Active Directory How-To pages

How to add a domain controller?

At times, you might want to have an additional domain controller to balance the load, and increase fault tolerance. This page elaborates the steps needed to add a domain controller to your Active Directory (AD) environment.

Step 1: Install Active Directory Domain services (ADDS)

1. Log into your Active Directory Server with administrative credentials.
2. Open Server Manager → Roles Summary → Add roles and features.

   

3. The "Before you begin" screen, which pops up next, is purely for an informational purpose. You may read through it and click "Next".
4. Select the installation type. If it is a virtual machine based deployment, choose Remote Desktop Services installation. Else, choose Role-based or Feature-based installation.

   

5. Now, select the destination server on which the role will be installed. Ensure the IP address displayed is that of the selected server. Else, close the Server Manager and retry.

   

6. Select the roles you want to install on this server. The basic requirement to promote this server into a domain controller is Active Directory Domain Services.

   

7. The features for this role are ready to be installed. The basic features required for this service are selected by default. Click next.

   

8. Confirm your installation selections.
   Note: It is recommended to select the "Restart the destination server automatically if required" option.
9. Click the Install button. Once installation is complete, close the window.

   

Step 2: Promote the server to a domain controller

Note: The following actions can be performed only if the user belongs to the Domain Admins group.

1. Once the ADDS role is installed in this server, you will see a notification flag next to the Manage menu. Select "Promote this server to a domain controller"

   

2. This fires up the ADDS configuration wizard. On the Deployment configuration page, select "Add Domain controller to an existing domain" . You need to specify the name of the domain in which the new DC will be added.

   

3. The "Domain controller options" page appears next. Options to make this DC a DNS server and a Global Catalog are selected by default. You can choose to make this DC a read-only DC if you want. Select the site name for the DC and a unique password for the DSRM mode.
   Note: DSRM mode helps gain access to an environment if all domain administrator accounts lose access or in case of DC failure.

   

4. Since a DNS Server is being configured as part of our efforts, you’ll be warned that a delegation for this DNS server cannot be created. This can be safely ignored.
5. Additional options: Choose where you want your DC to replicate from. Active Directory can replicate from any domain controller or a specific one.

   

6. On the "Paths" page, confirm the location for ADDS database files, log files and SYSVOL. You can either use the default < location or folder or selection→, or select another folder of your choice.
7. Review your selections in the next screen and click Next. Windows will then perform a prerequisites check. Once it is done, click Install.

   

Your system will be rebooted after replication has taken place. Verify the health of the new domain controller by running dcdiag /v from the command line.