Published: September 17, 2004
This guide describes how to create the first domain controller for a new child domain and how to configure an additional domain controller for replication within a child domain.
Overview
The following sections demonstrate the procedures required for configuring a computer running Windows Server 2003 as the first domain controller in a child domain. An additional domain controller within the child domain will be configured to function as a replication partner.
An Active Directory service deployment consists of one or more forests with each forest having one or more domains. Creating the initial domain controller (DC) in a network creates the first domain in a forest—you cannot have a domain without at least one domain controller. The first domain created is the root domain of the first forest. Additional domains in the same domain forest may be child domains or tree root domains. A domain immediately above another domain in the same domain tree is considered its parent.
Domains are used to accomplish network management goals, such as structuring the network, delimiting security, applying Group Policy, and replicating information.
Active Directory allows domain controllers to function as peers—therefore, clients can update Active Directory on any of the Windows Server 2003 domain controllers in the domain. This is a significant change from the read-write/read-only roles played by Windows NT® Server Primary Domain Controllers (PDCs) and Backup Domain Controllers (BDCs). The Windows NT Server domain system supports single-master replication requiring all changes to be made on the PDC.
The Windows Server 2003 operating system supports multi-master replication—all of a domain’s domain controllers can receive changes made to objects and can replicate those changes to all other domain controllers in that domain. By default, the first domain controller created in a forest is a global catalog server, which contains a full replica of all objects in the directory for its domain and a partial replica of all objects stored in the directory of every other domain in the forest.
Replicating Active Directory data among domain controllers provides benefits for information availability, fault tolerance, load balancing, and performance. In this step-by-step guide, you can take advantage of the greater fault tolerance provided in the multi-master model by installing multiple domain controllers. In the event a domain controller stops working, the availability of Active Directory is not compromised.
Creating Additional Domain Controllers
The following steps should be performed on a computer that has Windows Server 2003 installed and is connected to the common network infrastructure created in Prerequisites in this guide.
Best Practice: While not strictly required, Microsoft highly recommends that all domain controllers, DNS and Dynamic Host Configuration Protocol (DHCP) servers, routers, and printers within the common infrastructure be assigned static Internet Protocol (IP) addresses.
Configuring Static IP addresses
|
1. |
Log on to the server of your choice. | ||||||||||||||||||
|
2. |
Click the Start button, right-click My Network Places, and then click Properties. | ||||||||||||||||||
|
3. |
Right-click Local Area Connection, and then click Properties. | ||||||||||||||||||
|
4. |
In the Local Area Connection dialog box, double-click Internet Protocol. | ||||||||||||||||||
|
5. |
Select Use the following IP address, and enter the following:
|
||||||||||||||||||
|
6. |
In the Local Area Connection dialog box, click OK. | ||||||||||||||||||
|
7. |
Close the Network and Dial-up Connection dialog box. |
Configuring a Child Domain
|
1. |
On HQ-CON-DC-02, click the Start button, click Run, type DCPromo, and then click OK. |
|
2. |
Once the Active Directory Installation Wizard appears, click Next to begin. |
|
3. |
Review the Operating System Compatibility information, and then click Next to continue. |
|
4. |
On the Domain Controller Type page, select Domain controller for a new domain (default), and then click Next to continue with the installation of Active Directory. |
|
5. |
On the Create New Domain page, select Child domain in an existing domain tree, and then click Next. |
|
6. |
In the Network Credentials box, enter the user name as Administrator, do not enter a password, type the domain name as Contoso.com, and then click Next. |
|
7. |
On the Child Domain Installation page, enter the parent domain as contoso.com and the child domain as vancouver. Note that the complete DNS name of the new domain is now displayed as vancouver.contoso.com. Click Next to continue. |
|
8. |
In the NetBIOS Domain Name box, accept the default value of VANCOUVER, and then click Next. |
|
9. |
On the Database and Log on Locations page, accept the defaults, and then click Next. |
|
10. |
On the Shared System Volume page, accept the defaults, and then click Next. |
|
11. |
The DNS Registration Diagnostics page includes a DNS verification summary. After reviewing the results, click Next to continue with the installation of Active Directory. |
|
12. |
If your environment will contain machines running pre-Windows 2000 operating systems, select Permissions compatible with pre-Windows 2000 servers. If you only plan on having Windows 2000 or Windows Server 2003 servers, select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems. Click Next to continue. |
|
13. |
On the Directory Services Restore Mode Administrator Password page, type password for Restore Mode Password and Confirm password.Click Next to continue. |
|
14. |
Confirm your selections on the Summary page (Figure 1), and then click Next to start the configuration of Active Directory. |
|
15. |
Once the Active Directory Installation Wizard completes, click Finish, and then click Restart Now to reboot your system. |
Configuring a Replication Partner
The Role of Sites in Active Directory Replication
Sites enable the replication of directory data both within and among sites. Active Directory replicates information within a site more frequently than across sites, implying that better connected domain controllers receive updates first. The domain controllers in other sites will receive all updates to the directory, although, to reduce the bandwidth requirements for slower network connections, updates are scheduled to occur less frequently.
A site is delimited by a subnet and is usually geographically bound. Sites differ in concept from Windows Server 2003–based domains in that sites can span multiple domains, and a domain can span multiple sites. Sites are not part of the domain namespace but they do control replication of domain information and help determine resource proximity. For example, a workstation will select a domain controller within its site against which to authenticate.
Directory information can be exchanged using the following replication transports: Remote Procedure Call (RPC) over Transmission Control Protocol/Internet Protocol (TCP/IP) and Simple Mail Transfer Protocol (SMTP). For information about configuring sites, subnets, and IP-based replication, see the Step-by-Step Guide to Active Directory Sites and Services.
To take advantage of multi-master replication, you can set up another domain controller to serve as a replication partner for the first domain controller in the Vancouver child domain.
Configuring an Additional Domain Controller as a Replication Partner
To configure an additional domain controller as a replication partner
|
1. |
On HQ-CON-DC-03, click the Start button, click Run, type DCPromo, and then click OK. |
|
2. |
Once the Active Directory Installation Wizard appears, click Next to begin. |
|
3. |
Review the Operating System Compatibility information, and then click Next to continue. |
|
4. |
On the Domain Controller Type page, select Additional domain controller for an existing domain, and then click Next to continue with the installation of Active Directory. |
|
5. |
In the Network Credentials box, enter the user name as Administrator, do not enter a password, type the domain name as Contoso.com, and then click Next. |
|
6. |
On the Additional Domain Controller page, enter the domain name as vancouver.contoso.com, and then click Next to continue. |
|
7. |
In the NetBIOS Domain Name box, accept the default value of VANCOUVER, and then click Next. |
|
8. |
On the Database and Log on Locations page, accept the defaults, and then click Next. |
|
9. |
On the Shared System Volume page, accept the defaults, and then click Next. |
|
10. |
On the Directory Services Restore Mode Administrator Password page, type password for Restore Mode Password and Confirm password. Click Next to continue. |
|
11. |
Confirm your selections on the Summary page (Figure 2), and then click Next to start the configuration of Active Directory. |
12.
Once the Active Directory Installation Wizard completes, click Finish, and then click Restart Now to reboot your system.