IT tutorials
 
Technology
 

Active Directory 2008 : Deploying Domain Controllers (part 2) - Installing Additional Domain Controllers in a Domain

9/13/2013 2:08:25 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

4. Installing Additional Domain Controllers in a Domain

If you have a domain with at least one domain controller running Windows 2000 Server, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 you can create additional domain controllers to distribute authentication, create a level of fault tolerance in the event that any one DC fails, or provide authentication in remote sites.

Installing the First Windows Server 2008 R2 Domain Controller in an Existing Forest or Domain

If you have an existing forest with domain controllers running a previous version of Windows Server, you must prepare them before you create your first Windows Server 2008 R2 domain controller. That’s because Windows Server 2008 R2 adds objects and attributes to the directory that previous versions of Windows don’t understand. Therefore, the schema must be updated. The schema is the definition of the attributes and object classes that can exist within a domain. It is like the catalog for what can be created in other directory partitions.

The ADPrep command prepares Active Directory for a DC that is running a version of Windows Server that is newer than the existing DCs in the forest or domain. Adprep.exe is a command-line tool that is included on the installation disk of each version of Windows Server. Adprep.exe performs operations that must be completed in an existing Active Directory environment before you can add a DC that runs that version of Windows Server.

Adprep.exe has parameters that perform a variety of operations to help prepare an existing Active Directory environment for a DC that runs a later version of Windows Server. Not all versions of Adprep.exe perform the same operations, but Adprep.exe can generally:

  • Update the Active Directory schema.

  • Update security descriptors.

  • Modify access control lists (ACLs) on Active Directory objects and on files in the SYSVOL shared folder.

  • Create new objects, as needed.

  • Create new containers, as needed.

To prepare the forest schema for Windows Server 2008 R2, follow these steps:

  1. Log on to the schema master as a member of the Enterprise Admins, Schema Admins, and Domain Admins groups.

  2. Copy the contents of the \Support\Adprep folder from the Windows Server 2008 R2 DVD to a folder on the schema master.

  3. Open an elevated Command Prompt and change directories to the Adprep folder.

  4. Type adprep /forestprep and press Enter.

You must allow time for the operation to complete. After the changes have replicated throughout the forest, you can continue to prepare the domains for Windows Server 2008 R2. To prepare a domain for the first Windows Server 2008 R2 domain controller, perform these steps:

  1. Log onto the domain infrastructure operations master as a member of the Domain Admins group.

  2. Copy the contents of the \Support\Adprep folder from the Windows Server 2008 R2 DVD to a folder on the infrastructure master.

  3. Open an elevated Command Prompt and change directories to the Adprep folder.

  4. Type adprep /domainprep /gpprep and press Enter.

    On Windows Server 2003, you might receive an error message stating that updates were unnecessary. You can ignore this message.

Allow the change to replicate throughout the forest before you install a domain controller that runs Windows Server 2008 R2.

To prepare AD DS for the first RODC, follow these steps:

  1. Log on to any computer as a member of the Enterprise Admins group.

  2. Copy the contents of the \support\adprep folder from the Windows Server 2008 R2 DVD to a folder on the computer.

  3. Open an elevated command prompt, and change directories to the adprep folder.

  4. Type adprep /rodcprep, and then press ENTER.

Note

RODCPREP, ANYTIME

If you plan to install an RODC in any domain in the forest, run adprep /rodcprep. You can run Adprep /rodcprep from any DC as long as you are logged on as a member of the Enterprise Admins group. Wait to allow its changes to replicate throughout the forest before you install the first RODC. You can run Adprep /rodcprep at any time in a Windows 2000 Server or Windows Server 2003 forest. It does not have to run in conjunction with /forestprep.

Tip

EXAM TIP

The Adprep /rodcprep command is required before installing an RODC into any domain in an existing forest with Windows Server 2003 or Windows 2000 Server domain controllers. It is not necessary if the forest is a new forest consisting only of Windows Server 2008 domain controllers.

Installing an Additional Domain Controller

You can add additional domain controllers by installing AD DS and launching the Active Directory Domain Services Installation Wizard. You are prompted to choose the deployment configuration, enter network credentials, select a domain and site for the new DC, and configure the DC with additional options such as DNS Server, Global Catalog, or Read-Only Domain Controller. The remaining steps are the same as for the first domain controller: configuring file locations and the Directory Services Restore Mode Administrator password.

If you have one domain controller in a domain, and if you select the Use Advanced Mode Installation check box on the Welcome To The Active Directory Domain Services Installation Wizard page, you can configure advanced options, which are:

  • Install From Media By default, a new domain controller replicates all data for all directory partitions it will host from other domain controllers during the Active Directory Domain Services Installation Wizard. To improve the performance of installation, particularly over slow links, you can use installation media created by existing domain controllers. Installation media is a form of backup. The new DC is able to read data from the installation media directly and then replicate only updates from other domain controllers.

  • Source Domain Controller If you want to specify the domain controller from which the new DC replicates its data, you can click Use This Specific Domain Controller.

Note

DCPROMO /ADV IS STILL SUPPORTED

In Windows Server 2003, Dcpromo /adv was used to specify advanced installation options. The /adv parameter is still supported; it simply pre-selects the Use Advanced Mode Installation check box on the Welcome page.

To use Dcpromo.exe with command-line parameters to specify unattended installation options, you can use the minimal parameters shown in the following example:

dcpromo /unattend /replicaOrNewDomain:replica
    /replicaDomainDNSName:contoso.com /installDNS:yes /confirmGC:yes
    /databasePath:"e:\ntds" /logPath:"f:\ntdslogs" /sysvolpath:"g:\sysvol"
    /safeModeAdminPassword:password /rebootOnCompletion:yes

If you are not logged on to the server with domain credentials, specify the /userdomain and /username parameters as well. A minimal answer file for an additional domain controller in an existing domain is as follows:

[DCINSTALL]
ReplicaOrNewDomain=replica
ReplicaDomainDNSName=FQDN of domain to join
UserDomain=FQDN of domain of user account
UserName=DOMAIN\username (in Administrators group of the domain)
Password=password for user specified by UserName (* to prompt)
InstallDNS=yes
ConfirmGC=yes
DatabasePath="path to folder on a local volume"
LogPath="path to folder on a local volume"
SYSVOLPath="path to folder on a local volume"
SafeModeAdminPassword=password
RebootOnCompletion=yes
 
Others
 
- Active Directory 2008 : Deploying Domain Controllers (part 1) - Installing a Domain Controller with the Windows Interface
- SQL Server 2012 : Demystifying Hardware - Processor Vendor Selection
- SQL Server 2012 : Demystifying Hardware - How Workload Affects Hardware and Storage Considerations
- BlackBerry Bold 9700 and 9650 Series : Using Your Bookmarks to Browse the Web, Searching with Google
- BlackBerry Bold 9700 and 9650 Series : Setting Your Browser Start Page
- BlackBerry Bold 9700 and 9650 Series : Copying or Sending the Web Page You Are Viewing, Setting and Naming Bookmarks
- SQL Server 2008 : SQL Server Profiler (part 5) - Deadlock diagnosis, Blocked process report, Correlating traces with performance logs
- SQL Server 2008 : SQL Server Profiler (part 4) - RML utilities
- SQL Server 2008 : SQL Server Profiler (part 3) - Trace replay
- SQL Server 2008 : SQL Server Profiler (part 2) - Server-side trace
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us