In this exercise, we will learn to configure a new domain controller in our existing environment.
Blog Series
- Configure Certificate Authority Server in Windows 2022
- Part 3 – Configure Secondary Domain controller on Windows 2019/2022
- Part 4 – How to Migrate and Upgrade Active Directory Server 2016/2019 to Server 2022
Our primary AD domain is called ash.local and we are going to add a backup domain controller to provide resilience and fault tolerance to our primary Active Directory server. Do not attach the VM AD2 to the domain and it should just be part of the workgroup.
| Virtual Machine | OS | Role | IP Address |
| DC1 ( Root DC ) | 2016 | Primary Domain Controller | 172.16.11.4 |
| AD2 ( new DC ) | 2022 | Secondary Domain Controller | 172.16.11.5 |
Network Configuration on Primary Domain Controller
The network configuration of our primary controller is configured as below and the IP must be static.
The preferred DNS server is 127.0.0.1 ( LocalHost ) and the alternate DNS server is the IP of our new Domain Controller.
Network Configuration on Secondary Domain Controller
The network configuration of our secondary controller is configured as below and the IP must be static.
The preferred DNS server is the IP of our old Domain Controller and 127.0.0.1 ( LocalHost ) is added as our alternate DNS server.
On our new server, go to Server Manager and select Add Roles and Features
Click Next to proceed
On Installation type, select Role-based or feature-based installation as shown and click Next
Pick our new server and click Next to Proceed
Select Active Directory Domain Services and also DNS if needed.
Select the option to restart the destination server
Once its installed, then we must promote the server as a domain controller.
Promote the server to a Domain Controller
Logged as a domain administrator, choose the promote this server to a domain controller to promote the server to a domain controller.
Choose the option to add a domain controller to an existing domain. Enter the existing domain name as ash. local. You will then be prompted for administrative credentials
On this page, select Domain Name System (DNS) server and Global Catalog (GC). Default-First-Site-Name should be selected as shown and also provide the directory services restore mode password. If you have forgotten this password, please follow this procedure to reset it.
In the next entry, leave the option as default as shown and click Next
In the next step, we choose where the AD data should be replicated from. We should choose our primary domain controller here.
Leave everything to its default path and click next to proceed
Review options and click next to proceed
Click Install to proceed
The system will reboot post the installation.
Change Alternative DNS Server IP
After successful login, open your network to change to an additional domain controller DNS IP Address.
Alternate DNS Server IP Address.
Once the services are back online, you can verify if both domain controllers are present by opening Active Directory Sites and Services.
Root DC and New DC Replication
We will now need to kick off replication between the root DC and our new DC to ensure AD database is in sync.
Expand the Default-First-Site-Name Servers, then expand the name of the current server that you are now working on, then select NTDS Settings on the additional domain controller as shown. Right-click on automatically generated and then choose to Replicate now.
As shown AD services have been replicated between the DC’s
Repeat the same thing for our RootDC as well. Expand Server2019 node and then select NTDS Settings. Right-click on automatically generated then select Replicate now so both DC’s replicate with each
Click OK
Conclusion
From an HA, Fault tolerance perspective, it is advisable to have multiple domain controllers in our lab always replicated.