How to configure Additional Domain Controller (ADC)

1.The purpose of the article.

In this article, Techbast will show you how to configure Additional Domain Controller.

2.Additional Domain Controller What is and why do we need it ?

First to know what ADC is and its use, we need to know the following information.

Active Directory Domain Service (AD DS): Is the management and authentication center for objects such as: group, user, computer account… AD DS provides all the information of an object for necessary services, For example, providing sufficient information for authentication when the user logs on to the computer or the user accesses a resource…

Primary Domain Controller (PDC): In a domain there can be many Domain Controllers. The first domain controller is called the Primary Domain Controller (PDC) or Root domain.

Additional Domain Controller (ADC): The additional Domain Controllers are called Additional Domain Controller (ADC).

In an enterprise network, it is mandatory to have a PDC and only one machine. However, since there is only one, there are many possible risks. The ADC is optional in the following cases:

Case 1: The system has many Sites

Ex: Your company has its head office in Saigon and branches in Hanoi, so that two networks in two places communicate with each other, you have deployed an infrastructure connection (Lease Line, VPN). …)

Currently the network at the headquarters is being managed under the Active Directory model with the domain techbast.com, you want the network in Hanoi to also be managed under the Active Directory model under the domain techbast.com, so you have joined machines in Ha Noi to the domain..

In this case, for the system authentication in Hanoi to be stable, we need to configure an additional Domain Controller (Global Catalog Server) in Hanoi.

Solution: build more ADC at Site Hanoi for the purpose of authentication for users in Hanoi, the purpose is to log on regardless of WAN connection and increase speed

Case 2: The system has only 1 Saigon site but has a large number of users. When logging on, DC will be overloaded and cause network congestion.

Solution: Should build more ADC to reduce the load for the system (Load Balancing), load balancing makes the system faster.

Case 3: The system has only 1 Saigon Site and only 1 DC, the system is small. The whole system is now running stable. But one day DC has a problem, then the company system will be paralyzed. Recovery will take a long time.

Solution: Build ADC to increase the availability and fault tolerance of the system so that the system has High Availability and speed up the authentication.

3.Diagram

Techbast will guide you how to configure Additional Domain Controller according to the following network model.

Details:

Head Office:

  • Internet connection is established at Port 2 with static IP of 10,150.30.100.
  • The LAN is configured at Port 1 with IP 10.145.41.1/24 and configured with DHCP to allocate IP.
  • In the LAN, there is a server called Primary Domain Controller (PDC) with the domain name Learningit.xyz with static IP 10,145.41.11/24 used to authenticate users.

Branch Office:

  • Internet connection is established at Port 2 with static IP of 10,150.30.102.
  • The LAN is configured at Port 1 with IP 10.146.41.1/24 and configured with DHCP to allocate IP.
  • In the LAN there is a server Server 1 with static IP 10.146.41.11/24.

Both Sophos Firewall 1 and Sophos devices at Head and Branch Office have IPSec VPN Site to site configured.

4.Scenario.

Techbast will configure Server 1 into an Additional Domain Controller with the domain Learningit.xyz so that it can perform authentication right at the Branch Office without having to authenticate through the Primary Domain Controller at the Head Office.

5.What to do

  • Check the connection.
  • Configure Additional Domain Controller on Server 1.

6.Configuration

6.1.Check the connection.

Chúng ta cần đặt IP We need to set the IP for the two servers PDC and Server 1 as follows.

PDC’s IP:

  • IP address: 10.145.41.11.
  • Subnet mask: 255.255.255.0.
  • Default gateway: 10.145.41.1.
  • Preferred DNS server: 10.145.41.11.

Server 1’s IP:

  • IP address: 10.146.41.11.
  • Subnet mask: 255.255.255.0.
  • Default gateway: 10.146.41.1.
  • Preferred DNS server: 10.145.41.11.

Next we need to check if the PDC and Server 1 ping see each other.

Techbast will perform mutual ping between the two servers and the result is a successful ping.

6.2.Configure Additional Domain Controller on Server 1.

To configure ADC on Server 1 we need to install Active Directory Domain Services.

To install we follow the following steps.

First we need to open Server Manager and click Add roles and features.

The Add roles and features Wizard panel appears at Before you begin, click Next.

At Installation Type, select Role-based or feature-based installation and click Next.

At Server Selection, select Select a server from the server pool and select Server 1 with Name as adc and IP address as 10.146.41.11 then click Next.

At Server Role, select Active Directory Domain Services > click Add Features > click Next.

At Features, click Next.

At AD DS, click Next.

At Confirmation, click Install to configure.

The installation will take place within a few minutes.

The installation is complete, click Close to close the installation window.

After successful installation we go back to Server Manager, we will see that there is a triangle icon containing an exclamation point appearing at the flag icon.

We click on the flag icon and click Promote this server to a domain controller to start configuring the Additional Domain Controller.

The Deployment Configuration table appears, select Add a domain controller to an existing domain > enter the domain name learningit.xyz in the Domain section and click Select.

Now the authentication panel requires you to enter the administrator account and password of the Primary Domain Controller to authenticate.

After entering these, click OK.

After verifying the administrator account, the domain name learningit.xyz will be displayed in the Select a domain from the forest table.

You choose the domain name learningit.xyz and click OK.

Return to the Deployment Configuration panel and click Next.

At Domain Controller Options, we will configure the following:

  • Domain Name System (DNS) server: select.
  • Global Catalog (GC): select.
  • Read only domain controller (RODC): deselect.
  • Site name: select Default-First-Site-Name.
  • Password: enter administrators’ password.
  • Confirm Password: re-enter password of administrator.
  • Click Next.

At DNS Options, click Next.

At Additional Options, select pdc.learningit.xyz in Replicate from and click Next.

At Paths và Review Options, click Next.

At Prerequisites Check, wait for the server to check if the conditions are correct and click Install.

The Additional Domain Controller installation process takes a few minutes.

Once the installation is complete, the server will automatically restart.

After booting we will log into the server with the same administrator account as on the PDC.

As you can see techbast has completed the configuration of Additional Domain Controller for Server 1.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.