Add Domain Controller to existing domain

You have a Domain Controller running in the organization. But only one DC running in the organization is asking for
trouble. Because when the DC is offline, the users can’t authenticate with the DC and can’t sign in. That’s a critical
failure. So it’s always recommended to have at least two DCs running in the organization. In this article, you will
learn how to add a secondary Domain Controller to an existing domain step by step.

Domain Controllers best practice

• Each domain should have at least two functioning writeable Domain Controllers to provide fault tolerance. If
a domain has only one Domain Controller and this Domain Controller fails, users will not be able to log on to
the domain or access any resources in the domain. And if you have only one writable domain controller in
your domain and this Domain Controller fails, you won’t be able to perform any AD DS management tasks.
• Domain Controllers should be dedicated servers that are used only for hosting the AD DS and DNS Server
roles. Their full attention should be directed to performing their main job, which is authenticating users and
computers for client logons and for accessing network resources.

Add secondary Domain Controller

To add an additional Domain Controller to an existing domain, follow the steps below.

Install Windows Server

You must have a Windows Server installed and joined to the domain (member server) before installing the Active
Directory Domain Services role.

In our example, the new Domain Controller that we will add to the existing domain is DC02-2019 and is already
joined to the domain exoip.local. DC01-2019 is our first Domain Controller.

The screen below is what the IP setting looks like on DC02-2019. The preferred DNS server is DC01-2019.
Install Active Directory Domain Services role

To install Active Directory Domain Services (AD DS) role on Windows Server, follow the steps below:

1. Start Server Manager.

2. Go to Dashboard > Manage > Add Roles and Features.

3. Click Next.
4. Select Role-based or feature-based installation. Click Next.

5. Select the server from the server pool. Click Next.

In our example, it’s Windows Server DC02-2019 with a fixed IP address 192.168.1.52.
6. Check the checkbox Active Directory Domain Services.

7. A window will show that it will add features that are required for Active Directory Domain Services. Click Add
Features.
8. Click Next.

9. You don’t need to select any features. Click Next.

10. Click Next.

10. Click Install.

11. The installation will start and the progress appears.

In the next step, we will promote the server DC02-2019 to a Domain Controller.

Promote server to Domain Controller

Now that the Active Directory Domain Services feature installation is completed on Windows Server, additional
steps are required to make this machine a domain controller.

1. Click on Promote this server to a domain controller.

2. Select Add a domain controller to an existing domain and fill in the administrator credentials. Click Next.

3. Type the Directory Services Restore Mode (DRSM) password twice. Click Next.
4. Ignore the delegation warning at the top. Click Next.

5. You can select from which Domain Controller you want to replicate.

In our example, only DC01-2019 is a Domain Controller.

6. Select a Domain Controller or select Any domain controller to replicate from. Click Next.

7. Click Next.
8. Click Next.

9. Click Install.
10. The Domain Controller promotion and replication is in progress.

11. A reboot will automatically occur at the end of the promotion and replication operation.

Check new Domain Controller configuration

Now that there are two Domain Controllers up and running in the organization, it’s essential to check the Domain
Controllers configuration.

DNS server addresses setting

Go to DC02-2019 IP settings and check the DNS server addresses:

• Preferred DNS: Domain controller DC01-2019 (192.168.1.51)

 • Alternate DNS: Loopback address (127.0.0.1)

Go to DC01-2019 IP settings and configure the DNS server addresses:

• Preferred DNS: Domain controller DC02-2019 (192.168.1.52)

• Alternate DNS: Loopback address (127.0.0.1)
Active Directory Users and Computers

Start Active Directory Users and Computers and check that it’s connected to the Domain Controller DC02-2019.

Click on the OU Domain Controllers and verify that both Domain Controllers are shown.

Active Directory replication status

repadmin /replsummary

The PowerShell output appears.

Replication Summary Start Time: 2023-01-06 12:05:14

Beginning data collection for replication summary, this may take awhile:
.....

Source DSA largest delta fails/total %% error

DC01-2019 19m:06s 0/ 5 0
DC02-2019 09m:06s 0/ 5 0

Destination DSA largest delta fails/total %% error

DC01-2019 09m:05s 0/ 5 0
DC02-2019 19m:06s 0/ 5 0

You learned how to add an additional Domain Controller to an existing domain. First, ensure that you meet the
prerequisites. After that, install the Active Directory Domain Services (AD DS) feature. As of last, replicate from
another Domain Controller and promote the server to a Domain Controller.

Remember to check the new Domain Controller configuration. The AD objects in Active Directory Users and
Computers must be replicated to the new Domain Controller. Also, the replication health should pass and not show
any errors.

─── ⋆⋅☆⋅⋆ ───