Ports for Creating Additional Domain controller at my remote DRC site

Similar Messages

• Additional domain controller

  hi , we r using win2008 r2 and recently we have created additional domain controller on another server in the same forest can we install sql server 2008 same as on our main domain controller pls advivice its urgent
  thanks
  ganesh

  Please see http://support.microsoft.com/kb/2032911/no
  Regards,
  Thomas

• What is the best practice and Microsoft best recommended procedure of placing "FSMO Roles on Primary Domain Controller (PDC) and Additional Domain Controller (ADC)"??

  Hi,
  I have Windows Server 2008 Enterprise  and have
  2 Domain Controllers in my Company:
  Primary Domain Controller (PDC)
  Additional Domain Controller (ADC)
  My (PDC) was down due to Hardware failure, but somehow I got a chance to get it up and transferred
  (5) FSMO Roles from (PDC) to (ADC).
  Now my (PDC) is rectified and UP with same configurations and settings.  (I did not install new OS or Domain Controller in existing PDC Server).
  Finally I want it to move back the (FSMO Roles) from
  (ADC) to (PDC) to get UP and operational my (PDC) as Primary. 
  (Before Disaster my PDC had 5 FSMO Roles).
  Here I want to know the best practice and Microsoft best recommended procedure for the placement of “FSMO Roles both on (PDC) and (ADC)” ?
  In case if Primary (DC) fails then automatically other Additional (DC) should take care without any problem in live environment.
  Example like (FSMO Roles Distribution between both Servers) should be……. ???
  Primary Domain Controller (PDC) Should contains:????
  Schema Master
  Domain Naming Master
  Additional Domain Controller (ADC) Should contains:????
  RID
  PDC Emulator
  Infrastructure Master
  Please let me know the best practice and Microsoft best recommended procedure for the placement of “FSMO Roles.
  I will be waiting for your valuable comments.
  Regards,
  Muhammad Daud

  Here I want to know the best practice
  and Microsoft best recommended procedure for the placement of “FSMO Roles both on (PDC) and (ADC)” ?
  There is a good article I would like to share with you:http://oreilly.com/pub/a/windows/2004/06/15/fsmo.html
  For me, I do not really see a need to have FSMO roles on multiple servers in your case. I would recommend making it simple and have a single DC holding all the FSMO roles.
  In case if
  Primary (DC) fails then automatically other Additional (DC) should take care without any problem in live environment.
  No. This is not true. Each FSMO role is unique and if a DC fails, FSMO roles will not be automatically transferred.
  There is two approaches that can be followed when an FSMO roles holder is down:
  If the DC can be recovered quickly then I would recommend taking no action
  If the DC will be down for a long time or cannot be recovered then I would recommend that you size FSMO roles and do a metadata cleanup
  Attention! For (2) the old FSMO holder should never be up and online again if the FSMO roles were sized. Otherwise, your AD may be facing huge impacts and side effects.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Error while configuring ADC (Additional Domain Controller)

  Hello Experts,
  I am configuring ADC (Additional Domain controller) in a member server which is in workgroup. while configuring ADC on that server, I got a window saying "additional information for this domain controller", where there were three options, i.e.
  DNS server, Global Catalog, RODC (Read only Domain controller) and bydefault first two options(DNS & Global Catalog) were checked. I kept that setting and clicked on next. Now this is showing I need to give a static IP to my adapter, but I have already
  given a static IP. when I unchecked the DNS button from that window it was not giving such error. Now my question is if I continue without checking the DNS, will it give me trouble in future. Please suggest. I am using MS2008 R2.
  Swaprakash..

