Additional DC intro
when looking at above Pioneers environment , its nice hierarchical structure
but you will find something , each domain has ONLY one domain controller
so what could happen if that DC down and hardware failed ?
this situation called [ domain controller single point of failure ]
this lead us to install additional domain controller to avoid [ single point of failure ]
HOW Additional DC work ?
let’s look to above network diagram of pioneers.lab , you will find :
ALL network objects [like users , group , computer ,…etc. ] in one directory service [ which is located at c:\windows\NTDS\ntds.dit ]
NOW imagine what could happened if server DC0101 accidentally power down or even hardware failure
to avoid this possible RISK : pioneers company has availability plan which dictate that directory service is critical asset and should be redundant
then IT team move to apply availability plan and install additional domain controller called DC102 as below diagram
if you look at above diagram :
we have two servers [domain controllers DC101, DC102 ] ,
each server has it’s own copy of directory service [ntds.dit ] – actually each copy of ntds.dit is called [ replica ]
let us suppose that we have logged on to DC101 and open console Active directory user & computer ADUC then create new account account called amani@pioneers.lab
this update to directory service will be replicated to the other directory service in the other server DC102
so any update to active directory on one DC will replicated to other DC
you may ask : what if DMZ switch down or whole Data center down because Natural disasters like earthquick , fire , Electrical fault etc.
this will lead us to another concept of availability called [ DRS disaster recovery site ] , which will be detailed in another chapter
Active Directory and DNS
as we know : DNS is fully integrated with Active Directoy and in most cases DNS installed on same DC
in our case DNS is NOT except and also installed on DC101
so it;s very sense to install DNS on another domain conteroller DC102
this step is NOT enough : we have also to configure ALL computer to use DC102 as second DNS server in case DC101 failed
don’t feel confused , this is easy step and will be DONE in this article
but NOW , let to focus on implementing additional DC , let’s GO
prepare server
preparing server will include three steps :
- sysprep
- IP address
- rename computers
which we have explained it in many different areas
Install Feature ADDS
installing Active directory ADDS include the following steps
open server manager
Promote server DC102 as additional DC
now it’s time to promote DC102 as additional domain controller
click configure
step above is Crossroad
the first time when we was promoting DC101 as first DC in domain : we have selected new forest
but now we will select add DC to exist domain
back to article [ forest and trees ] you will notes that if we would like to create new tree in same forest with domain [leaders;lab ] : then we will select new domain in exist forest
Verify Install Additional DC
now we have promote DC102 as additional domain controller ,
but we need to verify that just to make sure every is working properly
Verify DNS installation on DC102
as you remember that we have installed DNS beside of ADDS ,
so in case DC101 failed for some reason , then DC102 will fully take place as DC and DNS
let now to verify DNS installation also
Test Replication between DC101 DC102
now we know there is replication created between DC101 , and DC102 as domain controllers ,
this replication is managed by console [Active directory Site And Services ]
we will test this replication by create user in DC101 called samer@pioneers.lab , then check if users has been replicated to DC102
let’s GO
on DC101 open Active Directory user and computer ADUC – open OU employees — create new OU called accounting — then create new user called samer@pioneers.lab
Coclusion
Active Directory is considered one of the most valuable asset in company
work on Only one Domain controller will leave IT environment in single point of failure
Domain controller should be protected by HA plan [ High Availability ]
currently we have make additional DC in same datacenter which is NOT enough in case if site failed at ALL for any natural disaster
this will lead us to new concept called DRS disaster Recovery site ,
DRS will be explained later when move to Deep diving