3. Configuring the Second and Subsequent Domain Controllers
Carry out the following operations on the server you are adding to the domain,
- Check TCP/IP configuration
- Configure the DNS servers in the TCP/IP configuration pages to use
Windows DNS server that you configured as per the previous section .
- Install Active Directory
dcpromo to install Active Directory adding
the server as a new server in an existing domain.
- This time, you shouldn't be prompted about DNS on Windows 2000 or
2003, but on 2008 you can again select to install the DNS server
with Active Directory Domain Services on the
Domain Controller Options page. Again, on 2008 Server
InstallDNS=Yes in an answer file, or
/InstallDNS:Yes as a command-line switch to
- Install the DNS Service
- If you didn't install the DNS service as part of the domain
controller installation (i.e. on 2000 or 2003), use (Windows Components/Networking Services) or the
Configure your Server wizard to install the DNS
- Since you have configured DNS to use Active Directory-integrated
zones, you don't need to configure the zones again.
- Check that the Zones have replicated
- Open the DNS management program and check that the zones shown
below are visible.
- _msdcs.ActiveDirectoryDomainName (only for
the forest root domain)
- Update TCP/IP configuration
- Change the TCP/IP configuration of your server and its own IP
address to the list of DNS servers. On 2008 server this should
already have been done for you. Also add the addresses of any other
internal DNS servers that you run. We'd recommend not putting its
own IP address as the first in the list.
- Register and check records
- Reboot the server, or restart the NetLogon service, or wait a few
hours to trigger the registration of records in the DNS.
- Take a look in the file
compare the entries with the entries in the DNS management tool. You
may need to refresh or even restart the latter before you can see
- Configure forwarders
- Configure your DNS servers to send all requests for information
that they do not hold themselves to the
DNS Caching Resolvers. This is recommended for security
reasons and also speeds up queries for information in the ox.ac.uk
domain. Configure this via the
Forwarders tab in
the of the server object in the DNS
management tool. Make sure there is an entry for
DNS domains and add the addresses for each of the
DNS Caching Resolvers to the forwarders list for this
- Run tests to check for errors
- Check the event logs for errors.
netdiag /v /test:dns and
/test:dns using the Support tools included on the
Windows server CD (the latter won't work on 2000) or installed by
default on 2008. to check that everything looks good.
- Update other domain controllers
- On your other DNS servers, update the TCP/IP configuration, adding
the IP address of the new DNS server to the list of DNS servers.
Again we'd recommend any server's own IP address as the first in the
list (but always include it on the list).
- Configure Firewalls and Clients
- Refer to the other sections in this document for details on
updating the configuration of perimeter firewalls and
Up: Contents Previous: 2. Installing and Configuring DNS on the First Domain Controller Next: 4. Multi-domain Environments