DC
IP address for first child domain DC: 10.0.4.2 IP address for replication DC: 10.10.1.3 Subnet mask: 255.255.255.0 Default gateway: 10.10.1.2
Configuring a Child Domain
Run the Configure Your Server wizard
Note: Because you must have a partition formatted with NTFS to host Active Directory, you might receive a message asking you to convert the file system on your computer to NTFS. Click Yes. The process of converting the partition to NTFS begins, which includes disk check, processing files on the volume, and converting the file system. When the conversion is complete, you can return to step 3, and click Start to start the Active Directory Installation wizard.
Before the wizard restarts Windows, the Completing the Active Directory Installation page appears, which confirms that Active Directory is installed on this computer and specifies that it is a domain controller assigned to the site, "Default-First-Site." Sites, which are configured with the Active Directory Sites and Services tool, determine how replication occurs.
Role of Sites in Active Directory Replication Back to Top
Sites enable the replication of directory data both within and among sites. Active Directory replicates information within a site more frequently than across sites, which means that the best-connected domain controllers receive updates first. The domain controllers in other sites receive all changes to the directory, but less frequently, reducing network bandwidth consumption.
A site is delimited by subnet, and is usually geographically bounded. A site is separate in concept from Windows 2000-based domains. A site can span multiple domains, and a domain can span multiple sites. Sites are not part of the domain namespace. Sites control replication of your domain information and help to determine resource proximity. For example, a workstation will select a DC within its site with which to authenticate.
Directory information can be exchanged using the following transports: RPC over TCP/IP and SMTP. See the “Step-by-Step Guide to Active Directory Sites and Services” for information about configuring sites, subnets, and IP-based replication. See the Step-By-Step Guide to Setting up ISM-SMTP Replication for information about SMTP replication.
Configuring a Replication Partner
To take advantage of multimaster replication, you can set up another domain controller to serve as a replication partner for the first DC of the child domain, Vancouver.
Configure an additional domain controller as replication partner
The example company, organization, products, people, and events depicted in this step-by-step guide is fictitious. No association with any real company, organization, product, person, or event is intended or should be inferred.
This common infrastructure is designed for use on a private network. The fictitious company name and DNS name used in the common infrastructure are not registered for use on the Internet. Please do not use this name on a public network or Internet.
The Active Directory structure for this common infrastructure is designed to show how Windows 2000 features work and function with the Active Directory. It was not designed as a model for configuring an Active Directory for any organization—for such information see the Active Directory documentation.
This feature information was obtained from the Microsoft Windows 2000 website at http://www.microsoft.com/windows2000 and are linked from ActiveWin.com for your convenience and is subject to Microsoft's copyright. For the most accurate information please visit the official site.