I was wondering if someone could explain some of the benefits of setting up a second DC on my network. I'll tell you the reason I'm asking. I have 1 DC as a Hyper V VM sitting on a Server 2008 R2 physical that is joined to the domain. Sometimes I have login problems where it takes forever to log into the physical server that is hosting the DC VM. I'm guessing this has something to do with the fact that the VM comes up after the physical server tries to find it then gives me auth problems when I try to login. I have another physical 2008 R2 server that I could put another DC VM on and didn't know if that would be helpful and in what ways. Thanks in advance for information.

Yes Fuzzy, you would see a lot of benefit from a seperate physical machine for a DC.Not only would it speed up logins on the Hyper-V host, but you would have redundancy. If either the physical DC or the virtual DC fails, you would still have Active Directory services and you could create a replacement DC at will.

Hi, It’s always suggested to setup a second DC even if your DC are not running as VM. We have to consider more when running virtualized DC. Please refer to the following article: The Domain Controller Dilemma http://blogs.msdn.com/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx Running Domain Controllers in Hyper-V http://technet.microsoft.com/en-us/library/dd363553(WS.10).aspx Considerations when hosting Active Directory domain controller in virtual hosting environments http://support.microsoft.com/kb/888794 Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Hi,It’s always suggested to setup a second DC even if your DC are not running as VM. We have to consider more when running virtualized DC. Please refer to the following article:The Domain Controller Dilemmahttp://blogs.msdn.com/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspxRunning Domain Controllers in Hyper-Vhttp://technet.microsoft.com/en-us/library/dd363553(WS.10).aspx Considerations when hosting Active Directory domain controller in virtual hosting environmentshttp://support.microsoft.com/kb/888794 Thanks. This posting is provided "AS IS" with no warranties, and confers no rights. Thank you for this post. I will read through these now. Awesome. I've been weary about setting up a second DC for some time now because the last time I did and my root server was down for a couple days I had login and security issues which I still don't understand why. I was under the impression that as long as one of the DCs was up that there should be no problems with authentication. I had my secondary only up for a couple days then I starting having all these strange problems. Does that make sense to you? Thanks.

Hi, Your previous problem may be caused by other factors. If any of them reappears, please let us know, we will try out best to help you. If you have more questions in the future, you’re welcomed to this forum. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, Your previous problem may be caused by other factors. If any of them reappears, please let us know, we will try out best to help you. If you have more questions in the future, you’re welcomed to this forum. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights. Okay just one more follow up question. If I setup a second DC, is it okay to take off my root DC for like 5 days and then bring it back up and not experience any problems? Does it matter how long it would be offline if another DC (not the root) is online the whole time? Thanks.

Hi, It’s OK to take the root DC offline when you have a secondary DC. However, you need transfer FSMOs to secondary DC before that. How to view and transfer FSMO roles in Windows Server 2003 http://support.microsoft.com/kb/324801 The time you can take your DC offline is determined by AD Tombstones. For more information, please refer to the following article: Know your Tombstones - The Basics http://blogs.technet.com/janelewis/archive/2006/10/04/Know-your-Tombstones-.aspx Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, It’s OK to take the root DC offline when you have a secondary DC. However, you need transfer FSMOs to secondary DC before that. How to view and transfer FSMO roles in Windows Server 2003 http://support.microsoft.com/kb/324801 The time you can take your DC offline is determined by AD Tombstones. For more information, please refer to the following article: Know your Tombstones - The Basics http://blogs.technet.com/janelewis/archive/2006/10/04/Know-your-Tombstones-.aspx Thanks. This posting is provided "AS IS" with no warranties, and confers no rights. Right I do know about moving the FSMOs. How long do I have?I have since added a second DC to my domain. So now I have 2 host R2 servers, each has a DC on it. What puzzles me is that I still have login issues when logging into the host machines which are part of the domain. They take forever to login and after doing so I still can't access the file shares because it seems that the host machine doesn't authenticate even though the new DC is on and sitting on the other DC. I'm lost.

Try "netdom.exe reset..." in a command prompt.Enter "nedom" by it's self to see the basic syntax, or "netdom help", to see a little more.If "netdom reset %computername%" does not work, you can specify which domain and DC to use to establish the secure connection.

Try "netdom.exe reset..." in a command prompt.Enter "nedom" by it's self to see the basic syntax, or "netdom help", to see a little more.If "netdom reset %computername%" does not work, you can specify which domain and DC to use to establish the secure connection. Okay well which server do I do this on and when? Thanks.

You can do on any computer that has netdom.exe. That's where the domain, server, and login information come in. You can try just "netdom reset %ComputerName%" on the troubled server. It sometimes works. If it does not, try adding parameters.

I think I figured out it was a DNS issue because I forgot to specify the second DC on each of the respective host servers. Load okay now. Know any way to fix the fact that the time is off on my entire network? That would be really helpful. Trying to find a way that works to have my dc sync time with an external solution but no one has given me a working solution yet. Thanks.

Hi, Regarding the time problem, you first need to setup a authoritative time server. Try the suggestions below on your new PDC: How to configure an authoritative time server in Windows Serverhttp://support.microsoft.com/kb/816042/ After that, try to sync time on client system. How to synchronize the time with the Windows Time service in Windows XPhttp://support.microsoft.com/kb/307897 Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

See also http://www.ntp.org/.You can see how "far" away prospective time servers using tracert.exe.