How to add a second Domain Controller in Active Directory

Introduction

In this tutorial, we’ll set up a secondary domain controller to our Active Directory environment. The DC is the most important asset in the environment, which means if this goes down for any reason then you’ll face immediate problems — this statement mainly refers to a production/enterprise environment. Having a second DC can be good for performance improvements (load balancing) and redundancy (continue operations if the primary DC goes down) so a couple of great reasons why this would be a good idea.

This tutorial will assume you have a virtual lab ready to use and a Windows Server ISO (2019 in this guide). The guide will start with the installation of Windows Server 2019 right through to updating the DNS records.

Note: There will likely be other additional services such as DHCP that you need to set up in order to match/replicate your Primary Domain Controller — this will depend and vary based on your lab setup. If you simply want to match my setup, then the additional roles & Features you’ll need are covered a previous guide; https://medium.com/@techbeatz/how-to-setup-an-active-directory-lab-d4c454bb4753

1. Install Windows Server 2019 and Active Directory Domain Services

Our first step is to install the the Windows Server operating system in our virtual machine and then install AD DS (Active Directory Domain Services) on the new server.

To make this as easy as possible, you can follow my previous tutorial up to step 6 — excluding step 3 which is covered below (this is the key step which differentiates the two guides) https://medium.com/@techbeatz/how-to-setup-an-active-directory-lab-d4c454bb4753

This means you’ll carry out steps 1 and 2, step 3 is below and then go back to the link above for steps 4, 5 and 6.

2. Domain Controller setup (step 3 from original guide as mentioned above)

At this stage, you need to be ready to promote the server to a Domain Controller status.

In the Server Manager, click on the flag/warning icon and select “Promote this server to a domain controller” this will make it a domain controller.

This time, you need to select “Add a domain controller to an existing domain” (instead of creating a new domain). Follow along and create the domain admin credentials. Within the options page, leave the default items selected and enter the DSRM password.

Note: there maybe a warning on the DNS option page — this can be ignored.

We want to replicate the primary domain controller, which you’ll have the opportunity to set once you come to the additional options page. We can now choose the domain controller that we want to copy/replicate — which in most cases will be your Primary Domain Controller.

Unless I’ve not explicitly called out a specific option or configuration then assume you can continue with the default settings and keep going until you’re presented with the end summary/review configurations.

Once you’ve checked the settings, click Install. You may see a couple of warnings at the Prerequisite check stage but no action is needed, just continue with the installation and run.

The setup is almost complete, we just need to check our installation by verifying Active Directory replication. Reboot the server so the settings can propagate through to the environment.

Open Active Directory Users and Computers and look at the domain controllers menu so we verify that the new (and existing) domain controllers are showing.

To ensure there aren’t any errors that happened during the replication process, we’ll use a built-in tool called repadmin utility.

Open PowerShell or a Command Prompt on the new domain controller. Type repadmin /replsummary <Your_DC_name>

The result of this command should hopefully show that there were no errors during the replication.

The final setting we need to configure is the DNS servers so they point to each other as the Primary DNS option and point to themselves as the secondary DNS option.

This is the IP configuration on my Primary Domain controller — DC1. On the newly created secondary server, you would basically swap around the IP address and Preferred DNS server values.

Links