adding a 2nd domain controller to existing domain


Recommended Posts

I have a question (probably stupid but it's not mentioned anywhere). We have just purchased a new server. When adding a 2nd controller to my existing tree (using dcpromo), does the new server have to be part of the domain first or can I just add it as a domain controller and it would know to add it the domain?

 

 

 

you don't need to add it to the domain first, if you add dns server first and have it be a secondary dns server you can then add it as a second domain controller. It will save a reboot doing it this way.

  • Like 2
  On 22/07/2014 at 15:53, sc302 said:

you don't need to add it to the domain first, if you add dns server first and have it be a secondary dns server you can then add it as a second domain controller. It will save a reboot doing it this way.

Isnt that very insecure? Doesnt the pc need to be a member of the domain first? If not couldnt anybody just add a rougue dns server to the domain? I thought you have to make the pc a member of the domain first before adding any roles to it. Usually it throws up an error message stating so.

No.. You would have to give permission to that server to be a dns server..It isn't like you can just simply add a dns server nilly willy to the domain

 

Here are the steps:

1st, give the new server a static ip address with the dns servers the current dns servers in the ipv4 properties

2nd go to a dns server and open up the zone that you want to add a secondary dns server to, go to the properties of the domain and the _msdcs and allow zone transfers to the ip of the new server

3rd go to the new server and setup the ad zones in the dns (you will need to install the dns server role on the server)

4th change the dns on the nic of the new server to be itself

5th run dcpromo and add server as a secondary domain controller. 

 

Once completed you can take the zone transfers out. 

 

 

This saves on a reboot, takes me less time to do this than it does to do a reboot.  All about saving time when you don't have a lot of time to do this. 

  On 22/07/2014 at 18:49, hagjohn said:

Thanks. I've never added a 2nd controller to a windows domain. I assume I add a user to the domain, to get it fully on the domain and then promote it, correct?

 

You can do it the way sc302 mentioned or just do it via System - change the workgroup business and add the domain. Once you click ok it will ask you for a username for an authorized account (admin account) to add the server the domain, same way how you add a non-server to a domain.

 

Once that's all done you just have to promo it and follow the wizard which will mention the other DC and that you are a 2nd controller in the main forest.

  • 4 months later...

I have always done it the traditional way, when adding a new server, patch it up with service packs/fixes, join to domain, then add roles to the server (inc DC role) after being joined.

 

a reboot save isn't valid if its not yet a part of the domain/DC cluster.

  On 22/07/2014 at 19:18, sc302 said:

No.. You would have to give permission to that server to be a dns server..

 

Once completed you can take the zone transfers out. 

 

This saves on a reboot, takes me less time to do this than it does to do a reboot.  All about saving time when you don't have a lot of time to do this. 

 

Sounds like a recipe for disaster and I cannot believe it to be much faster than a join, reboot then promote. Kudos if that's what works for you but to me it seems a bit overly complicated.

Depends, have you ever waited 5-10 minutes for a server reboot to scan through raid/scsi cards or that dell lifecycle controller? 

 

Not a recipe for disaster, there is nothing that would cause an issue.  Tell me what is going to screw up so bad by doing it the way I describe?  DNS?  no you are copying information not over writing.  The process of adding a server?  maybe, if you don't add the dns entries in the tcp/ip properties properly after you have copied the dns info over.

 

 

  On 10/12/2014 at 12:52, Mando said:

I have always done it the traditional way, when adding a new server, patch it up with service packs/fixes, join to domain, then add roles to the server (inc DC role) after being joined.

 

a reboot save isn't valid if its not yet a part of the domain/DC cluster.

btw, with my method the system does not need to be a domain member prior to dcpromo. 

  On 10/12/2014 at 14:05, sc302 said:

Depends, have you ever waited 5-10 minutes for a server reboot to scan through raid/scsi cards or that dell lifecycle controller? 

 

Yes, I call that time "coffee" time or "me" time :)

 

Again kudos to you, and if it works for you go for it.

