The domain controller is the most important server inside your network. It ensures that users can log in, and handles permissions, policies, etc. But what if your domain controller goes offline? Having a second domain controller in your network increases the reliability of your whole network. So how do we add a domain controller to an existing domain?
Adding a domain controller doesn’t only increase the reliability of your domain, but it also helps with the load balancing of the services. And if you have multiple offices then having a second domain controller on the other sites, ensures that users can still login in the event of an internet/VPN outage.
In this article
In this article, we are going to add a domain controller to an existing domain step by step. The steps below work for Windows Server 2012 and upwards to Windows Server 2022.
Before we start with adding the domain controller to the existing domain, there are a few requirements that we need to check. I assume you have completed the Windows Server installation.
- Static IP Address – Give the new server a static IP Address
- DNS to existing DC – Set the Preferred DNS server to the existing DNS Server (DC01)
- Computer name – Make sure that you have changed to computer name (DC02) of the new server before promoting it to a domain controller.
- Date and Time – Make sure that the date and time and time zone match between the servers
- Join the server to the domain – The server needs to be a member of the domain
Add Domain Controller to Existing Domain
With our server ready we can start by promoting it to a domain controller and adding it to the existing domain.
Step 1 – Installing Active Directory Domain Services
The first step is to install the AD DS (Active Directory Domain Services) on the new server.
- Click on Start and open the Server Manager
- Click on Manage > Add Roles and Features
- Click Next, make sure Role-based or feature-based installation is selected, and click Next
- In the Select destination server make sure that your new server is selected (it’s by default), and click Next
- Select Active Directory Domain Services. A new dialog screen will appear, click Add Features to add the tools that are required.
- Click Next to continue
- We don’t need to add additional features, so just click Next on the Select features page.
- You will get a summary of the Active Directory Domain Services, click Next to continue
- A reboot is not required, so we can leave Restart destination server… off and click on Install.
Step 2 – Promote Server to Domain Controller
After the installation of AD DS is completed, you can click on Close. We can now promote the server to a domain controller. During these steps, we will add the new domain controller to the existing domain.
- In the Server Manager, click on the flag/warning icon and click Promote this server to a domain controller.
- Make sure that Add a domain controller to an existing domain is selected. Enter the domain and supply the domain admin credentials. Click on Next when done.
- In the domain controller options page, leave the default items selected. You only need to enter the DSRM password twice
- Ignore the warning on the DNS option page. This is normal and can be skipped.
- In the additional options page, we can select the domain controller from which we want to replicate. Normally you want to be able to replicate from any domain controller.
But if you have two domain controllers in your data center, and installing additional controllers on branch offices, then you probably want to replicate from the data center.
- We can skip the next two screens. It’s best practice to leave the paths in the default location and you can click next on the review screen.
- Click on Install after the Prerequisites Check is completed. It’s normal that you see two warnings (just like in the screenshot below)
Wait for the installation to finish. The server will automatically reboot once completed.
Step 3 – Verifying AD replication
After the server is rebooted, we need to verify the domain replication. We start in the Active Directory Users and Computers. Expand the domain controllers and verify that both domain controllers are listed:
Next, we want to check if that there are no errors occurred during the replication. For this, we are going to use the built-in repadmin utility.
- Open PowerShell or a Command Prompt on the new domain controller.
repadmin /replsummary dc02where dc02 is the name of your new domain controller
As you can see in the screenshot above, there were no errors during the replications.
The last step is that we need to configure the DNS servers correctly on the two domain controller. The preferred DNS server should always point to the other domain controller. The Alternate DNS server must point to its own IP address (or the loopback address 127.0.0.1)
So in the screenshots below:
- 192.168.1.201 is DC01
- 192.168.1.202 is DC02
Adding a domain controller to an existing domain is pretty straightforward as you have seen. Make sure that you configure the DNS servers correctly, otherwise, the replication will probably fail.
After you have added your new domain controller it’s time to demote the old one. You can find a complete guide here.
I hope you found this article useful, if you have any questions, just drop a comment below.
4 thoughts on “How to Add Domain Controller to Existing Domain”
Nice tutorial, next one can be how to decomission an old DC
Done: How to Demote (Remove) a Domain Controller
Nice article 🙂
I’m just curious, why should the preferred DNS be the other DC and the alternative point to it’s own IP? I have always done it the other way around, preferred DNS point to it’s own IP and the alternative point to the other DC.
This will prevent the DNS server from becoming an island. Read more about it in this article from Microsoft