How to Add a Domain Controller to an Existing Domain

Adding a domain controller (DC) to an existing domain enhances Active Directory availability, balances authentication requests, and ensures fault tolerance. This article explains how to add a domain controller to an existing domain using step-by-step instructions.

Benefits of Adding a Domain Controller to an Existing Domain

1. Increased Availability: Multiple domain controllers reduce the risk of downtime.
2. Load Balancing: Authentication and directory services are distributed across DCs.
3. Disaster Recovery: Redundancy ensures Active Directory remains operational during failures.
4. Geographical Coverage: A DC in a remote location improves authentication speed for users in that region.

Pre-Requisites

1. Access Rights: Ensure you have Domain Admin or Enterprise Admin privileges.
2. Server Configuration: Install the Windows Server OS on the new domain controller.
3. Network Configuration: Assign a static IP to the new server and configure DNS to point to the existing DC.
4. Connectivity: Ensure the server can communicate with the existing DC.
5. Time Synchronization: Verify that the server's time is synchronized with the existing DC.

Steps to Add a Domain Controller

1. Install the Active Directory Domain Services (AD DS) Role

1. Open Server Manager on the new server.
2. Click Add roles and features and follow the wizard.
3. Select Active Directory Domain Services under Server Roles.
4. Upon completion of the installation, reboot the server if prompted.

2. Promote the Server to a Domain Controller

1. Open Server Manager and click the notification flag.
2. Select Promote this server to a domain controller.
3. In the Deployment Configuration window:
   • Choose Add a domain controller to an existing domain.
   • Specify the existing domain name and provide administrator credentials.
4. Configure domain controller options:
   • Domain Name System (DNS): Enable this option to install DNS on the new DC.
   • Global Catalog (GC): Ensure this is checked for directory-wide searches.
   • Read-Only Domain Controller (RODC): Leave unchecked unless needed.
5. Set a Directory Services Restore Mode (DSRM) password.

3. Verify Prerequisites and Install

1. The wizard will check prerequisites for the new domain controller.
2. If there are no errors, click Install to promote the server to a DC.
3. The server will restart automatically after installation.

4. Replicate Active Directory

1. Open Active Directory Sites and Services on the new DC.
2. Verify replication by expanding the site and checking the NTDS Settings for the new DC.
3. Force replication if needed:
   • Right-click on NTDS Settings and select Replicate Now.

Post-Configuration Checks

1. Validate Replication: Run the repadmin /replsummary command on the new DC to ensure replication is successful.
2. Test Authentication: Log in using domain credentials to test authentication.
3. Check DNS Configuration: Ensure DNS records for the new DC are updated and functioning.
4. Backup the Domain Controller: Create a backup of the new DC for recovery purposes.

Troubleshooting Tips

1. Replication Issues:
   • Use the dcdiag tool to identify and resolve issues.
   • Check for firewall rules blocking communication.
2. DNS Problems:
   • Verify that the new DC's DNS settings point to the existing DC.
3. FSMO Role Transfer:
   • If required, transfer Flexible Single Master Operations (FSMO) roles to the new DC using ntdsutil.