  • 1 month later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Microsoft Store is getting improved recommendations, deeper Windows integration, and more by Taras Buria Microsoft announced several new features coming to the Microsoft Store on Windows 11. The company revealed that 250 million customers use the Microsoft Store each month. With the latest updates, Microsoft is improving the experience with better recommendations, search improvements, deeper Windows integration, Copilot, and more. The store's Home Page is getting personalized recommendations with suggestions based on your recent activities, what is trending in your region, and the recent deals. Microsoft says this change will bring more meaningful and relevant content. Search is getting smarter, and it now uses additional information when ranking apps. It is "intent-aware," and considers additional aspects like app updates, ratings, language-specific nuances, and more. In the United States, the Microsoft Store now has a Copilot button at the bottom of the screen. Clicking it lets you ask questions about an app or game, or compare two products. Speaking of Copilot, apps with AI-powered experiences now have a badge indicating that certain apps work better on Copilot+ PCs. Other changes to the Microsoft Store include a new Discover More section with related apps and deeper Windows integration. The latter lets you find apps in the Microsoft Store using Windows Search, and the "Open With" dialog now includes additional recommendations from the Microsoft Store. Finally, Microsoft made multiple under-the-hood improvements to boost performance (the app launches twice as fast as it did six months ago) and improve installation reliability. In addition to new features coming to the Microsoft Store, the company reminded users that some popular productivity apps are now available in the Store. They include Notion, Perplexity, Docker, and Day One. You can read more about all those changes in a post on the official Windows Blogs website. Last month, at Build 2025, Microsoft announced more improvements for the Microsoft Store, so stay tuned for those.
    • OpenAI exposes secret propaganda campaigns tied to multiple countries by David Uzondu Back in February, OpenAI shut down accounts that were busy developing Chinese surveillance tools aimed at the West. These tools were designed to snoop on social media, look for anti-China sentiment and protests, and report back to Chinese authorities. Now, OpenAI has announced it has disrupted even more shady operations, and not just those tied to China. In a report released Thursday, the company detailed how it recently dismantled ten different operations that were misusing its artificial intelligence tools. One of the China-linked groups, which OpenAI called "Sneer Review," used ChatGPT to churn out short comments for sites like TikTok, X, and Facebook. The topics varied, from U.S. politics to criticism of a Taiwanese game, where players work against the Chinese Communist Party. This operation even generated posts and then replied to its own posts to fake real discussions. What is particularly interesting is that the group also used ChatGPT to write internal performance reviews, describing how well they were running their influence campaign. Another operation with ties to China involved individuals posing as journalists and geopolitical analysts. They used ChatGPT to write social media posts and biographies for their fake accounts on X, translate messages from Chinese to English, and analyze data. OpenAI mentioned that this group even analyzed correspondence addressed to a U.S. Senator. On top of that, these actors used OpenAI's models to create marketing materials, basically advertising their services for running fake social media campaigns and recruiting intelligence sources. OpenAI also disrupted operations, probably originating in Russia and Iran. There was also a spam operation from a marketing company in the Philippines, a recruitment scam linked to Cambodia, and a deceptive job campaign that looked like something North Korea might orchestrate. Ben Nimmo, from OpenAI's intelligence team, noted the wide range of tactics and platforms these groups are using. However, he also said these operations were mostly caught early and did not manage to fool large numbers of real people. According to Nimmo, "We didn't generally see these operations getting more engagement because of their use of AI. For these operations, better tools don't necessarily mean better outcomes."
    • Long ago, I was in a networking class on a lab computer. The guy next to sarcastically told me to SHIFT+DELETE the C:\Windows folder. I said that I was sure Windows wouldn't allow such a thing (Windows 2000), and would either totally block the action or give some kind of dire warning. I was so confident that I tried it...not only was I wrong, but it didn't even give the standard "are you sure" warning, just went to town. I pressed cancel as quick as I could, but it was too late, shortly after, the system blue-screened and never booted again. I had to stay late and reinstall Windows for the teacher, but that ended up being a good thing, had great repour with him for the rest of the year, even got to help him get Active Directory setup in his lab.
    • My best decision: SHIFT+DELETE WINDOWS Then Installed Fedora Linux. Now I am a Happy Person
  • Recent Achievements

    • One Year In
      survivor303 earned a badge
      One Year In
    • Week One Done
      jbatch earned a badge
      Week One Done
    • First Post
      Yianis earned a badge
      First Post
    • Rookie
      GTRoberts went up a rank
      Rookie
    • First Post
      James courage Tabla earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      419
    2. 2
      snowy owl
      182
    3. 3
      +FloatingFatMan
      182
    4. 4
      ATLien_0
      176
    5. 5
      Xenon
      137
  • Tell a friend

    Love Neowin? Tell a friend!