Microsoft KB Archive/70678

= Microsoft Knowledge Base =

Setting Up a LM Backup Domain Controller or Member Server
Last reviewed: October 26, 1994

Article ID: Q70678

LM0419: SETTING UP A BACKUP DOMAIN CONTROLLER
 * INFORMATION PROVIDED IN THIS DOCUMENT AND ANY SOFTWARE THAT MAY   |
 * ACCOMPANY THIS DOCUMENT (collectively referred to as an           |
 * Application Note) IS PROVIDED &quot;AS IS&quot; WITHOUT WARRANTY OF ANY     |
 * KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO   |
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A    |
 * PARTICULAR PURPOSE. The user assumes the entire risk as to the    |
 * accuracy and the use of this Application Note. This Application   |
 * Note may be copied and distributed subject to the following       |
 * conditions: 1) All text must be copied without modification and   |
 * all pages must be included; 2) If software is included, all files |
 * on the disk(s) must be copied without modification (the MS-DOS    |
 * utility DISKCOPY is appropriate for this purpose); 3) All         |
 * components of this Application Note must be distributed together; |
 * and 4) This Application Note may not be distributed for profit.   |
 * Copyright 1991 Microsoft Corporation. All Rights Reserved.        |
 * Microsoft and the Microsoft logo are registered trademarks of     |
 * Microsoft Corporation.                                            |
 * Microsoft Corporation.                                            |

INTRODUCTION
The instructions on page 78 of the Microsoft LAN Manager &quot;Administrator's Guide&quot; for setting up a backup domain controller assume that you have not changed the password on the admin account for either the primary domain controller or the machine you are promoting to a backup or member server. The easiest way to set up a backup domain controller or member server is to use identical accounts (names and passwords) on both machines with administrative privilege. This name and password could be the original account of &quot;admin&quot;/&quot;password,&quot; or any admin account of your choosing. This method will allow you to follow the Administrator's Guide instructions for using the administrative privileged account.

SETUP PROCEDURE WHEN PASSWORDS DIFFER
If your passwords are not the same on the primary domain controller and the server being set up as either a member or backup domain controller, follow the instructions below.

Note: This entire process can be performed from the machine that is  being promoted to a backup or member server.

Preparing the Setup Machine
 Edit the LANMAN.INI file, specifying the name of the domain as the value in the &quot;domain=&quot; entry in the [workstation] section. Make note of the values specified in the &quot;scripts=&quot; entry in the [netlogon] section and the &quot;userpath=&quot; entry in the [server] section. Exit the editor and confirm that the directory path you made note of for the scripts= entry exists, and that a subdirectory named SCRIPTS exists in the directory path you made note of for userpath=. Do not change the userpath= value in the LANMAN.INI file; it is hard coded.  Start the workstation service by typing: net start workstation 

Setting Up Accounts on the Primary Domain
Important: Do not change machines. All necessary changes can be  made from the backup domain controller using LAN Manager's remote administration facility. Log on to the primary domain by typing:

net logon   This command will cause your computer to log on to the primary domain controller with administrative privileges.

Synchronize the internal clock of the new backup or member with the domain's primary domain controller by typing:

net time /domain /set Establish a remote administration session with the primary domain controller by typing:

net admin \\domain-controller-name /command Create a user account for the new backup or member on the primary by typing

net user   /add where  is the computer name of the new backup or member, and  is the password.

Add the user account for the new backup or member to the SERVERS group by typing:

net group servers  /add Exit the remote command processor by typing:

exit

Setting Up Accounts on the Backup Domain
  (Note: This step differs from the procedure outlined in the administrator's guide.) Log on to your local machine with admin privileges and no domain (stand alone), by typing net logon  <local-admin-password> /domain:none where <local-admin-name> is the admin account for the local machine, and <local-admin-password> is the password. </li>  Create a group called SERVERS on the new backup or member by typing: net group servers /add </li>  Create a user account on the new backup or member for the backup or member by typing: net user <local-computername> <local-password> /add </li>  Add the user account to the SERVERS group by typing: net group servers <local-computername> /add </li>  Change the role for the new backup or member by typing: net accounts /role:{backup | member} </li>  Start the Server service by typing: net start server </li>  Start the Netlogon service by typing: net start netlogon </li> Edit the [server] section of the LANMAN.INI file, adding &quot;netlogon&quot; to the list of services in the &quot;srvservices=&quot; entry. This will cause the Netlogon service to load automatically when the server is started.</li></ol>