Re: Add a new DC to a new branch

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
• Date: Sat, 20 May 2006 00:46:44 +0100

---

InLine

Yes I removed the DHCP server from my router and configured the DC/DNS
server on main site as a DHCP server. I read that the DHCP server on a DC
should be a member of DnsUpdateProxy security group, but when I try to add
my
DC to this group, it cannot recognize the DC object. Is there any catch
here.

You don't need to add the DC to that Group. The DHCP server will register
the DNS records on behalf of your DHCP clients.

I created a user for DNS dynamic updates registration. What group should
this user be a member of. Or it can be just a regular user.

Just a reular user juld be fine like "srv_dhc", just make sure that it has a
nonexpire password.

When I replicate AD and DNS, does the DHCP gets replicated to other site
DHCP server that is also a DC/DNS server. I guess since each DHCP server
handles its own scope, this would not be the case. Please confirm.

DHCP database stays on the server, the only thing that gets replicated is
the DHCP Authorization on Active Directory (Open DHCP console -> Right click
on DHCP -> Manage Authorized Servers), all DHCPs on AD must be authorized.

I did all these on my DC on SITE 2. Why the zones on this DC should be
converted to Primary Zone from AD Integrated. When I did this, the AD
Integrated zones on MAIN DC disappeared. I believe it will appear as
Primary
Zone on Main Site DC. Should these zones not be AD Integrated?

well something went wrong here, the gold was:

- On Main Site recreate the Dns structure, so that could be replicated to
the branch office.

If you follow the "STEP 2 - SITE 2" you'll see that the dns server on site2
will endup with no dns zone configured.
But because you have the DC on site2 with the Dns properties "make the
primary Dns server pointing to the MAIN SITE DC - 192.168.1.100", the zone
will be replicated to the DC on site2, then you would change the primary Dns
to itself "192.168.2.100". The Only reason that I said to change to primary
BEFORE deletion, was to prevent from removing it from AD.
DNS PRIMARY Zones aren't replicated, only AD Integrated Zones are
replicated.
If you want repeat all dns setps again.

My main problem was a firewall blocking traffic between the two sites, in
addition to DNS configuration issues. I opened that up and AD replication
and
all worked fine.

so how is the output for portquery now?

Regarding my remote site server not booting up and hanging up at
"Preparing
Network Connections", I was able to boot by removing the network cable and
fixing the DNS problems on this server. I was not able to boot in
Directory
Services Restore Mode. Can you point me to some resources on how to go
about
doing that. I do not get any options for selecting OS on boot, nor F8
options. Any ideas?

This is strange, i never saw this fails, you should be able hiting the F8
button...

I often see errors in event log and sometimes cannot get rid of its cause.
Are there any tools to do Health Check of AD, DNS, etc. other than DCDiag.

There are many tools to monitoring, I'll show just some of the MS provided:

*For sites and replication you have:
Netdom (command Prompt)
Repadmin (command Prompt)
Replmon (GUI)

*Monitoring and Troubleshooting DC
Netdiag
Dcdiag
Netdom

*For AD Database the Most Common are:
Ldp
Adsiedit.msc
Ntdsutil

Others
Deploying Active Directory for Branch Office Environments
http://www.microsoft.com/technet/archive/windows2000serv/technologies/activedirectory/deploy/adguide/addeploy/addch09.mspx?mfr=true

Deploying Active Directory for Branch Office Environments

http://www.microsoft.com/technet/archive/windows2000serv/technologies/activedirectory/deploy/adguide/addeploy/addch09.mspx?mfr=true

Monitoring

http://www.microsoft.com/technet/scriptcenter/scripts/ad/monitor/default.mspx

Script Repository: Active Directory
http://www.microsoft.com/technet/scriptcenter/scripts/ad/default.mspx
Active Directory Management Pack Technical Reference for MOM 2005
http://www.microsoft.com/technet/prodtechnol/mom/mom2005/maintain/dirmgmtpackmom_5.mspx

Monitoring and Troubleshooting the File Replication Service

http://www.microsoft.com/windowsserver2003/technologies/storage/dfs/tshootfrs.mspx

Its been a while and my MAIN DC zones are still missing. Should the zones
on
Site 2 DC be primary? I thought they all should be AD Integrated. I am
still
waiting for this to replicate to MAIN DC. Any comments.

No. as I said before the gold was to create in the main site a clean DNS to
be replicated to the Branch Site, but to this happen the zone must be AD
Integrated.

--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator


.

---

• Follow-Ups:
  • Re: Add a new DC to a new branch
    • From: Manoj

• References:
  • Add a new DC to a new branch
    • From: Manoj
  • Re: Add a new DC to a new branch
    • From: Jorge Silva
  • Re: Add a new DC to a new branch
    • From: Manoj
  • Re: Add a new DC to a new branch
    • From: Jorge Silva
  • Re: Add a new DC to a new branch
    • From: Manoj
  • Re: Add a new DC to a new branch
    • From: Jorge Silva
  • Re: Add a new DC to a new branch
    • From: Jorge Silva
  • Re: Add a new DC to a new branch
    • From: Manoj
  • Re: Add a new DC to a new branch
    • From: Jorge Silva
  • Re: Add a new DC to a new branch
    • From: Manoj
  • Re: Add a new DC to a new branch
    • From: Jorge Silva
  • Re: Add a new DC to a new branch
    • From: Manoj

• Prev by Date: RE: Delegation of duties to junior administrator
• Next by Date: DNS forwarders
• Previous by thread: Re: Add a new DC to a new branch
• Next by thread: Re: Add a new DC to a new branch
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2006-05