+ Reply to Thread
Results 1 to 24 of 24
  1. Junior Member
    Join Date
    May 2007
    Posts
    8
    #1

    Default Need help with Windows Server 2003

    Hi all, this is my 1st post here. I got a few questions to ask about Windows Server 2003 and Domain. I'm trying to setup a Domain network in my office for internal use, so my question is:

    1. How do I setup a second Server(identical hardware & software setting with the primary DC) to become my secondary(backup) domain controller? Is there any setting in the windows? This secondary DC server is for emergency, just in case my primary DC fail and it will be in the same network.
    2. Do I have to hook up the second DC on simultaneously? Can it be done?
    3. How would the primary sync and update the secondary DC? is there a setting?
    4. What is the minimum & maximum character limit in User ID & Password? Where can I set the limit?
    5. How do i broadcast to my client connected to my DC if I need to do maintenance on the DC or any member servers?
    6. For software deployment to my clients, is Windows Server 2003 equip with this setting? Any recommendation on a 3rd party software for software deployment?


    TQ very much.....
    Reply With Quote Quote  

  2. SS -->
  3. Sie
    Sie is offline
    Running on caffine
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    1,207

    Certifications
    ADITP (Advanced Diploma for IT Practitioners) & MCSA (70-270, 70-290, 70-291, 70-299) | Currently working towards C|EH
    #2
    Welcome

    Sorry to sound sharp but if your asking this many and varied questions I think you really need a book or guide to start with to run you through these processes.

    What material are you using to help you set this up or is it just making it up as you go along?

    (This is meant in no way offensive I just mean i think it will be easier and quicker for you to have reference material to take it step by step and understand what is being down than to just say press 'a' then 'b' then 'c' )
    Reply With Quote Quote  

  4. Ancient Relic.......
    Join Date
    May 2003
    Location
    Somewhere in Time....
    Posts
    3,442

    Certifications
    Security+, A+, Network+, MCDST, DCSE, CST, CNST
    #3
    I would partially agree with Sie..you may need to get a reference manual for Server2003. If you're not interested in geting certified, there are just admin manuals you can buy, for not that much. I can say the following about your questions, without going to much in detail...

    For a second server, just set it up. You should wait until the PDC is up, to make sure it's what you want, then just do the BDC. When you run dcpromo, you can indicate a lot there as to the machines position on the network and domain...replication between DCs is automatic, and yes you can change the settings....for password, I think the minimum is 8 by default, and 127 for a max, I may be wrong there....I'm certainly no expert on Server2003, but like Sie said, you should get a more permanent reference than this or another forum......
    Reply With Quote Quote  

  5. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #4

    Default Re: Need help with Windows Server 2003

    Quote Originally Posted by 69cents
    1. How do I setup a second Server(identical hardware & software setting with the primary DC) to become my secondary(backup) domain controller? Is there any setting in the windows? This secondary DC server is for emergency, just in case my primary DC fail and it will be in the same network.
    2. Do I have to hook up the second DC on simultaneously? Can it be done?
    3. How would the primary sync and update the secondary DC? is there a setting?
    4. What is the minimum & maximum character limit in User ID & Password? Where can I set the limit?
    5. How do i broadcast to my client connected to my DC if I need to do maintenance on the DC or any member servers?
    6. For software deployment to my clients, is Windows Server 2003 equip with this setting? Any recommendation on a 3rd party software for software deployment?
    I have to agree with the others. We like to be helpful here, but it sounds like you really need to pick up a good W2K3 book. I would recommend one by author Mark Minasi.

    Here are the short answers to your questions:

    1. Make sure your first server is online, run dcpromo on the second server, and during setup make sure you select the option to set the DC up on an existing domain and not a new one.
    2. Not sure exactly what you mean. Both servers need to be online and able to talk to each other (ie - on the network).
    3. Automatic among domain controllers.
    4. You set this in Group Policy under the default domain policy- Computer Policy>Windows Settings>Security Settings.
    5. Email or net send will work.
    6. You can deploy it through Group Policy if it's an MSI file, otherwise third party or another MS product is recommended like SMS.

