Windows Server 2016 – Adding a second Domain Controller

Docker Compose Tutorial for Beginners

AD is the core of your network. It has ties to everything! As such, it makes sense that you would want this to be as redundant as possible. In Windows Server 2016, creating a secondary DC is so easy that you really have no reason not to do it. Can you imagine rebuilding your directory following a single server hardware failure where you have 100 user accounts and computers that are all part of the domain that just failed? How about with 1,000 or even 10,000 users? That could take weeks to clean up, and you’ll probably never get it back exactly the way it was before. Additionally, while you are stuck in the middle of this downtime, you will have all kinds of trouble inside your network since your user and computer accounts are relying on AD, which would then be offline. Here are the steps to take a second server in your network and join it to the existing domain that is running on the primary DC to create our redundant, secondary DC. The larger your network gets, the more domain controller servers you are going to have.

Getting ready

Two Server 2016 machines are needed for this. The first we will assume is running Active Directory and DNS already, like the one we set up in our previous recipe. The second server is online, plugged into the same network, and has been named DC2.

How to do it…

To create a redundant secondary DC, perform the following steps:

  1. Open Server Manager on DC02 and click the link to Add roles and features.
  1. Click Next a few times until you get to the screen where we are selecting the role that we want to install. Let’s choose both Active Directory Domain Services and DNS Server. It is very common for each DC to also run DNS so that you have redundancy for both services. Both of these roles will prompt for additional features, so make sure you press the Add Features button when it prompts you to allow the installation of those extra components:
  1. We do not require any other features, so click Next through the remaining screens and then click on Install on the last page.
  2. Once the installation is finished, you have a link to click on that says Promote this server to a domain controller. Go ahead and click on that link:
  1. For this second DC, we are going to choose the Add a domain controller to an existing domain option. Then in the Domain field, specify the name of the domain that is running on your primary DC. You must also specify a domain user account in the credentials field to validate against the domain:

If you receive an error message that a DC for the domain could not be contacted, you probably haven’t specified a DNS address in your TCP/IP settings. Add your primary DC’s IP address in as your primary DNS server and it should work.

  1. The rest of the steps reflect the same options we chose when creating our first DC in the previous recipe. Once you are finished stepping through the wizard, you will have a secondary DC and DNS server online and running.

How it works…

Creating redundancy for Active Directory is critical to the success of your network. Hardware fails, we all know it. A good practice for any company is to run two DCs so that everyone continues to work in the event of a server failure. An even better practice is to take this a step further and create more DCs, some of them in different sites perhaps, and maybe even make use of some Read-Only Domain Controllers (RODC) in your smaller, less secure sites. See the following link for some additional information on using an RODC in your environment:

Comments are closed.