How To: Installing an additional Domain Controller in a child domain
Prerequisites:
- You have contacted the Win-AD team to inform them that you are adding a DC (without notification, your new DC will not be able to communicate correctly with the ACCESS DCs).
- You have a server that meets Microsoft's minimum requirements.
- You have the administrative account and password provided by an ACCESS administrator.
- You have an existing Child Domain.
Step 1: Patch the machine and setup the machine name.
Patching the Machine
It is extremely important to have an updated machine prior to installing the
machine into Active Directory. You can use the Windows® Software
Update Service to patch and update the machine, or another method of your
choice.
Setting Up the Machine Name:
- Right-click My Computer and choose Properties.
- Choose Computer Name.
- Click <Change>.
- Ensure that the Computer name text box has the correct machine name and that
the machine name is correctly prefix with your organization's designated two-
or three-letter prefix.
- Click <More>.
- Click the Change primary DNS suffix when domain membership changes check box to disable this option.
- Enter the DNS suffix of the machine where YourDNSsuffix.psu.edu is the the DNS suffix of the Fully Qualified Domain Name (FQDN) for the machine.
- Click <OK> for the next four windows.
- Click <Yes> to restart the computer.
- After rebooting, right-click My Network Places and choose Properties.
Choose the connection used to access the network.
- Right-click and choose Properties.
- Double-click Internet Protocol (TCP/IP).
- Click Advanced.
- Choose the DNS Tab.
- Ensure that the DNS servers listed are the DNS servers you generally use
to resolve DNS names; you may use the two listed or DNS servers run by your
organization.
- In the Append, these DNS suffixes (in order) text box replace your DNSsuffix.psu.edu
with your organization's DNS suffix and be sure to include aset.psu.edu as
well.
- Click the Register the connection's addresses in DNS check box to disable this option.
- You can also set a WINS server. (optional)
- Under Advanced TCP/IP Settings, select the WINS tab.
- Click <Add>.
- You may use the WINS server provided by us or a WINS server of your choice.
- Click <Add>.
- Click <OK>.
- Click <OK>.
- Click <OK>.
Step 2: Start the DC Promotion.
- Choose Start –>Run.
- Enter dcpromo and click <Enter>.
- Click <Next> and click <Next> again.
- Click the Additional Domain Controller for a new domain radio button.
- Click <Next>.
- Using the administrator account or an administrative account in your child domain, enter the appropriate account information in the fields provided.
- Click <Next>.
- Enter the name of your child domain.
- Click <Next>.
- Choose the location for the Active Directory® database (choosing a drive or a partitioned drive is recommended).
- Click <Next>.
- Choose a location for the SYSVOL.
- Click <Next>.
- Choose a restore mode password.
- Click <Next>. This may take time to process. Please be patient.
- Review the information.
- Click <Next>. This may take time to process. Please be patient.
- Click <Finish>.
- Click <Restart Now>.
Setting Up the Registry Entries for the K5 KDCs
- Visit https://downloads.its.psu.edu/. Upon successful authentication, click "File Transfer". Then, click the "Windows" link for the Registry key for PASS Access. Once it has been downloaded simply run the file and it will handle the addition of information into your registry.
- Test the configuration by using your Penn State Access Account userid and password to log on. In this case, you will enter (for example) xyz123@dce.psu.edu and the password, where xyz123 represents your Access Account userid.
- If the message, local policy of this system does not permit you to log on interactively, appears or the machine allows you to log in, then the trust works.
