I want to thank you very much for this video. I have been in IT for more years than I care to mention and have never had to do this because I have always found someone else to do it for me. I recently started supporting a small firm with only one Domain Controller in their entire organization that is on its very last legs. It is only by the grace of God that it will reboot and come back up. I had to scramble to get another machine in there, configure it, and promote to DC. It went exactly as you showed in this video to the T. You are my new hero, sir. I sincerely appreciate this video and the effort it took to create.
I must thank you for this video, have never tried it before, but with your video everything was so easy after I upgraded the domain controller and forest functional level to 2008.
good vid in school right now, better explained than my professor.. But only 4 people, my final I have to import 500 employes from a excel sheet via PS..
One question that was not addresses was the DNS IP addressing of the newly added DC with DNS. I know its considered best practices to give the DC's Preferred DNS server address as itself (127.0.0.1) I'm guessing now on the newly added DC with DNS the Preferred DNS server address is also (127.0.0.1) but we add the "other" DC with DNS as the Alternate DNS Server. Thanks for these set of videos. The length is perfect for a quick refresher. I look forward to more in the future.
Hi, good question! That is the approach I prefer to take. Each DC pointing to itself, and the alternative DNS server (another DC as a failover). Glad you enjoyed the video and many thanks for your kind comments 👍
This is a very good video for me and I really thank you guys, I want to ask you that, actually server1 was running windows server 2012R (which is an old machine) and server2 has just run windows server 2022 (which is a new machine), so would I like : - server2 is Primary controller ? - server1 is Secondary Controller ? Thank you again
This is a very good video for me and I really thank you, I want to ask you that, actually server1 was running windows server 2012R was old machine and server2 was running windows server 2022 was new machine, so would I like to: - server2 is Primarycontroller ? - server1 is Secondary controller ? Thank you again
Thanks for the video! This was really helpful. Question about the DNS settings. Your Server1 was had it's DNS server pointing to itself. Before promoting to DC, Server2 was set to Server1's address. After Server 2 was made DC with DNS role, should it then alos point to itself for DNS?
Hi, this is a question that is often subject to discussion. The approach I tend to prefer is to point a DC (with DNS role installed) to itself and other DNS server as a secondary.
thanks to you in case we have an issue or the central server is down, are server2 work automatically ? and no one from use will affect and the date will be saved in server 2 ?
whats the difference between "add a dc to an existing domain" vs "add a new domain to an existing forest"? is the first a complete replication of the DC while the 2nd is what exactly?
Hi, adding a DC to an existing domain provides redundancy. Adding a new domain to an existing forest creates a new child domain, delegating administration and/or following the structure of the organisation.
Hi, for a server a static IP address is a preferred option. A DHCP assigned the IP address could change if a misconfiguration occurs. The server/s would also be impacted should the DHCP service be unavailable/fail to start etc.
Can I have 1 domain controller with a forest functional level of 2019, and then have a separate domain controller with a forest function level of 2008 for only two machines?
Excellent Video 👍 We have a global AD still with domain/forest functional levels on Windows Server 2012 R2, due to legacy application requirements. Would you expect issues for the entire forest by promoting a Windows Server 2019 to become an additional (new) Domain Controller in sub domains? Thx in advance from Munich 😉
Hi, DCs don't have to be the same Windows version. But it's important to check the correct forest and domain functional levels are set to the correct level to support all DCs in the forest and domain/s.
This is a very good video. Can I add a domain controller on two windows server 2012 domain controllers to add a controller on windows server 2019? What could be the problems?
Thanks for this Video, I am going to do the same process in our environment (adding an additional DC to our existing Domain ) we currently have 3 other DC server and I am adding 4th DC server. I wonder if I need to turn off windows firewall on all of the DC servers (just in case) when I want to promoting the new server to domain controller?
After I did this I am no longer able to login to the second domain controller using its local admin accounts, I've checked allow log on locally in the local group policy editor and administrators are in the list but the option to add or remove is greyed out.
Hi, after a Windows server is promoted to a DC, it is no longer possible to logon with the local admin account, it only has the domain one. It will be necessary to login with the domain admin account.
Hi, check out my videos Windows 2019 install and initial config. You will then be able to follow on with adding an additional the domain controller to a domain.
Hi, DNS resilence is an important factor to build into an AD infrastructure design. One method to consider, is for each DC to point to itself for DNS and another DC as a secondary.
DCs replicate changes with each other and are resilient when a DC goes off line. Clustering DCs isn't supported (at least up to Server 2012). AD does the the job already if that makes sense.
