locked
Adding a second domain controller RRS feed

  • Question

  • Hello, we currently have 2 office locations each with its own domain controller. A VPN connects the 2 sites. I would like to merge the two sites onto one subnet and user accounts from both sites added to one AD domain. Can I install a secondary domain controller at the primary site and then park the server at the secondary site? Is there more to it than that? Thank you
    Monday, May 11, 2020 4:29 PM

Answers

  • Hello,

    Just checking in to see if the provided information was helpful. If the replies as above are helpful, we would appreciate you to mark them as answers. 

    Please let us know if you would like further assistance. Thanks.

    Best Regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 18, 2020 2:01 AM

All replies

  • Sounds Ok, assuming both sites are currently the same domain.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, May 11, 2020 9:16 PM
  • Why do you want to merge the sites into one subnet?

    You can have an Active directory SITE without a domain controller in that site boundary provided the inter-site link and required AD ports and services are allowed to flow up and down the pipe...RPC + RPC upper range, LDAP, DNS, Kerberos, SMB.

    But how do you plan on creating Two SITES in AD using one subnet?


    • Edited by durrie Monday, May 11, 2020 9:26 PM
    Monday, May 11, 2020 9:24 PM
  • Hello,

    Thank you for posting in our TechNet forum.

    According to our description, we would like to install a secondary DC at the primary site and then park the server at the secondary site.

    Do we mean that we would like to move the secondary DC to the secondary site later? If we plan to move a DC to a different site, we could refer to:
    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc739015(v=ws.10)?redirectedfrom=MSDN

    For any question, please feel free to contact us.


    Best regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 12, 2020 5:21 AM
  • Thank you for everyone's reply. To clarify things, there a separate domain at each site each with its own domain controller. They both unfortunately, have the same domain name and because of this you cannot create a trust relationship as I understand it. The reason to create a secondary domain controller is to have the ability to have redundancy, manage security, users and groups from both sites and to share resources. Thank you
    Wednesday, May 13, 2020 12:29 AM
  • Then it sounds like you have to separate domain and propose to keep one or the other, adding a second domain controller then join the computers at one site to the other domain. 

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Wednesday, May 13, 2020 12:32 AM
  • Correct
    Wednesday, May 13, 2020 2:55 PM
  • Should be fine to do but you could also add to sites and subnets.

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, May 13, 2020 2:58 PM
  • Hi, what do mean I can add to sites? Can you provide more detail? Thanks
    Wednesday, May 13, 2020 3:03 PM
  • Just could make the topology cleaner.

    http://www.rebeladmin.com/2015/02/why-active-directory-sites-and-subnets/

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, May 13, 2020 3:05 PM
  • Hello, It occurred to me that if I make both sites on one domain how would I configure each router/firewall. I would want users from Site1 to tunnel through to Firewall1 and users at Site 2 to firewall2. DHCP server will send out one gateway address.
    Thursday, May 14, 2020 11:30 PM
  •  how would I configure each router/firewall. 

    https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, May 15, 2020 12:32 AM
  • Hello,

    Just checking in to see if the provided information was helpful. If the replies as above are helpful, we would appreciate you to mark them as answers. 

    Please let us know if you would like further assistance. Thanks.

    Best Regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 18, 2020 2:01 AM
  • Hello,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    Thank you so much for your time and support.

    Best regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 20, 2020 1:15 AM
  • Hello, I have added the second domain controller. I am currently dealing with my firewall provider to configure the firewall to allow users at the second site to tunnel out of the gateway at that location and not the primary location. Still working on that part. I will update this when I get an answer from my provider. Thank you for everyone's help.
    Monday, June 8, 2020 12:51 PM
  • Glad to hear progress.

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, June 8, 2020 12:53 PM
  • Yes, you can do that. But if both the domains are similar.

    You could add two sites on the same subnet and then install a domain controller at the primary site and park the server at the secondary site.

    Monday, June 8, 2020 1:03 PM
  • Hi, if I understand you correctly, I would still have 2 Active directories to manage instead of one.
    Monday, June 8, 2020 1:43 PM
  • Hello, this isn't working as I had hoped. The problem is one DHCP server providing IP addresses DNS and gateway. I have 2 gateway's and I would prefer each site to use the local gateway to tunnel through to the internet. I think I need to now demote the server and rebuild it as its own domain then create a trust relationship.

    The other main issue is we have moved to to cloud Exchange and this is synced with the primary site's Active directory. I was hoping to sync all users from both sites with Active Directory.

    Monday, June 15, 2020 4:04 PM