After your first Domain Controller is already in use, it’s time to add another Windows Server 2016 DC to your Active Directory environment. Either for redundancy, load balancing or just because another DC feels the right way to go. This is the process we will implement in the current article, which is just as easy and simple as the previous one.
To make the scenario a little more realistic, I have already set up the first DC named DC01 with the Active Directory domain ‘meraki.edu’. Now I will add the second DC named DC02 to the same AD domain, which will also have the role of DNS Server and Global Catalog. The two DCs are on the same IP subnet and have direct communication with each other on a local (LAN) connection. In DC02, I have initially configured network settings, changed the server name to DC02, and joined it to the local Active Directory domain.
So, the process will again take two steps:
- Install the Active Directory Domain Services role
- Promote the server to a Domain Controller
Install the Active Directory Domain Services role
Open Server Manager, click Manage and then Add Roles and Features.
Immediately afterward, the wizard window will open. In the Before You Begin section, click Next to continue.
In the Installation Type section, select Role-based or feature-based installation and click Next to continue.
In the Server Selection section, make sure that the server you want is selected and click Next to continue.
Under Server Roles, select Active Directory Domain Services. Once you do this, you will be asked to add some additional features. Click the Add Features button and then click Next to continue.
In the Features section, you do not have to choose anything, just click Next to continue.
In the AD DS section, some information about AD DS is displayed, just click Next to continue.
Finally, in the Confirmation section, click the Install button to proceed to install the role.
Promote the server to a Domain Controller
Once the role is completed, if you do not close the window, you will be prompted to promote the server to a Domain Controller (DC).
Alternatively, you can open the same window through Server Manager, as shown in the figure below.
In essence, this is the Active Directory Deployment Configuration wizard that will guide you to add another Domain Controller to the Active Directory environment.
In the Deployment Configuration section, since the AD forest already exists, enable Add a domain controller to an existing domain, and then type the domain name in the corresponding field. In my case is meraki.edu. You will also need to provide the credentials of an account that has the ability to add DC to the existing domain, such as the Domain Administrator. To proceed, click Next.
Under Domain Controller Options, enable (if desired) the Domain Name System options (DNS) Server and Global Catalog, leave the default Site Name and enter the Directory Services Restore Mode (DSRM) password. Keep this password in your documentation. Click Next to continue.
In the DNS Options sub-section, that you will see only if you install the DNS role, a warning message appears, but it does not need to worry you for the moment. Simply click Next to continue.
In the Additional Options section, you can select from which Domain Controller to replicate to the current DC. If you do not have a specific reason, leave the default Any domain controller and click Next to continue.
In the Paths section, select where the NTDS, SYSVOL, and LOG folders will reside on your server. In my case I will leave the default ones, you can choose another disk based on your preferences and setup.
In the Review Options section, you will see a summary of the settings you have selected. Once you’re sure you have not made a mistake, click Next to continue.
In the Prerequisites Check section, the prerequisites will be checked (duh). Here, if even one error occurs, then you will not be able to continue and you will need to fix it before proceeding. Otherwise, if only warning messages (which are the most common) are displayed but the check has ‘passed’ as shown in the picture, click the Install button to proceed.
At this point, you will need to wait a few minutes until the installation process is completed. The server will automatically reboot immediately afterward.
After your reboot, your new Domain Controller is ready. It may take some minutes for the first complete replicate, but the installation process is complete.
Can we have two additional domain controller in the domain for more redundancy?
for ex. I already have DC01 (Primary domain controller) & DC02 (which is an additional domain controller) in my network. now can I have DC03 also acting as an Additional domain controller)?
Sure, you can have additional DCs on your infrastructure, there is no limit on the number.
Dear,
I have 1 server (domain controller and DNS).
I have another server but different subnet where i also installed additional dc with dns.
Everything is working fine.my question is if i configure reverse lookup zone on the first one it will be repliacted automatically without configuring anything on the additional dns (like tranfer Zone, or etc…) is it normal? Can i let some user to join on the first dc and others on the second?
I wish you had displayed view script part also 🙂
Great explanation otherwise thx.
i have two different network and domain controller so it is possible to connect each other?
while adding Additional domain server 2016 to existing domain server 2016, an error message is showing that a network path was not found, i added primary DC address in DNS address, and i disabled my windows firewall, but still my my problem was not solved
Are you able to perform this with ansible? I was able to deploy Active Directory with ansible but unsure about subdomains and Sites and Services for Windows Server 2016
Thanks bro.
Clear and still relevant on Aug 2021
Do you need to be logged in as a Domain\Administrator to do this?
If you are logged in as the machine\administrator when start this, you are logged out before it finishes as the machine\administrator account is disabled during this install.
Or, does it matter which account you are logged into when you start?