@ittaster I have a question: After promoting server2 to the Domain controller, I wonder if DNS on server 2 is the same DNS and already installed on server1? and all parts of DNS are synced and replicated between both server1 and server2 (like the active directory)?
So in this scenario, where you have one primary domain controller and add a secondary dc, what are the primary and secondary DNS IP's set to on both of these machines? What about DNS IP's for clients, does it matter which server is used as the primary dns and which one is used as secondary?
Hi, this is an interesting question you ask. For the client workstations, if both DCs are DNS servers you could consider issuing the first DC as the primary DNS server and second DC as the secondary DNS server. But for the DCs themselves there is some debate on this. One method to consider, is to set each DC (with DNS role) to point to itself as primary DNS and the other DNS server as secondary.
@@ittaster Let's say both DC (DNS) servers are on the same network but in two different locations (two buildings joined by a site to site fiber connection). Would it make sense to set clients primary DNS to be the server that's in their building regardless if its the secondary DC?
I agree, DNS is providing resolution to clients and I would suggest that using the local on site DNS server is more efficient, especially in instances where a site to site connection is slower or fails.
Hi, apologies for any confusion. This video follows Installing & Configuring Active Directory Domain Services. In the lab I have an existing Windows Server DC (VM). I am working with a second Windows Server (VM) installing ADDS again to create a second DC but, this time joining the domain to create AD redundancy.
Facing the error "verification of replica failed. the forest functional level is not supported" after deployment Configuration, appreciated if you could help me for this situation.
i have change main DC -Raising domain functional level (2003 to 2008R2), but facing another error Verification of replica failed. The specified domain xxx is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is deprecated. The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain. you MUST migrate the specified domain to use DFS Replication using DFSRMIG command before continuing.
New/additional DCs can be added. DCs can also be removed from a domain (for example following a migration), however it is extremely important to carefully follow the correct procedure and best practices.
@@ittaster can I do it if I have ntfrs service stopped? We have only 1 AD in our small company and out of nowhere that service is not working anymore, I read that is related to file replication
Hi, thanks for this awesome video! I just have a question. After setting-up the second server as a DC, will this server automatically serve all AD and DNS requests if the first server fails?
Thank you What if I want to migrate dhcp and reservations, is there an easy way to do this and then demote the old dc. Do I need to do anything else before shutting down the old Dc.
How are you Jon? Hope everything is fine with you, I wanted to ask you in this video that: is Directory Services Mode Password different in server one? Forgive me for this question but it seems to me that every DC in a Domain must have a unique password. Please replay when you get a minute and thank you for your time. Take care
Hi John, I'm good thanks. I hope all is good with you too? You raise a very important point. The directory services restore mode password is different to the regular administrator one. The dsrm password is specific to each DC, and is needed to reboot into dsrm to troubleshoot or restore. Hope this helps. Jon
@@ittaster How are you Jon? Thank you. I don't have so much experience in AD DS but since following you I'm becoming more confident as matter as fact I've been exercising myself adding user and groups. In the other hand I find extremely helpful when you explain AD DS on Windows Server 2008 because even if AD DS have been around before 2008 is a good start. I also like to say that is very important focusing on DNS, DHCP and other important protocols when we talk about replication, besides, I see that you are a good teacher either engineer and next year I'm planning to go to Europe. If you have a school in England I might stopping by and say hello and following some of your teachings. Thank you for your replay. Take care friend. John
Hi, the domain controller must be removed from Active Directory (demoted). Only practice this in your own testing/learning lab. There are Microsoft articles that explain the full process to remove a DC from a domain and the considerations and best practice that should be taken into account. Never carry out the process in a production environment without proper know how and experience, because it can cause serious issues including total loss of Active Directory!
If the main DC fails, will the second DC take over and authenticate users, OR, do you have to transfer the FSMO roles to the second DC to function correctly? Thanks
Hi, the second DC will continue to authenticate users in the usual way. It will replicate any changes when the down DC is back on line. It is only necessary to transfer FSMO roles (seize them) should the FSMO role holder fail and be unrecoverable.
I guess i had two questions...I noticed today that the SYSVOL and NETLOGON folders were created on the second DC however they are not "Shared" . I'm guessing that is not part of the Installer and needs to be done manually? I have a replication warning from DC1 stating it can't copy to the DC2 SYSVOL\domain folder ...I guess not if there is no share I rewatch the video and other than the paths section I did not see any pension of it after the install.