    Good luck, and after you pick up a good book if you have any trouble implementing or understanding something you read please feel free to post back.
    Reply With Quote Quote  

  6. Sie
    Sie is offline
    Running on caffine
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    1,207

    Certifications
    ADITP (Advanced Diploma for IT Practitioners) & MCSA (70-270, 70-290, 70-291, 70-299) | Currently working towards C|EH
    #5
    Just to clarify I wasnt saying we arnt willing to help here just i know for myself i HAVE to know why im doing things rather than just how to do them.
    So when something goes wrong (as it usually does) i have a much better idea of how to rectify it.

    Hope it didnt come out as a big grumpy ogre!
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    May 2007
    Posts
    8
    #6
    TQ all for the reply. Actually I'm not looking for a step by step guide, I just need a quick direction on where or how on my questions. I was in a rush while composing mu questions, sorry didn't for not explaining.... Btw, I just took a Microsoft Course 2273B and did a small presentation so I was asked about the questions I asked and I need to give feed back. I still haven't have a real hand on with Windows Server 2003 yet thou.... So anyway if you guys have any more feed back, let me know. TQ
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    May 2007
    Posts
    8
    #7
    Oh, the domain is not set yet.... This question is for giving feed back from my presentation purpose..
    Btw what is the general term for the second backup DC called?
    Reply With Quote Quote  

  9. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #8
    Quote Originally Posted by 69cents
    Btw what is the general term for the second backup DC called?
    In W2K and W2K3, the concept of a Primary Domain Controller and Backup Domain Controller (PDC and BDC) is now somewhat gray. MS says that in W2K and up all DC's are created equal, which in a way they are. I'll get to that in a minute.

    In the old days (NT) the PDC held the only writable copy of the SAM file and database, while the BDC's all had a read only copy. So users could authenticate against a BDC (logon to the domain, access network resourses, etc.) but any changes (such as creating new accounts, changing passwords, etc) had to be done on the PDC. Replication then copied the changes to the BDCs from the PDC. This could obviously create problems in a large distributed network/domain that spanned multiple remote sites or a wide geographic area, as you could only have 1 PDC, all others were BDC's.

    Now, changes can occur on any DC in the domain. AD replication is much more efficient than the old NT4 systems. Since changes can happen on any DC in the entire domain, all DC's are supposedly equal. However, there are a few roles that are by default only on the first DC brought up in a domain/forest - referred to as the Flexible Single Master Operations (FSMO). These include things like the Global Catalog and PDC emulator. These can be moved to other DC's, but by default are on the first (and only the first) DC in a domain/forest. This in effect makes one DC more important than the others by default, as certain operations in the domain can only be handled by that server. As mentioned though, the defaults can be changed if desired.

    So to answer your question - they are all just called Domain Controllers, not primary or backup.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Jun 2006
    Posts
    167

    Certifications
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
    #9
    And in Windows 2008 (old codename Longhorn) we go back to the concept of read-only domain controllers again (albeit for a specific reason/purpose). Wish they'd make up their minds.
    Reply With Quote Quote  

  11. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #10

    Default Re: Need help with Windows Server 2003

    Quote Originally Posted by 69cents
    3. How would the primary sync and update the secondary DC? is there a setting?
    The way I usually do this is as follows:

    Set the dns to point to the DC1. Do the DCPROMO and add it as another DC in an existing DC. It will then become DC2. Install DNS on DC2 and don't do any configurations. When replication occurs, DC1 will see that DNS is installed on DC2 and will automatically bring over the DNS partitions to DC2. They will then add a NS record for DC2 and replicate that to each other as well. I would then point DC1's primary DNS ip to DC2 and have itself as the secondary dns. Since DC2 already has DC1 as its primary, I would leave that alone and then have itself as the secondary dns.
    Reply With Quote Quote  

  12. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #11
    I wanted to let you all know I moved Royal's first reply to the W2K8 forum:

    http://www.techexams.net/forums/viewtopic.php?t=23692

    It was a very informative post, but since it was a bit off-topic here I wanted to move it where it would be found easier by some one looking for W2K8 information. I named the topic Read-Only Domain Controllers in W2K8.

