How To Add a Secondary Domain Controller And DNS For The DR (disaster recovery) Site

How To Add a Secondary Domain Controller And DNS For The DR (disaster recovery) Site

Summary

This KB article provides information on how to setup a second Domain Controller which is necessary for a Disaster Recovery deployment of Neverfail Continuity Engine. The DR deployment is considered to be one where the Neverfail Primary and Secondary (or Tertiary if present) are sitting in different locations and different subnets. 

More Information

A second Domain Controller at the DR site is necessary for covering scenarios where the primary site gets totally incapacitated (like in the case of a fire, flood, earthquake, etc.). Even though Neverfail Engine can failover to the machine(s) at the DR site, you also need a fully working DC and DNS if your primary DC/DNS is down.

Procedure

To created a second Domain Controller at the DR site please follow the procedure below.

Notes
- The names and IPs in this article are simply explanatory. You should use your own names and IPs.
- Primary refers to the existing Domain Controller (called here DCSUP.supportdomain.local) while Secondary refers to the Second Windows Server which will be configured as a Domain Controller for the DR site (called here DCSUPC.supportdomain.local). 
 
Here are the main steps in setting the secondary DC/DNS:
  1. Get the Primary IP Address of the Active Directory Domain Controller
  2. Change the Secondary Computer Name of the Windows Server
  3. Update the Secondary DNS Server Address
  4. Install Active Directory Feature on the Secondary
  5. Promote the Secondary Server to a Domain Controller
  6. Update the Primary DNS Server Address with the Secondary IP address
1. Get the Primary IP Address of the Active Directory Domain Controller
On the Primary issue an ipconfig /all command and note the IPv4 IP address:


2. Change the Secondary Computer Name of the Windows Server
To change the Computer Name of your Secondary Windows Server navigate to System and use the Change Settings option:



3. Update the Secondary DNS Server Address
Now with the Computer Name of our Secondary updated, we need to point the DNS Server Address to our Primary AD. Access the Network Connections and change the settings accordingly (your settings will be different than mine): 

Once done you can close all windows and proceed with the next step. 

4. Install Active Directory Feature on the Secondary
This step is basically installing the Active Directory on our Secondary and it's much the same process used for setting up the Primary AD 
From Server Manager -> Click on Add roles and features -> 


On the Add Roles and Features Wizard window click on Next -> Make sure that Role-based or feature-based installation is selected. Then click Next. -> Verify that Select a server from the server pool is selected, and your Secondary Windows Server is selected from the Server Pool list. Click Next. -> 


Check Active Directory Domain Services from the list. A window will pop up. -> Click on Add Features. -> Now that Active Directory Domain Services is checked click Next. -> On Select Features just click Next. -> This page will explain what Active Directory is. Just click Next. ->


 Click Install.-> Installation will begin. It should take around 5 minutes. -> 


Once the installation is done the status bar will say Configuration required. Installation succeeded on DCSUPC. Do NOT press Close.


5. Promote the Secondary Server to a Domain Controller
Click on Promote this server to a domain controller

The Deployment Configuration window will pop-up

Ensure that Add a domain controller to an existing domain is selected. Then type the Domain that you chose in your Primary AD Windows Server. In my case the Domain I chose is ad.radishlogic.com. Yours would be different. Click Select…

Make sure that the following are checked Domain Name System (DNS) server and Global Catalog (GC)

Create a Directory Services Restore Mode (DSRM) password. I usually have the same DSRM password as the same one with the Primary AD Windows Server. Click Next.



Click Next all the way to the end and once prerequisite checks are successful, click Install.

Once the installation is finished you will be prompted to restart the server.
After the reboot, you can follow the testing step below but first, you have to update the DNS Server Address of our Primary AD.

6. Update the Primary DNS Server Address with the Secondary IP address
Login back to the Secondary AD, and issue an ipconfig /all command, in my case: 


Login to the Primary AD  and open the Internet Protocol Version 4 (TCP/IP) Properties window.
Alternate DNS server: 192.168.10.102 (IPv4 Address of my Secondary AD)


Testing - Login to the Secondary using the Active Directory Administrator
1. Check the System Information to see that the computer is now a member of the Active Directory Domain.


2. Check Active Directory Users and Computers
Double-click on the domain (supportdomain.local) on the sidebar to expand and click on Domain ControllersYou should now have 2 Domain Controllers. The Primary and Secondary Windows Servers.


3. Check DNS, in the DNS Manager window, double-click on the Computer Name (DCSUPC). Then double-click on Forward Lookup Zones, then click on your domain (supportdomain.local). You should see the records that your Primary and Secondary AD Windows Server are listed as Name Servers (NS) so this confirms they are being the DNS Servers on your network.


With this last step, we confirm successfully setting up and testing the secondary Domain Controller.

Applies to

Neverfail Engine