3. Configuring the Second and Subsequent Domain Controllers

Carry out the following operations on the server you are adding to the domain, unless stated.

Check TCP/IP configuration
  • Configure the DNS servers in the TCP/IP configuration pages to use Windows DNS server that you configured as per the previous section .
Install Active Directory
  • Use dcpromo to install Active Directory adding the server as a new server in an existing domain.
  • This time, you shouldn't be prompted about DNS on Windows 2000 or 2003, but on 2008 you can again select to install the DNS server with Active Directory Domain Services on the Additional Domain Controller Options page. Again, on 2008 Server Core, use InstallDNS=Yes in an answer file, or /InstallDNS:Yes as a command-line switch to dcpromo..
Install the DNS Service
  • If you didn't install the DNS service as part of the domain controller installation (i.e. on 2000 or 2003), use [Add/Remove Programs] (Windows Components/Networking Services) or the Configure your Server wizard to install the DNS service.
  • Since you have configured DNS to use Active Directory-integrated zones, you don't need to configure the zones again.
Check that the Zones have replicated
  • Open the DNS management program and check that the zones shown below are visible.
    • ActiveDirectoryDomainName
    • _msdcs.ActiveDirectoryDomainName (only for the forest root domain)
Update TCP/IP configuration
  • Change the TCP/IP configuration of your server and its own IP address to the list of DNS servers. On 2008 server this should already have been done for you. Also add the addresses of any other internal DNS servers that you run. We'd recommend not putting its own IP address as the first in the list.
Register and check records
  • Reboot the server, or restart the NetLogon service, or wait a few hours to trigger the registration of records in the DNS.
  • Take a look in the file C:\Windows\System32\Config\netlogon.dns and compare the entries with the entries in the DNS management tool. You may need to refresh or even restart the latter before you can see them.
Configure forwarders
  • Configure your DNS servers to send all requests for information that they do not hold themselves to the DNS Caching Resolvers. This is recommended for security reasons and also speeds up queries for information in the ox.ac.uk domain. Configure this via the Forwarders tab in the [Properties] of the server object in the DNS management tool. Make sure there is an entry for All other DNS domains and add the addresses for each of the DNS Caching Resolvers to the forwarders list for this entry.
Run tests to check for errors
  • Check the event logs for errors.
  • Run netdiag /v /test:dns and dcdiag /v /test:dns using the Support tools included on the Windows server CD (the latter won't work on 2000) or installed by default on 2008. to check that everything looks good.
Update other domain controllers
  • On your other DNS servers, update the TCP/IP configuration, adding the IP address of the new DNS server to the list of DNS servers. Again we'd recommend any server's own IP address as the first in the list (but always include it on the list).
Configure Firewalls and Clients
  • Refer to the other sections in this document for details on updating the configuration of perimeter firewalls and clients.

Up: Contents Previous: 2. Installing and Configuring DNS on the First Domain Controller Next: 4. Multi-domain Environments