«

»

Dec 09 2012

Creating an additional Windows 2012 Domain Controller in an existing domain

You know that is recommended to have at least two domain controllers for your environment, right ? Is not just to balance the load, but for fault tolerance also. If one of them crashes you can force the roles (FSMO Roles) on the other one and you are good-to-go, users are happy.

The procedure of adding an additional domain controller in server 2012 is very easy, but longer compared to previous versions. First make sure you configure the TCP/IP protocol correctly so the server can find one of the domain controller(s) in the domain. In the DNS box put the IP address of one of your DNS servers, and make sure the IP is from the same subnet as your other domain controller(s).

For this lab, my first domain controller (Schema Master) is also running Windows server 2012. Now open Server Manager, because dcpromo is out of the game, and go to Manage > Add Roles and Features.

Skip this screen by clicking Next.

Leave the default selection here and continue the wizard. In server 2012 Remote Desktop Services are now separated from the usual roles.

Select the server you want to promote as additional domain controller and click Next.

On the Select server roles page check the box next to Active Directory Domain Services, then click Add Features on the window that pops-up. The Add Features button will install the necessary administration consoles like ADUC (Active Directory Users and Computers), ADSS (Active Directory Sites and Services), the PowerShell module, etc.

     

We have nothing to select here, so click Next to continue.

This is an informative page that tells you what Active Directory Domain Services is and what it does. I don’t know about you, but this is my first time I’ve read this page. Continue the wizard.

To start the installation click the Install button. If you want, you can close the wizard by clicking the Close button, and the installation will not be affected. It will run in the background.

     

After the installation succeeds is time to go to step two, promote the server as additional domain controller. You can click the link in the wizard Promote this server to a domain controller, or from Server Manager.

     

In the Active Directory Domain Service Configuration Wizard make sure the option Add a domain controller to an existing domain is selected. In the Domain box type the domain where this server will be an additional domain controller. You can also click the Select button and choose from the list. Click the Change button and provide the credentials of a domain admin account.



If you want this domain controller to also be a DNS server leave the Domain Name System (DNS) server box enabled. The same is for the other two options, and I’ll leave them to you. Select the correct site name, of you have more than one, then provide the Directory Services Restore Mode (DSRM) password.

This appears because the wizard can’t create a delegation in the DNS server in the parent zone. You can ignore this message, like it tells you at the end.

On the Replicate from box, select the replication partner. If you have multiple sites, you should select the domain controller that is acting as a Bridgehead server, so replication traffic is minimized.

If you don’t like the default paths for the AD database and log files, choose a different one. It is recommended to put those on different hard drives, but that’s just for high load domain controllers.

Review the options and click Next. If you want to see the script that is used by the wizard to promote this server to a domain controller, click the View script button.

     

The wizard will verify if the server meets all the prerequisites before the promotion begins. If everything looks good, click Install.

     

The promotion will take just a few minutes. At the end click the Close button to reboot the server. Well…if you don’t click-it, it will reboot anyway, so it’s up to you.

After the server is up, open ADUC and verify the server is in the Domain Controllers container.

Take a look at the DNS zone see if is there.

     

Want content like this delivered right to your

email inbox?


Leave a Reply

Your email address will not be published. Required fields are marked *


*

css.php