Build and Deploy the Second Domain Controller
Next, the second domain controller, AD02, must be built and joined to the domain. This domain controller must also be configured to provide global catalog services. The second domain controller provides redundancy for user account data and helps distribute the load for authentication and global catalog queries.
- Prepare the Second Domain Controller
- Join the Fabrikam Domain
- Install the DNS Service on the Second Domain Controller
- Promote the Second Domain Controller
- Verification Step
- Configure the Second Domain Controller as a Global Catalog Server
Perform a default install of Microsoft Windows Server 2003 R2 on AD02. This requires you to first install Windows Server 2003 with SP1, and then install Windows Server 2003 R2.
- Perform a default installation of Windows Server 2003, Standard Edition (with Service Pack 1 integrated), by using the CD boot method. Install the Support Tools from the Windows Server 2003 CD. Use appropriate naming conventions for your environment.
- After Setup for Windows Server 2003 with SP1 is complete, log on to the computer as an administrator. Insert Disc 2 into your CD-ROM drive. Setup for Disc 2 should start automatically. If it does not start automatically, browse to Disk 2 (or the shared folder that contains the Setup files) and, in the \Cmpnents\R2 folder, click Setup2.exe. Follow the instructions on your screen to upgrade to R2.
Prepare AD02 by enabling Remote Desktop, installing Microsoft .NET Framework 2.0, installing the Windows Server 2003 Support Tools, and installing the latest updates from Microsoft.
- Enable Remote Desktop. Click Start, point to Control Panel, click System, and then, on the Remote tab, select Enable Remote Desktop on this Computer.
- Install the Microsoft .NET Framework 2.0.
- Install Support Tools from the Support Tools directory on the Windows Server 2003 CD.
- Apply any released updates to Windows Server 2003 by using Microsoft Update.
After you have finished building and preparing your domain controller, AD02, add the server to the Fabrikam domain and log on as a domain administrator.
Joining a new domain will require you to restart the server.
- Configure the local network interface to use the IP Addresses of AD01 and AD02 as Preferred and Alternative DNS server.
- Join the server to the fabrikam domain.
- Log on to the domain as Administrator@Fabrikam.com.
Install the DNS service on AD02 using the Add/Remove Windows Components utility.
Unless you installed DNS components when installing the server, you will be prompted for the location of the files. Insert your installation CD or enter a location on your local disk or your network.
- On AD02, click Start, point to Control Panel, and then click Add or Remove Programs.
- Click Add/Remove Windows Components.
- Click Networking Services, and then click Details.
- Select the Domain Name System (DNS) check box, click OK, and then click Next.
- Complete the installation.
Configure AD02 to use AD01 as its primary DNS server. Then, promote AD02 to be an additional domain controller in the existing Fabrikam.com domain using DCPromo.
- To start the Active Directory Installation Wizard, click Start, click Run, type DCPROMO, and then click OK.
- On the Welcome page, click Next.
- On the Operating System Compatibility page, click Next.
- On the Domain Controller Type page, select Additional domain controller for an existing domain, and then click Next.
- On the Network Credentials page, enter the administrator username and password, type fabrikam for the domain name, and then click Next.
- On the Additional Domain Controller page, enter the full DNS name of the domain (fabrikam.com), and then click Next.
- Click Next to accept the default database and log locations.
If your domain controllers have more than one hard disk drive, the recommended configuration is to keep the database and the log file on different hard disk drives.
- Click Next to accept the shared system volume location.
- On the Directory Services Restore Mode Administrator Password page, enter a strong password, and then click Next.
- Click Next to accept the settings shown in the summary. This starts the creation of the Windows Server 2003 domain controller.
- When complete, click Finish, and then click Restart Now to restart the server.
- After the server restarts, log on using an account that is a member of the Domain Administrators group.
To validate that your domain controller is working as specified, run DCDiag from a command prompt. DCDiag was installed as part of the Windows Server 2003 Support Tools. The most important test you will see is the first one, which is connectivity. This test will tell you if your domain controller is properly registered in DNS. If your tests are successful, you have a healthy domain controller.
The first domain controller in the forest (AD01) is automatically configured as a global catalog server. For additional resilience, configure AD02 to be a global catalog server too.
If you deploy this solution into a Child Domain, you must ensure that all Domain Controllers in the Child Domain are made Global Catalog Servers.
- Open the Active Directory Sites and Services Microsoft Management Console (MMC) snap-in.
- Expand Sites.
- Expand the Default-First-Site-Name site.
- Expand the Servers folder.
- Expand the AD02 server object.
- Right-click the NTDS Settings object, and then click Properties.
- Select the Global Catalog check box, and then click OK.
- Close the Active Directory Sites and Services dialog box.