Hi, there should no need to share these folders, this is taken care of automatically when a DC is created/added to a domain. My initial thoughts would be to suggest checking if manual replication is possible with Active Directory Sites & Services. Another suggestion would be to check DNS is resolving both servers (each other) correctly.
@@ittaster So in the primary DC I have a log error The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners If I go to the secondaryDC there are no shared for the two sysvol folders. I do remember it asking about it during the install as the default directories nad I left as the default. Very strange!
I think this was at one time syncing with the old domain controller from Win SBS 2008. now replication is disabled due to this stale data message. The add replication group wizard looks like a daunting task ______________ The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 793 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.
Additional Information: Error: 9061 (The replicated folder has been offline for too long.)
If a DC has been offline for a considerable time (60-180) days it's likely to be 'toombstoned'. This will show up in the event logs, dates/times will point to how long there has been an issue. Also worth checking which DC holds the FSMO roles, in the case of an SBS domain, it would normally be the SBS server. However SBS doesn't function quite the same as full blown Windows Server.
very helpfull, but i have a question. What if you have 3 domain controlers but they have to work independant but on the same domain-name (they are in differrent locations) is this possible? thank you
Hi yes, you can have a single domain spread over different geographical locations, provided there is a WAN in place for the domain controllers to replicate. Or you can have multiple domains to distribute the administration and management of a large organisation.
@@ittaster does that mean the two DC spread across geographical location is an SAS joint to the same domain? Its the same steps you would take in this video to set that infrastructure up?
@@nicoleanne967 Hi, two or more DCs in the same domain replicate to maintain the Active Directory Database keeping it up to date with changes. DCs don't have to be in the same geographical location. We also have the option to customise the connection topology as to which DCs replicate with each other, and also how often. This can be useful where there are site to site links and speed may be an issue. An option that is also useful for remote sites is a read only DC (RODC). A RODC replicates with other DCs and performs IAM in the same way, but it's read only (eg. does not allow new users to be created etc). Hope this is of help?
This is a very good video for me and I really thank you, I want to ask you that, actually server1 was running windows server 2012R was old machine and server2 was running windows server 2022 was new machine, so would I like to: - server2 is Primary controller ? - server1 is Secondary controller ? Thank you again
I want to thank you very much for this video. I have been in IT for more years than I care to mention and have never had to do this because I have always found someone else to do it for me. I recently started supporting a small firm with only one Domain Controller in their entire organization that is on its very last legs. It is only by the grace of God that it will reboot and come back up. I had to scramble to get another machine in there, configure it, and promote to DC. It went exactly as you showed in this video to the T. You are my new hero, sir. I sincerely appreciate this video and the effort it took to create.
Thanks! I'm glad the video helped. I too have been in those kind of situations!👍
I must thank you for this video, have never tried it before, but with your video everything was so easy after I upgraded the domain controller and forest functional level to 2008.
Please share with the IT learner community!
Twitter: twitter.com/it_taster
Instagram: instagram.com/it_taster
Facebook: facebook.com/Ittaster
Very Informative video, well structured, and easy to follow
Thank you👍
good vid in school right now, better explained than my professor.. But only 4 people, my final I have to import 500 employes from a excel sheet via PS..
Thank you for a clear tutorial Jon!
Thanks for this. I was able to make one of the VMs running SQL a domain controller in my local lab. I now have two DC's.
Great video, very clear and informative.
Amazing video, very clear explanations. I'm implementing this on my home lab.
Hi. thanks for your comments and great feedback!! I'm glad you found the video helpful.👍👍
Very clear precise presentation
Thank you, your videos are really super helpful.
Many thanks!
One question that was not addresses was the DNS IP addressing of the newly added DC with DNS. I know its considered best practices to give the DC's Preferred DNS server address as itself (127.0.0.1)
I'm guessing now on the newly added DC with DNS the Preferred DNS server address is also (127.0.0.1) but we add the "other" DC with DNS as the Alternate DNS Server.
Thanks for these set of videos. The length is perfect for a quick refresher. I look forward to more in the future.
Hi, good question! That is the approach I prefer to take. Each DC pointing to itself, and the alternative DNS server (another DC as a failover). Glad you enjoyed the video and many thanks for your kind comments 👍
Thanks 4r an amazing video..it solved my problem..This helped me a lot...have a good day
Thanks👍
As ever Jon very insightful, always wanted to know how this is done, currently learning Windows server 2019
Thanks Robert! I'm glad you enjoyed the video. Good to hear you are building up your Windows server 2019 skills too!👍
Jon
Thank you sir... very helpful, clear and easy to understand...thanks again
Thank you.
