In this blog we will be learning the best practices for building an Active Directory Infrastructure from Scratch. To know how to promote first Windows Server 2012 Active Directory Domain please click here. Proper Active Directory Infrastructure will help us to deploy mission critical application such as Microsoft Exchange Servers, SharePoint etc. Without fully functional Active Directory these applications won’t work as expected.
Estimated Time 1 Hour depending on the network and other important resource.
The account with which we are going to perform this action should be a member of Domain Admins Group.
Fully functional DNS network infrastructure.
Who will be benefitted
Project Leaders who are responsible for designing an Active Directory Infrastructure.
IT Professionals involved in planning and deploying Active Directory in a new forest or in an existing forest.
Site Name : Default-First-Site-Name
DC Name : DC1-S1
Subnet : 10.10.0.0/16
Site Name : US
DC Name : Dc2-S2
Subnet : 10..20.0.0/16
In the above scenario I have made the network very simple for understanding. It can be any type of network provided we are able to communicate with each other.
Figure 1.1 : Site Name and Subnets Created Manually.
In Figure 1.1 Default-First-Site-Name is created by default when we deploy our first Active Directory. If there is an expansion and we want to implement one more Active Directory Site then first we have to create Site Name as required. In our scenario I have used US. Post which you have to create Subnets and link them with the site name.
Figure 1.2 : Selecting the Deployment Operation
In figure 1.2 we have an option to select Add a domain controller to an existing domain. Specifying the domain information and entering the credentials. We can also have new domain in an existing forest.
Figure 1.3 : Site information and DSRM password.
In figure 1.3 if the site is not properly set. Then it wont select the site name on its own. In our scenario the setup has detected site name US on its own.
DSRM password has to be kept confidential, since it is used in disaster recovery scenarios.
We can ignore this, since we have DNS role already installed. Active Directory Setup will take care of DNS.
In figure 1.5 we have option “install from media” this option will work if have a offline copy of system state backup taken from any one domain controller. It can be used if the network has low bandwidth.
Second option is Replicate from. We have Any domain controller and the source DC name. We will select the DC name.
Now we have an additional domain controller in a remote site.
How do we confirm if they are in working condition
Figure 2.1 : NlTest output for first site
Figure 2.2 : NlTest output for US site.
We should be able to resolve both name and ip address for both the DC’s. This proves that DNS is properly set.
Now lets see how replication works.
These connection objects are created automatically when we deploy Active Directory in a multi site scenario.
In figure 2.5 since its across two different sites it will take its own time.
Additional Domain Controller in a remote site is now fully functional. We can add more DC as per the requirement.
Best practices is to have two DC’s in each site.
MSEXCHANGETEAM | Ideas That Clicks