  Ensure that you don't have another NIC in your server that is set to obtain IP address from DHCP. However, even if you proceed with this warning, you will probably not have any errors later, as long as you're sure that you have static IP assigned to your
  internal NIC.
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Damir

• Unable to complete Additional domain controller installation

  HI Team,
  I have a Lab setup having 3 domain controllers. Initially I promoted a Domain Controller on 2008 server. After that I promoted another 2008 server as additional domain controller. Everything was completed successfully . But when I tried a 2012 server
  as additional controller , the installation was not getting completed. Actually process is stucked in installation Tab. Even I installed 2012 server newly and the issue is persist.
  Can anyone suggest me to fix this issue ?
  Do we need to migrate schema ?
  Regards
  Sajin P S

  Hi Anuj,
  I'm sure that its is some thing related to a network issue. Make sure that all the necessary ports are open between the domain controllers.
  Active Directory and Active Directory Domain Services Port Requirements
  http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx
  Active Directory Firewall Ports - Let's Try To Make This Simple
  http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
  Use port query tool to see the opened ports.
  http://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx#Using_PortQry
  Regards,
  Rafic
  If you found this post helpful, please give it a "Helpful" vote.
  If it answered your question, remember to mark it as an "Answer".
  This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

• Can we run domain controller windows 2008 32 bit and additional domain controller on 2003 server

  im my environment we are trying to upgrade from server 2k3 to 2k8, out testing done on server 2k3 to 2k8, but can we run domain controller windows 2008 32 bit and additional domain controller on 2003 server ...kindly suggest
  Nitin Gaurav
  [email protected]

  Yes you can. If you have two 2003 AD servers currently and upgrade one of them to 2008 AD then they'll continue to be able to work together. The domains functional level will remain as 2003 across both servers so at this stage you won't get any benefit from
  the new AD functionality available in 2008.
  Once you've then upgraded the second 2003 server to 2008 you can then upgrade the functionality levels in AD to make it 2008. It's been a while, but I believe it doesn't happen automatically, so once all AD servers have been upgraded you have to go into
  AD and upgrade the functionality levels yourself.

• Create a Domain Controller and a Child Domain using Powershell

  Is it possible to create a Domain Controller and a Child Domain using Powershell?

  Yes, you can do that:
  WS2008R2 -
  http://technet.microsoft.com/en-us/library/cc731394%28v=ws.10%29.aspx
  http://technet.microsoft.com/en-us/library/cc731873%28v=ws.10%29.aspx - This isn't technically PowerShell.
  WS2012 -
  http://technet.microsoft.com/en-us/library/jj574105.aspx
  EDIT: You've asked this same question a few times now, is there something specific that's giving you trouble?
  Don't retire TechNet! -
  (Don't give up yet - 12,830+ strong and growing)

• Best pracices for setting up Domain controller for our remote European offices

  Hi,,
  We have about 17 remote site across Europe (HQ in UK), I want to start revoking the offices local DC's and host them in a couple of Cloud servers in Germany with local NAS boxes for file storage. I will have MPLS network between the offices to the Cloud
  DC.
  Now what would be the best practices and tips for this situation in respect to the DC's. How can I prioritize the remote offices to use the Cloud DC/DNS and not our DC at our HQ in the UK. Would it be better to have a sub-domain created (europe.company.co.uk)
  for the other offices.
  Any suggestions on this setup for the DC

  Hiya,
  on the conceptual level. The reason for having local DC's, is that if the local sites internet line is offline, people are still able to authenticate and access local resources. From that point of view, you might as well just run with your HQ DC's only. Note:
  the cloud does offer availability on their services, that might not be matched by your HQ in terms of double internet lines.
  That said.
  The DNS server of the clients as well as the sites & services of Active Directory. Your clients will use the nearest domain controller available from sites and services information.
  Managing Intersite Replication
  http://technet.microsoft.com/en-us/library/cc794799%28v=ws.10%29.aspx

• Best Practices for Setting up a Windows 2012 R2 STD Domain Controller in a Remote Site

