Re: new domain setup

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 11/04/04 

Date: Fri, 5 Nov 2004 00:57:35 +0100

Hi,

You can add as many domain controllers later as you need. You setup a new
computer running e.g. Windows 2003, you patch it up with all the latest
updates (before joining it to domain). Once all patched up, join it to
domain and run dcpromo on it. This will make it new DC. Also make all your
DCs DNS servers (configure them as Active Directory Integrated DCs).

Again, before running DCpromo or before joining server to domain (or any
other PC), make sure that they are all patched up.

Personally I am against IIS running on DC (there is no need for it) and in
case of e.g. IIS security bridge (this could also be due to bad IIS
configuration) someone could gain access to files on DC or create new user
account or ...

The only services that I usually allow to run on my DCs are DNS and DHCP...

Feel free to post back with any additional questions that you might have...

Mike

"Param R." <pr@nospam.com> wrote in message
news:OxrxcMowEHA.1564@TK2MSFTNGP09.phx.gbl...
> Hi all, over the next few weeks I have to work on setting up a new domain
> environment at our data center. All machines will be running 2003. Some
> web and some standard. The problem is when I am doing the setup I will
> have 3 servers with me. I will have to set these up and then later go get
> the 2 other servers which are in a different location. The problem is I
> eventually want my main Domain Controller to be one of the machines at the
> other location. It is a more powerful box than the 3 readily available to
> me. So in theory I will use one of the currently available boxes as a
> Domain Controller for now until I can go get the other machines. Is it
> possible to install a box at a later point and make it the main DC? If
> yes, how would I go about doing so and what do I need to watch out for?
>
> Also, I have never installed a DC before. What steps do I need to follow?
> I will also be installing DNS on the DC boxes. DNS will only be used for
> internal use, so it is recommended to have DNS integrated with A/D rather
> than in flat files right? Here are the steps I am thinking:-
>
> 1. Boot from CD and do base install.
> 2. Run DCPROMO
> 3. Install DNS, IIS & Other Services.
>
> Any help here is much appreciated.
>
> thanks,
> Param
>

Relevant Pages

  • RE: Strange Irregular DNS/Networking Problems
    ... Never heard about this kind of problem with IPv6, but think this is because it is not used so much until now. ... What i heard is that firefox or some other not MS browsers and addons make problems with DNS resolving after changing DNS servers. ... After resetting the domain controller and booting up things are back ...
    (microsoft.public.windows.server.dns)
  • Re: new domain setup
    ... the IIS websites running on the DC will be for internal use only. ... > DCs DNS servers. ... Boot from CD and do base install. ...
    (microsoft.public.windows.server.setup)
  • Re: Event Viewer Anomoly
    ... Please give some more infos about the kind of server, Domain controller DNS DHCP etc. and how they are located. ... The topology information in the Active Directory for this replica ... performed with one or more critical servers in order for changes to ...
    (microsoft.public.win2000.networking)
  • Re: Global Catalog Location
    ... It *could* be a DNS issue (as you well know it can almost always be a DNS ... I would suggest that the op install the set up Sites in the ADSS ... netdiag /v on all Servers. ... on all of the remote DCs as well as then ...
    (microsoft.public.win2000.active_directory)
  • Re: Upgrade disaster - I hate that sick in the stomach feeling.
    ... I think your new plan is spot on, espcially with the DNS. ... I have a plethora of servers that refence the IP address of DC1 for DNS ... I test a user and it can't map a drive to the DFS Root share. ... could not be read from the domain controller". ...
    (microsoft.public.windows.server.active_directory)
Loading