Clear explanation of all the steps and very important
Many thanks!
Thank you sir for the such as great Video.
Great content/ demonstration, thanks.
Great content! Think you for that! Greetings from Brazil!
Many thanks! Great feedback! I'm glad you enjoyed the video👍
Thanks for that
Thank you. I had to disable IPv6 for the nslookup to work - not sure why - but otherwise, the following process steps as you described worked for me.
Did you found out why?
@@nicoleanne967 No, I am afraid.
Thanks so much. Worked like a charm. Great Video!
Hi sir it would be more valuable if you continue on not just adding domain…but also migrations, FSMO role, promoting new DC etc
hello sir, very useful video for adding a second domain
Great video tutorial, thank you very much!
Great feedback! Thanks 👍
Thank you!
Very good tutorial!
EXCELLENT, thank you so much!!!!
phenomenal video super easy to understand thanks a bunch
Glad you liked it!
Thanks! You Really Saved My Day
This is a very good video for me and I really thank you guys,
I want to ask you that,
actually server1 was running windows server 2012R (which is an old machine) and server2 has just run windows server 2022 (which is a new machine), so would I like :
- server2 is Primary controller ?
- server1 is Secondary Controller ?
Thank you again
You just need to transfer the FSMO roles from server 2 to server 1. Then server one will become your Primary DC
thank you for the video
This is a very good video for me and I really thank you,
I want to ask you that,
actually server1 was running windows server 2012R was old machine and server2 was running windows server 2022 was new machine, so would I like to:
- server2 is Primarycontroller ?
- server1 is Secondary controller ?
Thank you again
incredible video thank you
Thank you for the video
Thanks 👍
log into second server? that means you have download another server window in virtual machine?
Really helpful! I like it!!!
Thanks👍
Thanks for the video! This was really helpful. Question about the DNS settings. Your Server1 was had it's DNS server pointing to itself. Before promoting to DC, Server2 was set to Server1's address. After Server 2 was made DC with DNS role, should it then alos point to itself for DNS?
Hi, this is a question that is often subject to discussion. The approach I tend to prefer is to point a DC (with DNS role installed) to itself and other DNS server as a secondary.
thanks to you
in case we have an issue or the central server is down, are server2 work automatically ? and no one from use will affect and the date will be saved in server 2 ?
You don't cover the permissions / group memberships required for the administrator account to promote to domain controller?
Thanks for the suggestion👍
Should i have two windows server? Or just one server with two user acounts to add a secondary domain
sir, Good afternoon, I am Jinesh From india, i try to learning AD your videos all support me. and learn more but i am not understand what i do?
whats the difference between "add a dc to an existing domain" vs "add a new domain to an existing forest"? is the first a complete replication of the DC while the 2nd is what exactly?
Hi, adding a DC to an existing domain provides redundancy. Adding a new domain to an existing forest creates a new child domain, delegating administration and/or following the structure of the organisation.
Great series, but I want to know why the static address is being used. Isn't DHCP reservation better?
Hi, for a server a static IP address is a preferred option. A DHCP assigned the IP address could change if a misconfiguration occurs. The server/s would also be impacted should the DHCP service be unavailable/fail to start etc.
Can I have 1 domain controller with a forest functional level of 2019, and then have a separate domain controller with a forest function level of 2008 for only two machines?
Excellent Video 👍
We have a global AD still with domain/forest functional levels on Windows Server 2012 R2, due to legacy application requirements.
Would you expect issues for the entire forest by promoting a Windows Server 2019 to become an additional (new) Domain Controller in sub domains?
Thx in advance from Munich 😉
Is it possible to have the secondary DC on a different Windows Server version of the primary one? Thank you for the wonderful videos
Hi, yes provided the forest and domain functional levels support the older domain controller.
@@ittaster Тhank you!
I am pretty sure I know the answer but do both DC need to be running the same version of Windows server?
Hi, DCs don't have to be the same Windows version. But it's important to check the correct forest and domain functional levels are set to the correct level to support all DCs in the forest and domain/s.
This is a very good video. Can I add a domain controller on two windows server 2012 domain controllers to add a controller on windows server 2019? What could be the problems?
Thanks for this Video, I am going to do the same process in our environment (adding an additional DC to our existing Domain ) we currently have 3 other DC server and I am adding 4th DC server. I wonder if I need to turn off windows firewall on all of the DC servers (just in case) when I want to promoting the new server to domain controller?
do u have any video for remoteapp Configuration Windows Ser4ver 2019
After I did this I am no longer able to login to the second domain controller using its local admin accounts, I've checked allow log on locally in the local group policy editor and administrators are in the list but the option to add or remove is greyed out.
Hi, after a Windows server is promoted to a DC, it is no longer possible to logon with the local admin account, it only has the domain one. It will be necessary to login with the domain admin account.
Hi. How did you create server 2 ? You did not show the part where you created Server 2. (Additional DC)
Hi, check out my videos Windows 2019 install and initial config. You will then be able to follow on with adding an additional the domain controller to a domain.
If server 1 goes down, server 2 has the dns address of server 1, I guess it won’t work. Why not just create a cluster with the two domain controllers?
Hi, DNS resilence is an important factor to build into an AD infrastructure design. One method to consider, is for each DC to point to itself for DNS and another DC as a secondary.
@@ittaster got it, makes sense. How about the cluster idea?
DCs replicate changes with each other and are resilient when a DC goes off line. Clustering DCs isn't supported (at least up to Server 2012). AD does the the job already if that makes sense.
i see, makes sense. Thanks for the explanation@@ittaster
@ittaster I have a question: After promoting server2 to the Domain controller, I wonder if DNS on server 2 is the same DNS and already installed on server1? and all parts of DNS are synced and replicated between both server1 and server2 (like the active directory)?
Hi, yes MS DNS is Active Directory integrated.
So in this scenario, where you have one primary domain controller and add a secondary dc, what are the primary and secondary DNS IP's set to on both of these machines? What about DNS IP's for clients, does it matter which server is used as the primary dns and which one is used as secondary?
Hi, this is an interesting question you ask. For the client workstations, if both DCs are DNS servers you could consider issuing the first DC as the primary DNS server and second DC as the secondary DNS server. But for the DCs themselves there is some debate on this. One method to consider, is to set each DC (with DNS role) to point to itself as primary DNS and the other DNS server as secondary.
@@ittaster Let's say both DC (DNS) servers are on the same network but in two different locations (two buildings joined by a site to site fiber connection). Would it make sense to set clients primary DNS to be the server that's in their building regardless if its the secondary DC?
I agree, DNS is providing resolution to clients and I would suggest that using the local on site DNS server is more efficient, especially in instances where a site to site connection is slower or fails.
where did you get server 2? Can you show how? Do I have to install another server window?
Hi, apologies for any confusion. This video follows Installing & Configuring Active Directory Domain Services. In the lab I have an existing Windows Server DC (VM). I am working with a second Windows Server (VM) installing ADDS again to create a second DC but, this time joining the domain to create AD redundancy.
Facing the error "verification of replica failed. the forest functional level is not supported" after deployment Configuration, appreciated if you could help me for this situation.
i have change main DC -Raising domain functional level (2003 to 2008R2), but facing another error Verification of replica failed. The specified domain xxx is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is deprecated. The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain. you MUST migrate the specified domain to use DFS Replication using DFSRMIG command before continuing.
🙏
can we add ADC on existing azure cloud based domain controller ?
Hi, on premises DCs can be integrated with Azure AD, take a look at AD sync for more info.
can you add the second one and delete the first server? and also add one again after
New/additional DCs can be added. DCs can also be removed from a domain (for example following a migration), however it is extremely important to carefully follow the correct procedure and best practices.
@@ittaster can I do it if I have ntfrs service stopped? We have only 1 AD in our small company and out of nowhere that service is not working anymore, I read that is related to file replication
Hi, thanks for this awesome video! I just have a question. After setting-up the second server as a DC, will this server automatically serve all AD and DNS requests if the first server fails?
Hi, that's correct, but in the case of DNS the IP of the second DNS server will need to be assigned to clients also.
@@ittaster Wonderful! Pls keep making these great videos.
Thank you
What if I want to migrate dhcp and reservations, is there an easy way to do this and then demote the old dc. Do I need to do anything else before shutting down the old Dc.
Hi, you may want to consider looking into FSMO roles also, these must be taken into account if a server being removed hosts them.
@@ittaster thank you
How are you Jon? Hope everything is fine with you, I wanted to ask you in this video that: is Directory Services Mode Password different in server one? Forgive me for this question but it seems to me that every DC in a Domain must have a unique password. Please replay when you get a minute and thank you for your time. Take care
Hi John, I'm good thanks. I hope all is good with you too? You raise a very important point. The directory services restore mode password is different to the regular administrator one. The dsrm password is specific to each DC, and is needed to reboot into dsrm to troubleshoot or restore.