  So I'm looking for an article or writeup similar to the "Adding Domain Controllers in Remote Sites" TechNet article but for Windows Server 2012 STD R2.  Here is my scenario:
  1.  I want to setup the domain controller at Site A where the primary domain controller is located.  The primary domain controller is Windows Server 2008 R2. 
  2.  Once the DC is setup I plan on leaving it on our network for a few days before shipping it to remote Site B for installation
  Other key items:
  1.  The remote Site B will have a different IP range than Site A but will be connected to Site A via a single VPN tunnel.  All the DCs that replicate with each other are on the same domain. 
  2.  The 2012 DC that I setup for Site B (same domain in same forest) will be a DHCP, DNS, and WSUS server all replicating to the primary DC at Site A
  Questions:
  1.  What items can I setup while it's at Site A without effecting or conflicting with the existing network and domain controller?  Can I setup a scope once the DHCP role is added? 
  2.  All of our DCs replicate through Sites and Services, do I have to manually add this to our primary DC for the new DC going to remote Site B?  Or when does this happen automatically when I promote the DC? 
  All and all I'm just looking for a list of Best Practices for 2012 or a Step by Step Guide.  Any help would be appreciated. 

  Hi,
  Thanks for your posting.
  When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
  For more and detail information, please refer to:
  Best Practices for Adding Domain Controllers in Remote Sites
  http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
  Regards.
  Vivian Wang

• Example WLST scripts for creating clustered domain for soa suite 11.1.1.4?

  Hello,
  does anyone know sample wlst scripts for creating domain for soa suite 11.1.1.4 on top of weblogic 10.3.4?
  I try to create a domain having a cluster with two managed servers in two linux machines.
  Any help appreciated.
  regards, Matti

  Please refer -
  http://download.oracle.com/docs/cd/E17904_01/web.1111/e13715/domains.htm
  http://download.oracle.com/docs/cd/E17904_01/web.1111/e13715/intro.htm#WLSTG112
  Regards,
  Anuj

• SELFSSL.exe - can you create a Domain Controller certificate?

  As the title asks really.  Rather than setting up CA's, can you use selfssl.exe to create domain controller certificates?

  if you are not using certificates, then why not just delete certificates that cause warnings? Old trusted CA can be propagated from active directory. See this article:
  http://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx
  you need to perform only step 6 and 7.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Adding a Server 2008 R2 Domain Controller at a remote site

  Hello. I have been trying to set up a hot site at a remote location.  The story is long and involved but a few weeks ago it seemed to be finally working.  Our setup is two mirrored 2008 R2 servers at main site, mirrored with Double Take. 
  The hot site is the same except that so far I only had one server working.  The two sites connected via site to site VPN.
  About a week later our primary server basically crashed.  At first it worked but very slowly.  I was on vacation at the time and so I am not sure of the sequence of events, or exactly what errors were presented, but my associate first tried rebooting. 
  It took over 20 minutes to boot and then it said something to the effect that no domain controllers were available (not sure about this message).  He then discovered that the server at the remote site had some fsmo roles assigned to it.  He transferred
  the roles to the primary at the main site and then demoted the remote server to a workstation (but still a domain member).
  After that, rebooting the primary was much faster and everything at the primary site is working again. Now I want to set the remote site up again, but avoid the problem.  The way I originally set up the remote server was to use an IFM file, generated
  from our primary.  This should have made the remote server a catalog server, with DNS (which it did), but as far as I know should not have transferred any fsmo roles.
  The remote server(s) are wanted to be in the same domain as the primary.  They will also be mirrored from the primary (with Double Take).  If we had total failure at the main site, we wish to be able to immediately begin operations at the hot site
  (after a fail over).  I freely admit that I am swimming out of my depth here.  I am not sure that I have selected the correct architecture or used the correct options in setting up the remote servers.  I am looking for information about what
  went wrong, and whether some other setup is more desirable.
  Thanks for any help, Russ
  Russ

