Add another Domain Controller (DC) on Active Directory

After your first Domain Controller is already in use, it’s time to add another Windows Server 2016 DC to your Active Directory environment. Either for redundancy, load balancing or just because another DC feels the right way to go. This is the process we will implement in the current article, which is just as easy and simple as the previous one.

To make the scenario a little more realistic, I have already set up the first DC named DC01 with the Active Directory domain ‘meraki.edu’. Now I will add the second DC named DC02 to the same AD domain, which will also have the role of DNS Server and Global Catalog. The two DCs are on the same IP subnet and have direct communication with each other on a local (LAN) connection. In DC02, I have initially configured network settings, changed the server name to DC02, and joined it to the local Active Directory domain.

So, the process will again take two steps:

  • Install the Active Directory Domain Services role
  • Promote the server to a Domain Controller

Install the Active Directory Domain Services role

Open Server Manager, click Manage and then Add Roles and Features.

Add another Domain Controller (DC) on Active Directory

Immediately afterward, the wizard window will open. In the Before You Begin section, click Next to continue.

Add another Domain Controller (DC) on Active Directory

In the Installation Type section, select Role-based or feature-based installation and click Next to continue.

Add another Domain Controller (DC) on Active Directory

In the Server Selection section, make sure that the server you want is selected and click Next to continue.

Add another Domain Controller (DC) on Active Directory

Under Server Roles, select Active Directory Domain Services. Once you do this, you will be asked to add some additional features. Click the Add Features button and then click Next to continue.

Add another Domain Controller (DC) on Active Directory

In the Features section, you do not have to choose anything, just click Next to continue.

Add another Domain Controller (DC) on Active Directory

In the AD DS section, some information about AD DS is displayed, just click Next to continue.

Add another Domain Controller (DC) on Active Directory

Finally, in the Confirmation section, click the Install button to proceed to install the role.

Add another Domain Controller (DC) on Active Directory

Promote the server to a Domain Controller

Once the role is completed, if you do not close the window, you will be prompted to promote the server to a Domain Controller (DC).

Add another Domain Controller (DC) on Active Directory

Alternatively, you can open the same window through Server Manager, as shown in the figure below.

Add another Domain Controller (DC) on Active Directory

In essence, this is the Active Directory Deployment Configuration wizard that will guide you to add another Domain Controller to the Active Directory environment.

In the Deployment Configuration section, since the AD forest already exists, enable Add a domain controller to an existing domain, and then type the domain name in the corresponding field. In my case is meraki.edu. You will also need to provide the credentials of an account that has the ability to add DC to the existing domain, such as the Domain Administrator. To proceed, click Next.

Add another Domain Controller (DC) on Active Directory

Under Domain Controller Options, enable (if desired) the Domain Name System options (DNS) Server and Global Catalog, leave the default Site Name and enter the Directory Services Restore Mode (DSRM) password. Keep this password in your documentation. Click Next to continue.

Add another Domain Controller (DC) on Active Directory

In the DNS Options sub-section, that you will see only if you install the DNS role, a warning message appears, but it does not need to worry you for the moment. Simply click Next to continue.

Add another Domain Controller (DC) on Active Directory

In the Additional Options section, you can select from which Domain Controller to replicate to the current DC. If you do not have a specific reason, leave the default Any domain controller and click Next to continue.

Add another Domain Controller (DC) on Active Directory

In the Paths section, select where the NTDS, SYSVOL, and LOG folders will reside on your server. In my case I will leave the default ones, you can choose another disk based on your preferences and setup.

Add another Domain Controller (DC) on Active Directory

In the Review Options section, you will see a summary of the settings you have selected. Once you’re sure you have not made a mistake, click Next to continue.

Add another Domain Controller (DC) on Active Directory

In the Prerequisites Check section, the prerequisites will be checked (duh). Here, if even one error occurs, then you will not be able to continue and you will need to fix it before proceeding. Otherwise, if only warning messages (which are the most common) are displayed but the check has ‘passed’ as shown in the picture, click the Install button to proceed.

Add another Domain Controller (DC) on Active Directory

At this point, you will need to wait a few minutes until the installation process is completed. The server will automatically reboot immediately afterward.

After your reboot, your new Domain Controller is ready. It may take some minutes for the first complete replicate, but the installation process is complete.

About Dimitris Tonias 144 Articles
My name is Dimitris Tonias, IT Pro, G(r)eek, focused on Server, Virtualization, and Cloud technologies.

9 Comments on Add another Domain Controller (DC) on Active Directory

  1. Can we have two additional domain controller in the domain for more redundancy?

    for ex. I already have DC01 (Primary domain controller) & DC02 (which is an additional domain controller) in my network. now can I have DC03 also acting as an Additional domain controller)?

  2. while adding Additional domain server 2016 to existing domain server 2016, an error message is showing that a network path was not found, i added primary DC address in DNS address, and i disabled my windows firewall, but still my my problem was not solved

  3. Are you able to perform this with ansible? I was able to deploy Active Directory with ansible but unsure about subdomains and Sites and Services for Windows Server 2016

  4. Do you need to be logged in as a Domain\Administrator to do this?
    If you are logged in as the machine\administrator when start this, you are logged out before it finishes as the machine\administrator account is disabled during this install.
    Or, does it matter which account you are logged into when you start?

Leave a Reply

Your email address will not be published.


*