Adding additional Domain Controller (Windows Server 2012)
Why do we need to add additional Domain Controller? This answer is very simple: “for services redundancy” or “for domain authentication improvement in remote Site”.
In case of server failure, we still have another one which can provide necessary services in our network, which avoids business discontinuity.
First of all, we need to install new box or virtual machine with a server operating system that is supported in domain environment. To check what Windows Server versions can be installed and promoted as Domain Controller, we need to check Domain Functional Level.
To determine Domain Functional Level, please follow my another article on the blog titled: Determine DFL and FFL using PowerShell
You may find one of these Domain Functional Levels supported by Windows Server 2012 Domain Controllers:
- Windows Server 2003 – supports Windows Server 2003 and above
- Windows Server 2008 – supports Windows Server 2008 and above
- Windows Server 2008 R2 – supports Windows Server 2008 R2 and above
- Windows Server 2012 – only Windows Server 2012 is supported
When you already know you Domain Functional Level, you can start adding additional Domain Controller
First of all, you need to install new machine based on Windows Server 2012. When server is already installed, you have to configure its network card properties to be able to start promotion process. As it is Domain Controller, server requires static IP address from the same subnet or subnet which is routable within a network. As directory services rely on DNS server, you need to properly point where the service is running. In this example additional server is using 192.168.1.1 DNS IP address (a forest root domain DC).
After IP address verification and server name change, you can simply start Active Directory: Directory Servicesrole installation. As you already know, Windows Server 2012 does not support server promotion over dcpromo, you need to do that in post-installation steps.
Open Server Manager and click on “Add roles and features” under Dashboard screen
Using default settings in a wizard go up to “Server roles” step (in this article those steps are not described. You may expect their description in another article) and select Active Directory Directory Services role. Accept also default features which are required during installation. Verify if check box is in proper place and go to the next step
On “Features” screen also go to the next step as we do not need more at this step to be installed. All required features will be installed as you accepted them a little bit earlier
Read information about role you are installing and go to confirmation screen to install it
Wait some time until selected role is being installed before you will be able to promote server to Domain Controller
Now, when role is installed, you can see in notification area an exclamation mark. It tells you that post-installation steps might be required
Click on it to see what can be done. You will see that now, you can promote your server to Domain Controller and information that features were installed successfully
OK, let’s start server promotion to Domain Controller! Click on “Promote this server to a domain controller” and you will see a wizard.
As we are adding Domain Controller into existing domain, we need to select proper option. It is selected by default, however, please ensure if you can see that “Add a domain controller to an existing domain” is selected
When you verified that, place in field with red star DNS domain name to which you are promoting DC. Provide Enterprise Administrator credentials and go to the next step
Define if server should be DNS server and Global Catalog. I would strongly recommend installing both roles on each Domain Controller in your environment. Select a Site to which this DC should belongs to and define Directory Services Restoration Mode (DSRM) password for this DC
Do not worry about DNS delegation as this server is not DNS already. Go to the next step
In”Additional options” you can define if you want to install this Domain Controller from Install From Media (IFM) (if you have it) and point from which DC replication should be done. When you do not specify, server will choose the best location for AD database replication. If you have no special requirements for that, just leave “Any domain controller”
Specify location for AD database and SYSVOL (if you need different that suggested) and go to the next step
You will see a summary screen where you can check all selected options for server promotion. As in Windows Server 2012 everything done over Server Manager is translated into PowerShell code and it is executed in a background, you can check code by clicking on “View script” button. You will see what exactly will be run. This is transparent process and you cannot see PowerShell window in front of you
PowerShell code for adding Domain Controller
# # Windows PowerShell script for AD DS Deployment # Import-Module ADDSDeployment Install-ADDSDomainController ` -NoGlobalCatalog:$false ` -CreateDnsDelegation:$false ` -Credential (Get-Credential) ` -CriticalReplicationOnly:$false ` -DatabasePath "C:WindowsNTDS" ` -DomainName "testenv.local" ` -InstallDns:$true ` -LogPath "C:WindowsNTDS" ` -NoRebootOnCompletion:$false ` -SiteName "Default-First-Site-Name" ` -SysvolPath "C:WindowsNTDS" ` -Force:$true
If all prerequisites will pass and you are sure that all setting you have set up properly, you can start installation
After you clicked on “Install” button, wait until wizard will do its job and after server restart you will have additional Windows Server 2012 Domain Controller.
Give DC some time to replicate Directory Services data and you can enjoy with new DC.
Author: Krzysztof Pytko