4. Configuring the Second and Subsequent Domain Controllers
Carry out the following operations on the server you are adding to the domain,
unless stated. Again, skip any steps you have already carried out.
- Check TCP/IP configuration
- On the second domain controller, open the TCP/IP properties of the
network connection and delete any DNS server entries. Instead, enter
the address of the existing Windows DNS server (usually your first
- Install Active Directory
dcpromo to install Active Directory adding
the server as a new server in an existing domain.
- This time, you shouldn't be prompted about DNS on 2000 or 2003.
Again 2008 may refuse to install DNS; this is fine and should not
prevent Active Directory Domain Services from being installed.
Again, on 2008 Server Core, use
an answer file, or
/InstallDNS:No as a
command-line switch to
dcpromo to stop DNS from
- Install the DNS Service
- If necessary, use (Windows
Components/Networking Services) or the
Server wizard to install the DNS service. For 2008 Server
start /w ocsetup DNS-Server-Core-Role
- Since you have configured DNS to use Active Directory-integrated
zones, you don't need to configure the zones again as they will be
replicated automatically (although this can take a while).
- Check that the Zones have replicated
- Open the DNS management program and check that the zones shown
below are visible. For 2008 Server Core, use DNSCMD or remote
management. It may take a while for them to appear.
- Configure Forwarders
- Configure your DNS servers to send all requests for information
that they do not hold themselves to the
DNS Caching Resolvers. This is recommended for security
reasons and also speeds up queries for information in the ox.ac.uk
domain. Configure this via the
Forwarders tab in
the of the server object in the DNS
management tool. Make sure there is an entry for
DNS domains and add the addresses for each of the
DNS Caching Resolvers to the forwarders list for this
- Configure delegations from the central DNS servers
- You can register up to two servers centrally. If this is the
second server in the domain, use the using the Interface for Host
Updates page, linked from the OUCS DNS page
to register this server. You need to include the
unitname part (e.g. oucsserver1.oucs, bncw2k1.bnc).
- Update TCP/IP configuration
- Open the TCP/IP properties of the network connection and add this
server's own IP address to the list of DNS servers. Ensure it is at
the top of the list. You can use 127.0.0.1 as the address (although
some of the diagnostics tools may report an error if you use this
address but won't if you use the real address of the server).. Do
not remove the addresses of any other Windows DNS server from the
list, but it can be a good idea to remove any of the central
Computing Services servers.
- Register and check records
- Take a look in the file
compare the entries with the entries in the DNS management tool.
- Run tests to check for errors
- Check the event logs for errors. Expect to see 5774 where it
complains that it can't register all of the records. The problem is
the host (A) record for the domain itself. You can suppress this by
adding a multistring value (REG_MULTI_SZ) value called
DnsAvoidRegisterRecords under the
registry key, and entering the data value
LdapIpAddress. See Restrict the DNS resource records that are updated by
Netlogon. This may not be supported on Windows 2000, only
netdiag /v /test:dns and
/test:dns using the Support tools included on the
Windows server CD (the latter won't work on 2000). to check that
everything looks good.
- Update other domain controllers
- On any other domain controllers, open the TCP/IP properties of the
network connection and add the IP address of your new domain
controller/DNS server to the list of servers. Always make sure that
DNS servers have their own address first in the list, but then do
include the addresses of the other Windows DNS servers in the list.
If you don't, it can result in slow (5 or 10 minutes) boot times,
for later versions of Windows server.
- Configure Firewalls and Clients
- Refer to the other sections in this document for details on
updating the configuration of perimeter firewalls and
Up: Contents Previous: 3. Installing and Configuring DNS on the First Domain Controller Next: 5. Multi-domain Environments