Below are the steps to promote a member server to be the domain controller in the existing forest. I am listing some best practices and recommendations going forward. Most of the listings below are pretty basic nothing advance. I am surprised to find many people are no aware of the basic and hence I am putting all these one more time to my student's attention.
- Make sure the server has configured correctly, the TCP/IP stack and DNS server is pointing to ***Existing DC/DNS***
- After initial replication point the DC/DNS to itself as primary DNS server and to its neighbor DC/DNS server as secondary preferred DNS
- ***Never*** point DC/DNS servers to ISP DNS server as their primary or secondary DNS ( most command killing mistake)
- Don't use more than 1 NIC, DC's don't like multiple NIC cards
- Forward the recursive queries which your domain is not authoritative for to the ISP DNS servers and let them do the heavy work.
- Go to your DNS, forward lookup zone locate _msdcs.yourDomain.org , go to properties , click on name servers and make sure all the servers listed there are domain controller and they are functioning properly.
- Tune up your DNS as it is explained in this article.
- Make sure you have added the server into domain prior running DCPromo (optional), this ensures proper communication with domain , created A record for the server in the DNS database on the existing domain.
- Run DCPromo as always to install ***.DIT*** database and remember the .DIT database is partitioned database ( domain, configuration, schema, application)
- Remember best practices for deciding RAID and distributing the database, logs and the SysVol.
Operating system files
Read and write operations
Active Directory log files
Mostly write operations
Active Directory database and SYSVOL shared folder
Mostly read operations
- The logs kept to be by itself
- Active Directory database and SYSVOL shared folder kept together on the same drive
*** The reality many companies (enterprise) goes with 2 RAID one set*** if you end up installing all on the same drive and you have multiple DC"s that is fine as well, when budged is suitable fallow the best practices to have less headache and good performance.
After DCPromo make sure
The new DC is functioning as DC
- Check Site and services to make sure the new DC appears , click start,run,dssite.msc , and under sites default-First-Site-Name, expend servers folder
- Make sure the server objects is there, NTDS settings , KCC has replication connections to other DC's
- Click start, run, cmd and type **net Share** configure the SysVol folder is visible
- Check the logs to make sure DC is healthy.
Oz Casey Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST Security+, Project +, Server +