Creating an additional domain controller in an existing domain

Your environment is growing so you need to think about availability for your domain controller. You might think, what the heck, I’ll just restore it from backup if my domain controller fails; and you are right, but until you restore it, your users won’t be happy at all. To prevent this kind of situations additional domain controllers are needed, so if one fails others takes the charge. Another reason why you need to have multiple domain controllers is for load balancing the traffic for the domain, and improve the reliability of network services.

For this guide I have a Windows Server 2008 R2 Enterprise as a domain controller and DNS server for the forest/domain. We will add to this domain an additional domain controller also running Windows Server 2008 R2 Enterprise. I presume that your DNS and Active Directory infrastructure is working well, and no problems exist in the environment. Before we begin, the network adapter for the second server needs to be configured with a static IP address. On the Preferred DNS server box type the IP address of the domain controller, then click OK to save the changes.

Now go to Start > Run and issue the dcpromo (Domain Controller Promotion) command.

Some Active Directory binaries need to be installed on the system before the Active Directory wizard will pop-up.

On the Welcome screen leave the Use advanced mode installation option unchecked, because this is for advanced stuff that we don’t need right now.

The compatibility screen is for those that are still using NT or other non-Microsoft clients, but is not our case since we have only 2008 R2 operating systems.

Choose Existing Forest then Add a domain controller to an existing domain.

Here type the domain name where you plan to install this domain controller, then set the credentials to connect to that specific domain. You need to use a Domain Admin account for this operation to succeed.

Now the domain we just typed is verified and displayed on the Select a Domain page. Click Next to continue.

If you have more sites in your environment, select the one that corresponds to this domain then click Next.

Now you have the option to install the DNS service on this server and make it a global catalog. In my environment I can’t install this server as a RODC because my forest functional level is still in mixed mode (Windows 2000 compatible). No stress, if I decide later to install a RODC all I have to do is raise the forest functional level to 2003 mode. Leave the defaults and continue.

If you get the following warning screen, don’t worry, just click YES and continue. This warning appears because the server is not part of the domain, and the wizard can’t create a delegation for this DNS server in the parent zone. During the domain controller promotion this will be fixed.

Here you have the option to change the path of the Active Directory database and log files, but I’m going with the defaults.

Type a strong password for the Active Directory Restore Mode and continue.

On the Summary screen we have the option to export the settings that we just configured through this wizard; so if you need to deploy multiple domain controllers on your domains you can do it silently using this settings. Off course some changes are needed on the file, but you get the idea. Click the Next button to start the installation.

Now the wizard is installing the necessary services, and is setting the correct permissions for this domain controller.

After restart you can log in with your domain admin account.

Now in the Active Directory Users and Computers you can see two domain controllers,

and in the DNS zone a proper entry was created for the server.

If we take a look at the Name Servers tab, we can see that both domain controllers are listed here acting as DNS servers for the domain.

Want content like this delivered right to your

email inbox?

2 thoughts on “Creating an additional domain controller in an existing domain

  • 28/05/2013 at 10:34

    hi thanks for education , ok after install Additional what can we do for Dhcp server because when the master domain controller went down additinal domin dont configure dhcp server what can i do ??
    please help me

    • 28/05/2013 at 11:10


      Just add the IP of your additional domain controller to the DHCP scope options > DNS Servers and you’re done. From now on clients will have two DNS server addresses, and if one is not responding they will try the other IP.


Leave a Reply

Your email address will not be published. Required fields are marked *