  Philippe, thank you for you answers.  I do not understand everything you said but I will address each point as best I can:
  1. "In the remote site do you simply do a dcpromo / add the ADDS's role to make the server a active Domain Controller ?"  Yes, but I use the method described at
  http://technet.microsoft.com/en-us/library/cc753720(v=ws.10).aspx, The GUI method.  At step #8 I specified to use advanced mode so I could use the IFM file.
  2. "In your AD' Site and Service MMC, do you configured the remote site ?"  R do not know what you mean by this. How does one configure the site as 'remote'?
  3. "Do you added that remote server as a Global catalogue ?".  Yes, when I built the IFM file I specified to add the global catalog.
  4. "Do you added the PC in site 1, the IP of those DNS server in them ? (last of course) So the computer in the main site will talk to the remote server in case of a crash."  I am not sure I understand this item.  After the remote server
  was added, all of the members of both domain servers automatically appeared in the DNS of all servers in the domain.  I do not recall if the new items were last, but I expect that they would be.
  I have since reviewed the happenings with my associate and have a little more information.  The order of the problems and the actions taken are:
  1. Our primary (production) system was still working but extremely slow, and he observed that the slowness was caused by a lot of traffic with the remote site.  Rebooting the production server took over 25 minutes and the server to came up saying
  that domain information was not available.  After another 30 minutes or so he discovered that the domain data was now available and the server worked, but still slow.
  2. He did not check to verify that roles were held by the remote server, but he transferred all roles from the remote to the production server using ntdsutil.  I would expect that if the role was not held by the remote, the transfer command would have
  shown that fact.
  3. He then tried to demote the remote server but had an error that it could not be demoted because "the active directory service is missing mandatory configuration information".
  4. He forcefully demoted the remote server.
  5. After rebooting the production server again performance was slightly better but still slow (and the rebood was still very slow).
  6. After some research he removed the remote domain controller's meta data from the production server and then rebooted the production server again.
  At that point reboot was fast (under 5 minutes) and the production system was working at normal speed again.
  All of the above leads me to believe that somehow the FSMO roles got added to, or moved to the remote site when I used the IFM file to create the new domain controller.  However nothing I have read says that this should happen.  I hope someone
  here can give me a better answer as to what caused the problem, as I do not wish to interrupt our production system like this again.
  Thank you, Russ
  PS: Sorry for the delay in getting back to this but some other priorities took me away from it for a week.
  Russ

• Installing Additional Domain Controller in different Network

  Hi All,
  We are planning to add ADC on existing domain but before start I want to confirm that can I install ADC on different network range as follows:
  Windows Server 2008 Enterprise SP2 Platform
  HODOMAIN.com  IP is: 192.168.2.11
  Branch network New ADC IP is: 192.168.1.11
  we can ping both servers, so can I start the installation of ADC or do I need to prepare ADC on same DC network at Head Office and after installation, we can move the server to branch office and change the IP?
  Thanks
  Agha

  No problem when doing that. Just you need to make sure that any system that will be pointing to this DC by IP for LDAP or DNS query is updated to have the new IP instead of the new one. As this is a new server, you can proceed directly.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Using specific wan port for a particular domain/IP

  I have RV042 router which is connected to the internet by both the wan ports and I want to use it as a load balancer so that both of my internet connections can be utilized evenly. But now I have an issue in this scenario as my remote application gets logout whenever the communicating IP address changes.
  Now here is my question.
  Is there any way out so that I can specify the wan port used for a particular public IP address/domain name?

  Hi Kinshuk, thank you for using our forum, my name is Luis I am part of the Small business Support community. I read your post and I have an article from our knowledge base and called Guide me, you could use to configure a protocol binding in order to specify the WAN port that you want redirect and select the specific traffic.
  http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=622
  If you scroll down you will see a section called "Manage Protocol Binding" here you will see instructions to configure that.
  If you have any question please let me know.
  I hope you find this answer useful
  Greetings,
  Luis Arias.
  Cisco Network Support Engineer.

• DFSR Replication Event ID 1202 The DFS Replication service failed to contact domain controller Additional Information: Error: 160 (One or more arguments are not correct.)