    Thanks for the post Royal, hope you don't mind me moving it.

    sprkymrk

    PS - This topic was also moved here to 70-290 from the Off Topic forum for the same reason, ie it belongs here.
    Reply With Quote Quote  

  13. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #12
    How could you Mark! Just kidding, all is good. At first I started to type in reply to Jason's post and then since I was bored in a hotel with nothing to do, I just kept typing. Eventually I thought, this should probably be in the 2008 forums, so you made the wise choice.
    Reply With Quote Quote  

  14. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #13

    Default Re: Need help with Windows Server 2003

    Quote Originally Posted by royal
    I would then point DC1's primary DNS ip to DC2 and have itself as the secondary dns. Since DC2 already has DC1 as its primary, I would leave that alone and then have itself as the secondary dns.
    I just wanted to add some more information on why you would want to do this. In 2000 Server, there was an issue called Island DNS. Basically, if a DC would point to itself for DNS, then it would register the Domain Controlller locator CNAME record for DsaGuid._msdcs.ForestDnsName in its own zone. This would cause other Domain Controllers not having a copy of this. Becuase of this, a DC would essentially be on an "island." In Server 2003, there were several things behind the scenes that were done to prevent this. One of them was by creating an application partition called ForestDNSZones. The msdcs zone is now a forest replicated dns zone and a delegation within your domain's dns zone has been created to point to this forest replicated msdcs zone. This msdcs forest wide dns zone will contain all the Domain Controller locator CNAME records. Now all Domain Controllers in a forest will contain that forest replicated dns zone so they will all know about all the Domain Controllers in the entire forest.

    Even in Server 2003, it's still advised to configure another server as its primary dns server. I can think of 2 reasons. 1 is reassurance that no bizzare case of island dns reoccurs. Another is because if a DC is configured to use itself as a DNS server, you will notice that it will take forever at Network Connections to start up. This is because Active Directory requires DNS to function. Since it's a DC, it has to wait for DNS to full start up and become functional. Then other functions for AD can begin and then the box eventually comes up. If you have the primary dns server pointed to the other DC, it will most likely be booted up already. Now when you're booting up a DC, it'll be able to pull DNS information immediately due to its primary dns being pointed to an already booted up DC.

    Hope this helps as well
    Reply With Quote Quote  

  15. Junior Member
    Join Date
    May 2007
    Posts
    8
    #14
    Wow guys, TQ so much for the reply. I'm not that advance Win Server 2003 users, infact, I haven't start with the installation yet. So, I'm a little bit confuse & SCARE hehehehhehe...... anyway TQ so much...
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    May 2007
    Posts
    8
    #15
    Got my question 1 til 3 answered after reading from the replies and a little research. TQ
    For question # 4, I managed to find out for the password, Minimum is 0 character, Maximum is 127.
    http://www.microsoft.com/technet/sec...passwords.mspx
    Still can find for the user name. Question 5 til 6, still searching....
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    May 2007
    Posts
    8
    #16

    Default Re: Need help with Windows Server 2003

    [quote="sprkymrk"]
    Quote Originally Posted by 69cents

    5. Email or net send will work.
    6. You can deploy it through Group Policy if it's an MSI file, otherwise third party or another MS product is recommended like SMS.
    Can you tell me more on the net send? What if I want to deploy antivirus patches or maybe software like microsoft office, is that consider to be MSI file?
    Reply With Quote Quote  

  18. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #17

    Default Re: Need help with Windows Server 2003

    Well for 5, as Mark stated, you can use the net send command. One issue with this, is that you need the messenger service to be running. Since XP SP2, messenger service is disabled by default.

    A popular choice for software deployment is to use Systems Management Server (SMS). The upcoming successor to SMS is entitled System Center Configuration Manager 2007 is currently available via beta distribution. You can read more about this here.

    Also, here's a cool little trick regarding password lengths. Group policy does not let you configure password policies to be greater than 14 characters. If you want to take advantage of longer passwords, there are a couple ways of doing this. There is one way for Windows 2000 and another for Windows 2003.

    The following is taken from: http://www.techgalaxy.net/Docs/Secur...r_password.htm
    Forcing the Use of Longer Passwords
    On a Windows Server 2003 you can force users to use passwords longer than 14 characters by using ADSI Edit, as described below.

    1. Start ADSI Edit.
    2. Go to the domain object, e.g. DC=TechGalaxy,DC=net.
    3. Right-click and select Properties.
    4. Look for an attribute called MinPwdLength.
    5. Edit the value and enter a new minimum length for the password. The default value is 7.

