Up to this point, our Active Directory forest consists of three domains, each containing a single domain controller. For very small organizations, this network plan may work. But as we have learned, Active Directory is all about redundancy, and it is wise to have a backup plan in place in case the sole domain controller in a domain should fail. Of course, since all domain controllers in a domain are essentially peers, why not add a second domain controller to a domain? That way, if one domain controller fails, the other domain controller can pick up the workload. Having two or more domain controllers can also enhance performance, as the second unit can help balance the network load.
In the following tutorial, we add a second domain controller to the guinea.pig domain. The second domain controller is named DC1A.
Install Windows Server 2003 on a test computer. Give it the following information:
IP address: 192.168.1.12 (subnet 255.255.255.0)
Gateway: IP address of the router on the 192.168.1.0 subnet
Server Name : DC1A
DNS Address: 192.168.1.1 (IP Address of DC01)
On DC1A, run dcpromo . When asked about the domain controller type, select Additional domain controller for an existing domain .
Enter the Administrator username and password for the guinea.pig domain, and enter guinea.pig in the domain field:
On the next screen, enter guinea.pig in the domain field.
Click through the next two screens, accepting the defaults. Enter a Restore Mode password when prompted. Click OK on the Summary screen. DCPromo configures Active Directory on the new domain controller. Once the configuration completes, the system presents you with a summary screen. Of special interest is the portion that reads:
"This domain controller is assigned to the site guineasite."
Recall that we moved DC01 to a new site that we created named guineasite. Because we added DC1A to the domain located in guineasite, DCPromo automatically locates it in guineasite.
Reboot our new domain controller when prompted. Once the system boots back up, install the DNS service ( Note: see page 173 ). The DNS information is then replicated to DC1A.
Open Active Directory Sites and Services and expand the guineasites ˆ’ > servers container. Notice that DC1A is located right under DC01, just where it should be:
Now that we have DC01 and DC1A located within the same Active Directory site, replication between the two is handled by a process known as the Knowledge Consistency Checker ( KCC ), which replicates changes between the two about every five minutes. Recall that this type of replication is known as intra-site replication, as the replication process takes place within a single site. Our forest now looks something like this: