Introduction to Administering Domain Controllers

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Although installed domain controllers require little management, your overall operations environment might require change-related tasks such as adding or removing domain controllers, including managing the preparation and shipment of domain controllers to remote sites. During your day-to-day operations, you might need to do some or all of the following:

  • Install and remove Active Directory

  • Rename domain controllers

  • Add domain controllers to remote sites

Installing and Removing Active Directory

To create a new domain controller, install Active Directory on a computer that is running Windows Server 2003 or Windows Server 2003 with Service Pack 1 (SP1). Installing domain controllers to create a forest and new domains is a deployment task that you perform when you initially deploy your forest, and it is beyond the scope of this guide. However, as your forest grows, you might need to add more domain controllers to existing domains.

There are several reasons for adding a new domain controller. Additional applications (which are Active Directory–integrated as opposed to running on domain controllers) might be required to meet increased capacity requirements, provide upgrades and fault tolerance, and reduce failures. You might add a new site where users require a domain controller for logging on to the domain. For more information about criteria and best practices for deploying domain controllers, see Designing and Deploying Directory and Security Services on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=45801).

When a domain controller is no longer needed, remove Active Directory. The process of removing Active Directory involves steps similar to the steps for installation. You run many of the same tests before you remove the directory as you ran before you installed the directory. These tests ensure that the process occurs without any problems. In the event that a domain controller suffers a hardware failure and you plan to never return it to service, you must use a procedure that forces Active Directory removal and then take additional steps to remove the server object and its metadata from the directory.

Renaming Domain Controllers

You often need to rename a domain controller for organizational or administrative reasons or when the computer hardware must be replaced. Renaming a domain controller requires that Domain Name System (DNS) resource records be updated with the new Internet Protocol (IP)-to-host name mappings and that service principal names (SPNs) replicate to all domain controllers in the domain. You must also update File Replication service (FRS) objects.

Adding Domain Controllers to Remote Sites

If enough directory users are employed in a remote site, especially in a site that has slow connectivity to the hub site, you might need to add a domain controller to the site to provide directory access for logons and searches. Specifically, you can either install a domain controller in the hub site and ship it to the site or install the domain controller in the remote site. When you install the domain controller in the remote site, Active Directory must be sourced in one of two ways:

  • By Active Directory replication over the wide area network (WAN) link

  • Directly from restored backup media

Assuming that the remote site is connected to a hub site by a WAN link and does not contain a domain controller for the domain, you might want to avoid the additional time and the performance impact of replicating the full replica of Active Directory over the WAN when you add a new domain controller to the remote site. In this case, you can use backup media to install Active Directory.

If you want to install a domain controller from backup media, both the source of the backup and the target server that is to be promoted to a domain controller must be running Windows Server 2003 or Windows Server 2003 with SP1, and the operating system of the source of the backup and the target server must be the same. The hardware platform (32-bit or 64-bit) of the two computers must also match. Restoring from backup media eliminates the need to use replication to create the Active Directory replica on the new domain controller.