    In Windows 2000 you can edit the .adm file to force users to use a password that's more than 14 characters. In Windows Server 2003 this technique doesn't work. In fact, if you try this in Windows Server 2003 and set the password length to more than 14 characters, you will get errors and the password length will be set to 7. Luckily, you can use ADSI Edit to work around this problem.
    Reply With Quote Quote  

  19. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #18

    Default Re: Need help with Windows Server 2003

    Quote Originally Posted by 69cents
    Can you tell me more on the net send? What if I want to deploy antivirus patches or maybe software like microsoft office, is that consider to be MSI file?
    There are very basic software distribution methods via Group Policy. This is done by using MSI files. Lots of software these days come distributed by an MSI file. If there is no MSI file, you can actually use something called a ZAP file. You can read about how to distribute non msi-files using zap files here. MSI files are essentially files that are packaged with all the files and instructions on how to install the program in 1 file. It also allows for enhanced features such as self-healing. For example, if a file has installed software due to the distribution of an MSI file becomes corrupt, the installation will automatically re-install the specific file needed from the remote MSI package and fix itself. MSI distribution also allow for remote uninstallation. If you use ZAP files and ever need to uninstall the software off of a client machine, you have to actually go to that machine to do the uninstall.

    Microsoft office does come in MSI files, so you will be able to distribute Office via Group Policy. In addition to distributing office via an MSI file, there is a Custom Installation Wizard that allows you to specify how Office should be installed via an MST file. You can ready more about using the Custom Installation Wizard and MST files here.

    SMS offers a ton more features. As for Antivirus distribution, you'll want an enterprise Antivirus solution. These solutions often come with a centralized Administration server which will download updates and distribute it to clients through its own mechanisms.

    Here are some links on software installation via Group Policy:
    http://support.microsoft.com/kb/816102
    http://technet2.microsoft.com/window....mspx?mfr=true
    Reply With Quote Quote  

  20. Junior Member
    Join Date
    May 2007
    Posts
    8
    #19
    Will have a look, tq for the links
    Reply With Quote Quote  

  21. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #20
    Basic net send:

    Open a cmd prompt.
    Type: net send name message

    Example: net send workstation01 Please log off the server, rebooting in 10 minutes.

    Another useful option (if the messenger service is running, thanks Royal) is to connect to the server that you want to take down for maintenance, open computer management, right click on Shared Folders, go to All Tasks>Send Console message.
    Reply With Quote Quote  

  22. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #21
    One thing I've wondered but have never really looked into, is since the messenger service is pretty much always disabled now on most networks, if there is a third party product that will give you a better net send type of functionality. Perhaps one that allows more restrictions such as only allow messages from trusted machines in a domain, multiple specified domains, current forest, trusted forest, trusted domain, etc...
    Reply With Quote Quote  

  23. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #22
    Quote Originally Posted by royal
    One thing I've wondered but have never really looked into, is since the messenger service is pretty much always disabled now on most networks, if there is a third party product that will give you a better net send type of functionality. Perhaps one that allows more restrictions such as only allow messages from trusted machines in a domain, multiple specified domains, current forest, trusted forest, trusted domain, etc...
    I think there are some freeware utilities, but I generally don't trust most freeware. Here is one:
    http://www.freedownloadscenter.com/N...Messenger.html

    Otherwise, I think Microsoft Office Live Communications Server 2005 has similar features, as it replaced the Instant Messenger service in Exchange 2000.
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    May 2007
    Posts
    8
    #23
    Hi guys, got another question to ask. Well i started doing the windows server 2003 installation already and now it's updating service pack. So my question is can i change the raid controller? Like, from raid 0 to 1 or 2 and so on? Or is it a fixed hardware? My server is Dell Poweredge 1750. If you need anymore info on my server let me know.TQ
    Reply With Quote Quote  

  25. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #24
    Quote Originally Posted by 69cents
    Hi guys, got another question to ask. Well i started doing the windows server 2003 installation already and now it's updating service pack. So my question is can i change the raid controller? Like, from raid 0 to 1 or 2 and so on? Or is it a fixed hardware? My server is Dell Poweredge 1750. If you need anymore info on my server let me know.TQ
    You can change the RAID in the SCSI setup (watch for the prompt at bootup - CTRL+A or something) or by using the Server Assistant CD that came with the Dell. However, you'll need to reinstall Windows if you change the RAID now.

    If that Dell didn't come with a RAID controller (not familiar with the 1750) and all you did so far was format a single disk/partition to install Windows, then you can use Disk Management in Windows to add new volumes if using Dynamic Disks. If you are using basic disks you will need to upgrade them to dynamic first.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks