Diberdayakan oleh Blogger.

Windows Server 2012 - Active Directory - adding a second domain controller

Best practice, concerning domain controllers, is to have at least two so if one is unavailable, clients can still authenticate to the network. Moreover, both should be global catalog servers since the presence of a global catalog server is a pre-requisite for a successful logon.

Note: if you are interested in the crucial role of the Global Catalog, here is a link with more information on the subject:

Global Catalog information

A second domain controller can be added using Server Manager (Add Roles or Features) or PowerShell cmdlets. In what will be one of my more concise blog posts, I'll demonstrate how a second domain controller can be added at the command line.

Although not strictly necessary, I'll first rename the server (that already happens to be a domain member) so its new name will reflect its status as a domain controller:

We could use the netdom /renamecomputer command but since this is Windows Server 2012, I'll opt for the Powershell cmdlet instead:


PS C:\> Rename-Computer DC-004

WARNING: The changes will take effect after you restart the computer SVR-004.

PS C:\> Restart-Computer



So we indicate the new name of the computer after the Rename-Computer cmdlet and then restart the computer with the aptly named Restart-Computer cmdlet - elementary, obvious and almost self-explanatory.

Once the computer restarts, we'll logon with domain administrator credentials and enter the following Powershell cmdlet to install the necessary files for the domain controller role:

PS C:\> Add-WindowsFeature AD-Domain-Services -IncludeManagementTools


IP address and DNS

We also need to make sure (this may be the case already) that the primary (or secondary) DNS server parameter in the TCP/IP settings designates the first domain controller:

PS C:\> Set-DnsClientServerAddress "Ethernet" -ServerAddresses 10.1.1.10

This is in the context of our single - and soon double - domain controller scenario. If there were other domain controllers, we could designate one of them as well, assuming they are also a DNS server, which is currently the most common domain controller configuration.


Promotion of the server to domain controller

Now we can promote the server to a domain controller with the following command:

Note: we enter the password for Directory Services Restore Mode when prompted.

PS C:\> Install-ADDSDomainController -DomainName machlinkit.biz -SafeModeAdministratorPassword (read-host -prompt "Password:" -AsSecureString)

Password:: **********


In my experience, the above command was enough to create a second domain controller that was also a DNS server and a Global Catalog. It seems that the domain controller promotion default values obtain this result.
 
Here, for example, we can see that the new domain controller is configured as a global catalog server by default:

PS C:\> dsquery server -isgc

"CN=DC-001,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=machlinkit,DC=biz"

"CN=DC-004,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=machlinkit,DC=biz"


Various parameters can be indicated explicitly if we want. We would see many of these if we used the graphic interface to promote the server to domain controller status.
 
We can indicate the database path (or location) for the Active Directory database (the ntds.dit file and associated files):

-DatabasePath 'C:\Windows\NTDS'

We can indicate if we want the domain controller to be a DNS server also. If for some reason we did not, we could change the value below to $false

-InstallDNS:$true

This parameter will eliminate some of the informational messages displayed during the process:

-force:$true

The server will reboot automatically once the initial promotion process is complete. If we do not want the server to reboot, we can enter this:

-NoRebootOnCompletion:$false

Here we can designate the site. In this case, the default site name is used:

-SiteName 'Default-First-Site-Name'

Lastly, we can prevent a newly promoted domain controller from being a global catalog server as well with this parameter:

-NoGlobalCatalog:$false



References:

The Install-ADDSDomainController cmdlet


This link provides a complete list of various parameters, most optional, that can be used with the cmdlet.
Thank you for reading the article about Windows Server 2012 - Active Directory - adding a second domain controller on the blog NEW TECH If you want to disseminate this article on please list the link as the source, and if this article was helpful please bookmark this page in your web browser by pressing Ctrl + D on your keyboard keys.

New articles :

2 komentar

Is it accurate to say that you are slaving yourself Online Essay Help to that PC in return of a finished coursework? Or, then again would you say you are finding after an approaching due date? The more earnest the idea of work, the higher your desires is for that web connection.Now, at a time generally portrayed by moment delight, seeing a stacking symbol – the revolving around bolt or the bar of green – could move programmed moans.

Balas

An excellent post. You shared an informative post about windows server 2012. You covered all necessary topics related to your post. It's nice work. A number of readers can get benefit from your post. Thanks for sharing this good post. Get help from coursework writing service a distinctive writing company UK.

Balas