Hope this helps.
Jon
@@ittaster How are you Jon? Thank you. I don't have so much experience in AD DS but since following you I'm becoming more confident as matter as fact I've been exercising myself adding user and groups. In the other hand I find extremely helpful when you explain AD DS on Windows Server 2008 because even if AD DS have been around before 2008 is a good start. I also like to say that is very important focusing on DNS, DHCP and other important protocols when we talk about replication, besides, I see that you are a good teacher either engineer and next year I'm planning to go to Europe. If you have a school in England I might stopping by and say hello and following some of your teachings. Thank you for your replay. Take care friend. John
Hi! One question! If now i want to play from the server 2 and delete forever server 1 what is the process?
Hi, it is necessary to transfer FSMO roles held on the first DC and also take into account any other services, the DC is hosting.
@@ittaster i tranfered the 5 FSMO roles. Now i just shut down the server 1?
Hi, the domain controller must be removed from Active Directory (demoted). Only practice this in your own testing/learning lab. There are Microsoft articles that explain the full process to remove a DC from a domain and the considerations and best practice that should be taken into account. Never carry out the process in a production environment without proper know how and experience, because it can cause serious issues including total loss of Active Directory!
If the main DC fails, will the second DC take over and authenticate users, OR, do you have to transfer the FSMO roles to the second DC to function correctly?
Thanks
Hi, the second DC will continue to authenticate users in the usual way. It will replicate any changes when the down DC is back on line. It is only necessary to transfer FSMO roles (seize them) should the FSMO role holder fail and be unrecoverable.
I guess i had two questions...I noticed today that the SYSVOL and NETLOGON folders were created on the second DC however they are not "Shared" . I'm guessing that is not part of the Installer and needs to be done manually?
I have a replication warning from DC1 stating it can't copy to the DC2 SYSVOL\domain folder ...I guess not if there is no share
I rewatch the video and other than the paths section I did not see any pension of it after the install.
Hi, there should no need to share these folders, this is taken care of automatically when a DC is created/added to a domain. My initial thoughts would be to suggest checking if manual replication is possible with Active Directory Sites & Services. Another suggestion would be to check DNS is resolving both servers (each other) correctly.
@@ittaster
So in the primary DC I have a log error
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners
If I go to the secondaryDC there are no shared for the two sysvol folders. I do remember it asking about it during the install as the default directories nad I left as the default.
Very strange!
I think this was at one time syncing with the old domain controller from Win SBS 2008. now replication is disabled due to this stale data message. The add replication group wizard looks like a daunting task
______________
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 793 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.
Additional Information:
Error: 9061 (The replicated folder has been offline for too long.)
If a DC has been offline for a considerable time (60-180) days it's likely to be 'toombstoned'. This will show up in the event logs, dates/times will point to how long there has been an issue. Also worth checking which DC holds the FSMO roles, in the case of an SBS domain, it would normally be the SBS server. However SBS doesn't function quite the same as full blown Windows Server.
add mail server, IIS
very helpfull, but i have a question. What if you have 3 domain controlers but they have to work independant but on the same domain-name (they are in differrent locations) is this possible? thank you
Hi yes, you can have a single domain spread over different geographical locations, provided there is a WAN in place for the domain controllers to replicate. Or you can have multiple domains to distribute the administration and management of a large organisation.
@@ittaster does that mean the two DC spread across geographical location is an SAS joint to the same domain? Its the same steps you would take in this video to set that infrastructure up?
@@nicoleanne967 Hi, two or more DCs in the same domain replicate to maintain the Active Directory Database keeping it up to date with changes. DCs don't have to be in the same geographical location. We also have the option to customise the connection topology as to which DCs replicate with each other, and also how often. This can be useful where there are site to site links and speed may be an issue. An option that is also useful for remote sites is a read only DC (RODC). A RODC replicates with other DCs and performs IAM in the same way, but it's read only (eg. does not allow new users to be created etc). Hope this is of help?
@@ittaster Hi Thank you for your reply! This helps a lot thank you 🙏
Does server need to be on at all times or no?
Hi, yes, in order to keep up to date with other DCs (DCs replicate by default every 180 mins) and be available in the event of an DC outage.
@@ittaster Okay
EXCELLENT, thank you so much!!!!
This is a very good video for me and I really thank you,
I want to ask you that,
actually server1 was running windows server 2012R was old machine and server2 was running windows server 2022 was new machine, so would I like to:
- server2 is Primary controller ?
- server1 is Secondary controller ?
Thank you again