Jump to content



Photo

adding a 2nd domain controller to existing domain

Answered Go to the full post

  • Please log in to reply
8 replies to this topic

#1 hagjohn

hagjohn

    Neowinian Senior

  • Joined: 20-July 03
  • Location: Pennsylvania
  • OS: Windows 8.1
  • Phone: Nokia Yellow 1020 w/ 8.1

Posted 22 July 2014 - 15:35

I have a question (probably stupid but it's not mentioned anywhere). We have just purchased a new server. When adding a 2nd controller to my existing tree (using dcpromo), does the new server have to be part of the domain first or can I just add it as a domain controller and it would know to add it the domain?

 

 

 



Best Answer majortom1981 , 22 July 2014 - 15:36

You have to add the machine to the domain first

Go to the full post



#2 majortom1981

majortom1981

    The crazy one

  • Tech Issues Solved: 1
  • Joined: 30-November 01

Posted 22 July 2014 - 15:36   Best Answer

You have to add the machine to the domain first



#3 Tony.

Tony.

    Neowinian Senior

  • Joined: 10-February 05
  • Location: Liverpool, UK
  • OS: Windows 7

Posted 22 July 2014 - 15:37

If I can remember, you need to add it to a domain then promote it to domain controller.



#4 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 31
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 22 July 2014 - 15:53

you don't need to add it to the domain first, if you add dns server first and have it be a secondary dns server you can then add it as a second domain controller. It will save a reboot doing it this way.



#5 Roger H.

Roger H.

    Neowinian Senior

  • Tech Issues Solved: 20
  • Joined: 18-August 01
  • Location: Germany
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 22 July 2014 - 18:47

Cool, didn't know that tip sc302. (Y)

 

I usually just add it to the domain first then add the role then promo but yeah, saving reboots is always a good thing :)



#6 OP hagjohn

hagjohn

    Neowinian Senior

  • Joined: 20-July 03
  • Location: Pennsylvania
  • OS: Windows 8.1
  • Phone: Nokia Yellow 1020 w/ 8.1

Posted 22 July 2014 - 18:49

Thanks. I've never added a 2nd controller to a windows domain. I assume I add a user to the domain, to get it fully on the domain and then promote it, correct?



#7 majortom1981

majortom1981

    The crazy one

  • Tech Issues Solved: 1
  • Joined: 30-November 01

Posted 22 July 2014 - 19:04

you don't need to add it to the domain first, if you add dns server first and have it be a secondary dns server you can then add it as a second domain controller. It will save a reboot doing it this way.

Isnt that very insecure? Doesnt the pc need to be a member of the domain first? If not couldnt anybody just add a rougue dns server to the domain? I thought you have to make the pc a member of the domain first before adding any roles to it. Usually it throws up an error message stating so.



#8 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 31
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 22 July 2014 - 19:18

No.. You would have to give permission to that server to be a dns server..It isn't like you can just simply add a dns server nilly willy to the domain

 

Here are the steps:

1st, give the new server a static ip address with the dns servers the current dns servers in the ipv4 properties

2nd go to a dns server and open up the zone that you want to add a secondary dns server to, go to the properties of the domain and the _msdcs and allow zone transfers to the ip of the new server

3rd go to the new server and setup the ad zones in the dns (you will need to install the dns server role on the server)

4th change the dns on the nic of the new server to be itself

5th run dcpromo and add server as a secondary domain controller. 

 

Once completed you can take the zone transfers out. 

 

 

This saves on a reboot, takes me less time to do this than it does to do a reboot.  All about saving time when you don't have a lot of time to do this. 



#9 Roger H.

Roger H.

    Neowinian Senior

  • Tech Issues Solved: 20
  • Joined: 18-August 01
  • Location: Germany
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 22 July 2014 - 19:25

Thanks. I've never added a 2nd controller to a windows domain. I assume I add a user to the domain, to get it fully on the domain and then promote it, correct?

 

You can do it the way sc302 mentioned or just do it via System - change the workgroup business and add the domain. Once you click ok it will ask you for a username for an authorized account (admin account) to add the server the domain, same way how you add a non-server to a domain.

 

Once that's all done you just have to promo it and follow the wizard which will mention the other DC and that you are a 2nd controller in the main forest.