Adding an additional domain controller can help to balance the load and increase fault tolerance. This article explains the steps you need to take to add a domain controller to your Active Directory (AD) environment.
Install Active Directory Domain services (ADDS)
- Log into your Active Directory Server with administrative credentials
- Open Server Manager, choose Add roles and features
- Read through the Before you begin screen, which is for informational purposes only.
Click Next - Select installation type: If it is a virtual machine deployment, choose Remote Desktop Services installation. Otherwise, choose Role-based or Feature-based installation.
- Select destination server: Select the destination server on which the role will be installed. Ensure that the IP address displayed is that of the selected server. Otherwise, close the Server Manager and retry.
- Select server roles: Select the roles you want to install on this server. The basic requirement to promote this server into a domain controller is Active Directory Domain Services.
- The features for this role are ready to be installed. The basic features required for this service are selected by default.
Click Next
- Confirm your installation selections.
Note: It is recommended that you select the option to Restart the destination server automatically if required.
- Click the Install button. Once installation is complete, close the window.
Promote the server to a domain controller
Note: The following actions can be performed only if the user belongs to the Domain Admins group.
Once the Active Directory Domain Services (ADDS) role is installed on this server, you will see a notification flag next to the Manage menu. Select Promote this server to a domain controller
This starts the ADDS configuration wizard.
- On the Deployment configuration step, select Add Domain controller to an existing domain. You need to specify the name of the domain in which the new DC will be added.
The Domain controller options step is displayed:
Options to make this Domain Controller a DNS server and a Global Catalog are selected by default. You can choose to make this DC a read-only DC if required. Select the site name for the DC and a unique password for the DSRM mode.
Note: DSRM mode helps gain access to an environment if all domain administrator accounts lose access or in case of DC failure.
As in this case, a DNS Server is being configured, you will be warned that a delegation for this DNS server cannot be created. This can be safely ignored.
Additional options: Choose where you want your DC to replicate from. Active Directory can replicate from any domain controller or a specific one.
- On the Paths step, confirm the location for ADDS database files, log files and SYSVOL.
- You can either use the default location, or select another folder as required
- Review your selections
Click Next
- Windows will then perform prerequisites check. Once it is done, click Install
- Your system will be rebooted after replication has taken place. Verify the health of the new domain controller by running dcdiag /v from the command line.
Conclusion
It is crucial for an administrator to have complete visibility over what is happening on their Active Directory to ensure that any suspicious activity relating to potential security threats is identified and responded to immediately.
The Lepide Active Directory auditing tool enables effective monitoring, auditing, and reporting on all Active Directory states and changes. It allows you to identify risk, monitor common attack paths, and detect attacks in real time, all from a single platform.