Setting up backup domain controllers

[Mark0tech]

I have just setup a new domain with a 2003 server as the PDC and a 2000 server as the TS server, now I have setup replication for active directory and DNS on this TS server, I have also made this server a global catalog server, is there anything else I need to do to Make this a Backup Domain Controller (DHCP or other things)?

If the time comes and the PDC dies does the secondary automatically take over the domain logging on, DNS and so on ? or do I have to do soemthing to tell it to ?

Second question, I have a third server running windows 2003, it will be at a different site to this server but connected via a permenant VPN link, I have no firewalls on the VPN and full access through the tunnel is ok, I can ping the PDC and BDC from server three, Can I just DCpromo this like normal, and replicate the active directory ? I would assume I dont replicate the DNS do I as it is from a different subnet or do I set this up the same as the TS server and the 1 DNS will house the records for both subnets and 3 servers, will this also make this third server a backup domain controller for the remote location.

Edited June 15, 2006 by Mark0tech

[fizban2]

first, PDC and BDCs are dead, (cheer) all domain controllers are treated equally, for the domain to worrk you will need to have at least DNS setup, prefferably on 2 machines incase one DC does go down, i would suggest at least the machine accross the VPN be a DC and a DNS server (depending on how many clients are at the remote location and if they can stand being down or not) unless you are going to turn the TS server into a DC (which i wouldn't recommend) you won't have to worry about AD replication to it, just make sure the TS server is part of the domain (static IP) and can be seen through DNS lookups. i would really make your DC the global catalog server, having it on the 2000 box may causes issues. you could DCpromo the 3rd machine, but depending on the site link it could take a very long time and eat up all the bandwidth on that link. if possible taking it down for some scheduled maintence and upgrading it at the main site would be best. DNS will replicate out across the whole domain no matter what the subnets are.

[Mark0tech]

Ok thanks for that, I have a Dual 512/512 for the VPN link, I will promote the remote server to a DC and setup DNS replication on it and set it as another global cat server, this should give me redundancy if the link goes down right.

Thanks

[fizban2]

correct, users will still be able to log onto the domain, but any resources listed in the domain or GC that are across the WAN will be unavailable.