Part 3 – Configure Secondary Domain controller on Windows 2019/2022

Loading

In this exercise, we will learn to configure a new domain controller in our existing environment.

Blog Series

Our primary AD domain is called ash.local and we are going to add a backup domain controller to provide resilience and fault tolerance to our primary Active Directory server. Do not attach the VM AD2 to the domain and it should just be part of the workgroup.

Virtual MachineOSRoleIP Address
DC1 ( Root DC )2016Primary Domain Controller172.16.11.4
AD2 ( new DC )2022Secondary Domain Controller172.16.11.5

Network Configuration on Primary Domain Controller

The network configuration of our primary controller is configured as below and the IP must be static.

The preferred DNS server is 127.0.0.1 ( LocalHost ) and the alternate DNS server is the IP of our new Domain Controller.

Network Configuration on Secondary Domain Controller

The network configuration of our secondary controller is configured as below and the IP must be static.

The preferred DNS server is the IP of our old Domain Controller and 127.0.0.1 ( LocalHost ) is added as our alternate DNS server.

On our new server, go to Server Manager and select Add Roles and Features

Click Next to proceed

On Installation type, select Role-based or feature-based installation as shown and click Next

Pick our new server and click Next to Proceed

Select Active Directory Domain Services and also DNS if needed.

Select the option to restart the destination server

This image has an empty alt attribute; its file name is image-8.png

Once its installed, then we must promote the server as a domain controller.

Promote the server to a Domain Controller

Logged as a domain administrator, choose the promote this server to a domain controller to promote the server to a domain controller.

Choose the option to add a domain controller to an existing domain. Enter the existing domain name as ash. local. You will then be prompted for administrative credentials

On this page, select Domain Name System (DNS) server and Global Catalog (GC). Default-First-Site-Name should be selected as shown and also provide the directory services restore mode password. If you have forgotten this password, please follow this procedure to reset it.

In the next entry, leave the option as default as shown and click Next

In the next step, we choose where the AD data should be replicated from. We should choose our primary domain controller here.

This image has an empty alt attribute; its file name is image-14.png

Leave everything to its default path and click next to proceed

This image has an empty alt attribute; its file name is image-15.png

Review options and click next to proceed

Click Install to proceed

The system will reboot post the installation.

Change Alternative DNS Server IP

After successful login, open your network to change to an additional domain controller DNS IP Address.

Alternate DNS Server IP Address.

Once the services are back online, you can verify if both domain controllers are present by opening Active Directory Sites and Services.

Root DC and New DC Replication

We will now need to kick off replication between the root DC and our new DC to ensure AD database is in sync.


Expand the Default-First-Site-Name Servers, then expand the name of the current server that you are now working on, then select NTDS Settings on the additional domain controller as shown. Right-click on automatically generated and then choose to Replicate now.

As shown AD services have been replicated between the DC’s

Repeat the same thing for our RootDC as well. Expand Server2019 node and then select NTDS Settings. Right-click on automatically generated then select Replicate now so both DC’s replicate with each

Click OK

Conclusion

From an HA, Fault tolerance perspective, it is advisable to have multiple domain controllers in our lab always replicated.

(Visited 3,854 times, 1 visits today)

Leave a Reply