ID Number: Q70678
2.00
OS/2
Summary:
======================================================================
LM0419: SETTING UP A BACKUP DOMAIN CONTROLLER
======================================================================
--------------------------------------------------------------------
| INFORMATION PROVIDED IN THIS DOCUMENT AND ANY SOFTWARE THAT MAY |
| ACCOMPANY THIS DOCUMENT (collectively referred to as an |
| Application Note) IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY |
| KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO |
| THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A |
| PARTICULAR PURPOSE. The user assumes the entire risk as to the |
| accuracy and the use of this Application Note. This Application |
| Note may be copied and distributed subject to the following |
| conditions: 1) All text must be copied without modification and |
| all pages must be included; 2) If software is included, all files |
| on the disk(s) must be copied without modification (the MS-DOS |
| utility DISKCOPY is appropriate for this purpose); 3) All |
| components of this Application Note must be distributed together; |
| and 4) This Application Note may not be distributed for profit. |
| |
| Copyright 1991 Microsoft Corporation. All Rights Reserved. |
| Microsoft and the Microsoft logo are registered trademarks of |
| Microsoft Corporation. |
--------------------------------------------------------------------
INTRODUCTION
============
The instructions on page 78 of the "Microsoft LAN Manager
Administrator's Guide" for setting up a backup domain controller
assume that you have not changed the password on the admin account for
either the primary domain controller or the machine you are promoting
to a backup or member server. The easiest way to set up a backup
domain controller or member server is to use identical accounts (names
and passwords) on both machines with administrative privilege. This
name and password could be the original account of "admin"/"password,"
or any admin account of your choosing. This method will allow you to
follow the instructions in the administrator's guide using the
administrative privileged account.
SETUP PROCEDURE WHEN PASSWORDS DIFFER
=====================================
If your passwords are not the same on the primary domain controller
and the server being set up as either a member or backup domain
controller, follow the instructions below.
Note: This entire process can be performed from the machine that is
being promoted to a backup or member server.
Preparing the Setup Machine
---------------------------
1. Edit the LANMAN.INI file, specifying the name of the domain as
the value in the "domain=" entry in the [workstation] section. Make
note of the values specified in the "scripts=" entry in the
[netlogon] section and the "userpath=" entry in the [server]
section. Exit the editor and confirm that the directory path you
made note of for the scripts= entry exists, and that a subdirectory
named SCRIPTS exists in the directory path you made note of for
userpath=. Do not change the userpath= value in the LANMAN.INI
file; it is hard coded.
2. Start the workstation service by typing:
net start workstation
Setting Up Accounts on the Primary Domain
-----------------------------------------
Important: Do not change machines. All necessary changes can be
made from the backup domain controller using LAN Manager's remote
administration facility.
1. Log on to the primary domain by typing:
net logon <remote-admin-name> <remote-admin-password>
This command will cause your computer to log on to the primary
domain controller with administrative privileges.
2. Synchronize the internal clock of the new backup or member with
the domain's primary domain controller by typing:
net time /domain /set
3. Establish a remote administration session with the primary domain
controller by typing:
net admin \\domain-controller-name /command
4. Create a user account for the new backup or member on the primary
by typing
net user <local-computername> <local-password> /add
where <local-computername> is the computer name of the new backup
or member, and <local-password> is the password.
5. Add the user account for the new backup or member to the SERVERS
group by typing:
net group servers <local-computername> /add
6. Exit the remote command processor by typing:
exit
Setting Up Accounts on the Backup Domain
----------------------------------------
1. (Note: This step differs from the procedure outlined in the
administrator's guide.) Log on to your local machine with admin
privileges and no domain (stand alone), by typing
net logon <local-admin-name> <local-admin-password> /domain:none
where <local-admin-name> is the admin account for the local
machine, and <local-admin-password> is the password.
2. Create a group called SERVERS on the new backup or member by
typing:
net group servers /add
3. Create a user account on the new backup or member for the backup
or member by typing:
net user <local-computername> <local-password> /add
4. Add the user account to the SERVERS group by typing:
net group servers <local-computername> /add
5. Change the role for the new backup or member by typing:
net accounts /role:{backup | member}
6. Start the Server service by typing:
net start server
7. Start the Netlogon service by typing:
net start netlogon
8. Edit the [server] section of the LANMAN.INI file, adding
"netlogon" to the list of services in the "srvservices=" entry.
This will cause the Netlogon service to load automatically when the
server is started.