Our internal network, which is not connected to the internet, has a Server PC running Server 2003 Standard with SP2 configured as Active Directory Domain Controller, DHCP server, DNS server and file server. The IP address and DNS address are set the same in TCP/IP properties. Normally this is the only DC running. We have a second identical server again running running Server 2003 Standard with SP2 also configured as Active Directory Domain Controller, DHCP server, DNS server and file server.that is normally not running. This was set up using DCpromo to copy all the settings. It is just turned on every month or after changes to synchronise settings. The plan is should the main server fail this server can have the data hard drives installed while the main server is repaired or replaced. The clients are running XP Pro mainly with SP3 but a few still on SP2. What I have found is that unless I manually set the DNS address in TCP/IP properties on each client most, but not all, are slow to log in sitting with the "Applying Computer Settings" dialog showing for several minutes. In the DNS settings under 'Forward Lookup Zones' there is both -msdcs.ourdomain and ourdomain I assume this is correct. My thought is something is not right with the DNS settings but I have no idea what to look at. Should it be relevant before I was involved the main server was NT4. What a colleague and myself did was upgrade that to 2003 using the downloadable trial version then use DCpromo to transfer the settings to the current server, which originally was just a file server. This server was then made the primary server and the old server taken offline. I'm not a network expert, just as ever working my way through issues as they arise with the help of sites like this. Hence any ideas will be appreciated.
Active Directory depends on a correct DNS setup, so it's important to get each computer's DNS settings right, even if the network isn't connected to the Internet. If they don't have a DNS server to connect to, or one that doesn't have the AD records, they may fail to connect to a DC and therefore hang when trying to connect to it until they hit a timeout. Sounds like your DHCP setup might be set up wrong and doesn't distribute the correct DNS server addresses. If you've only got the two DCs that run DNS you should configure your DHCP scope with your server's IP as the primary, and the backup server's IP as a secondary DNS server.
Probably ..... but can you explain how I do this please? Is there a tool built into Server 2003 or a program, ideally stand-alone, that I can download?
In addition to what's configured in DHCP, domain-joined machines will use the AD domain name by default anyway. I usually set it in DHCP as well so that any non-domain devices on the network also get the DNS suffix so they don't have to use FQDNs for internal hosts (i.e. they can use "server" instead of "server.example.com").