Domain ControllerNotes

Domain ControllerNotes

When you promote a domain controller, there must be a DNS server available on the network. If you are creating a new forest root domain and you have no DNS server, you are prompted to have the wizard automatically install and configure your computer as a DNS server. The first domain controller of your forest should have its TCP/IP settings configured so that it points to itself as its preferred DNS server otherwise , incorrect SRV records may be created. Additional domain controllers should also point to the first domain controller as their preferred DNS server and their own IP address as an alternate DNS server.

Domain controller objects are located by default in the Domain Controllers OU within a domain, and they can be managed, moved to different OUs, and configured using Active Directory Users and Computers.

If a domain controller you want to demote owns one or more of the FSMO roles, transfer these roles to other domain controllers in the domain before demoting it. If it is the last domain controller in your domain, this is not an issue.

You can't demote a domain controller if Certificate Services is running on it; you have to remove this service first.

Additional tabs are available on the properties sheet for a domain controller when View Advanced Features is selected.

Don't create additional global catalog servers on a single domain unless you have multiple sites connected by slow WAN links. You should generally have one global catalog server per site if WAN connections between sites are slow because clients need to be able to access the global catalog in order to log on to the network (unless universal group caching is enabled).

In W2K, adding a new attribute to the global catalog resulted in a full synchronization of all Active Directory information for all domains in the forest, which created a lot of network traffic. This problem has been fixed in WS2003.

You can rename WS2003 domain controllers using the netdom utility.

See Also