  Hi,
  hummmm...
  The client had 1 Server with AD and All Apps, IIS, Terminal Servers (30 device Cal), File Server, SQL2008R2 on it
  Task: Install new AD server promote it to DC,  bring in 2nd server, Replicate the File Server (DFSR) on these 2 servers, and demote it to standard server. 
  1) Old AD with name "Server" with OS-2008R2 SP1 and is a DC.
  2) Brought in a new server "PrimaryAD", Installed 2008R2, done DC Promo, and added it as Additional Domain controller
  3) Transferred roles from old server "Server" to "PrimaryAD"
  4) Brought in a new File Server replicating server "Backup-Server"
  5) Copied all the data from Server to Backup-server as DFS initial file sync with robocopy
  6) here the problem started, after the copy finished, next morning the "Server" server crashed.....
  7) thank god the data was backed up on Backup-server. but we didnt get the time to Demote the server "Server" and remove AD from it.
  8) Since AD was replicated so "PrimaryAD" was are DC, brought 2nd Server "SecondaryDC" as additional domain controller.
  9) we cleaned up the metadata and used ASIEDIT to clean the remaining stuff.
  10) the "Server" server was formatted and renamed as "Primary-Server" and OS2008R2 SP1 was installed with rest of required apps
  11) so now the PrimaryAD the DC, SecondaryAD the Additional Domain controller, Primary-Server the mail server and File server, the Backup-server, the replicated server.
  Now configured DFS Replication from Primary-Server to Backup-server and receive following Event ID 1202
  If i Configure DFS Replication as follows
  PrimaryAD <<>> SecondaryAD -= Works... no errors...
  PrimaryAD <<>> Backup-Server = Creates but Dosent works Event ID 5012, error The DFS Replication service failed to communicate with partner BACKUP-SERVER, Additional Information: Error: 9026 (The connection is invalid)
  PrimaryAD <<>> Primary-Server = Dosent creates replication job just hangs,
  on primaryad continious Eveni ID 10009, DCOM was unable to communicate with the computer "SERVER" using any of the configured protocols
  ......something on PrimaryAD is still trying to connect to old corrupt AD server "Server"
  No errors with AD replication, SYSVOL & Netlogon shares also working fine and accessible.
  DFS Diagnose report says
  DNS name: backup-server.mydomain.com
  Domain name: mydomain.COM
  Reference domain controller: --           (HERE there is NO DOMAIN CONTROLLER mentioned) 
  IP address: 192.168.1.248,192.168.1.251,::1
  Site: Default-First-Site-Name
  Forgot to mention, gave full rights with ADSIEDIT to DFSR-LocalSettings  for all server to Administrator and read permissions to "Authenticated Users"
  DFSRDIAG POLLAD throws following error
  c:\Dfsrdiag pollad /verbose
  [INFO] Computer Name: BACKUP-SERVER
  [INFO] Computer DNS: Backup-Server.mydomain.COM
  [INFO] Domain Name: mydomain
  [INFO] Domain DNS: mydomain.COM
  [INFO] Site Name: Default-First-Site-Name
  [INFO] Connected to WMI services on computer: Backup-Server.mydomain.COM
  [INFO] Invoke PollDsNow() method on Backup-Server.mydomain.COM
  [ERROR] PollDsNow method executed unsuccessfully. ReturnValue: 12 (0xc)
  [ERROR] Failed to execute PollAD command Err: -2147217407 (0x80041001)
  Can anyone point me to any direction which can lead to resolution of this ERROR and make DFS_R work..
  Thanks
  bikram

  Hi,
  It seems that DCPROMO did its work without complaints, still the DFSR references remained in AD. You could refer to the article below to clean up the DFS Replication object.
  How to remove data in Active Directory after an unsuccessful domain controller demotion
  http://support.microsoft.com/kb/216498
  In additional, please refer to the following thread to troubleshoot the issue:
  DFS is not working anymore.
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/953be9ef-e9e3-4885-a5c4-47fc475ba562/dfs-is-not-working-anymore?forum=winserverfiles
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.