You can add domain controllers to a domain to improve load balancing in a site and fault tolerance in a domain. Additional domain controllers improve the performance of authentication requests and global catalog server lookups. They also help Active Directory Domain Services (AD DS) overcome hardware, software, or administrator errors. When you add a domain controller, information is replicated over the network.
Deploying another domain controller
The following table lists the steps that you can take to add another domain controller to a domain.
Note | |
The following table refers to running Adprep.exe to prepare your environment for a domain controller that runs Windows Server 2008 R2. Adprep.exe is located in the support\adprep folder of the Windows Server 2008 R2 installation disc. In addition, Windows Server 2008 R2 includes a 32-bit version (Adprep32.exe) and a 64-bit version (Adprep.exe). The 64-bit version runs by default. If you are running Adprep on a 32-bit computer, run the 32-bit version. |
Step | Reference | |
---|---|---|
|
If this is the first domain controller in your forest that runs Windows Server 2008 R2, prepare the forest schema by running adprep forestprep. |
Prepare a Windows 2000 or Windows Server 2003 Forest Schema for a Domain Controller That Runs Windows Server 2008 or Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkId=93242) |
|
If this is the first domain controller in your domain that runs Windows Server 2008 R2, prepare the domain by running adprep /domainprep /gpprep. |
Prepare a Windows 2000 or Windows Server 2003 Domain for a Domain Controller That Runs Windows Server 2008 or Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkId=93243) |
|
If you plan to install a read-only domain controller (RODC), raise the forest functional level to Windows Server 2003. |
Raising the Functional Levels (http://go.microsoft.com/fwlink/?LinkId=93174) |
|
If you are installing the first RODC in your forest, prepare your forest by running adprep /rodcprep. |
Prepare a Forest for a Read-Only Domain Controller (http://go.microsoft.com/fwlink/?LinkId=93244) |
|
Determine the user account and password that you will use to install the domain controller. The account must be a member of the Domain Admins group in the domain where you are installing the domain controller, or it must be delegated sufficient privileges. |
Providing Network Credentials to Install or Remove Active Directory Domain Services |
|
Determine the fully qualified Domain Name System (DNS) name of the domain where you plan to install the domain controller. Your AD DS design team may provide this information. |
Collect Regional Domain Design Information (http://go.microsoft.com/fwlink/?LinkId=93249) |
|
Decide where you plan to store the database, log files, and SYSVOL. For improved performance and efficient backup and recovery operations, store these components on separate volumes. |
|
|
If you plan to install from media (IFM), use the ntdsutil ifm subcommand to create the installation media. |
Installing AD DS from Media (http://go.microsoft.com/fwlink/?LinkId=93264) |
|
Determine a strong password that you will assign for the Directory Services Restore Mode (DSRM) account. |
Providing a Directory Services Restore Mode Administrator Password |
|
Determine which additional domain controller options you want to install. For example, determine if you want the domain controller to be a DNS server, global catalog server, or an RODC. |
|
|
Use Dcdiag.exe to verify connectivity with operations masters. |
Verify the availability of the operations masters (http://go.microsoft.com/fwlink/?LinkId=93271) |
|
Install AD DS. |
Installing an Additional Domain Controller (http://go.microsoft.com/fwlink/?LinkId=93254) |