Adding an Additional Domain Controller on Windows Server 2016

In this article, we will show you how to deploy an additional domain controller in an existing Active Directory forest based on Windows Server 2016. An additional domain controller can be used to increase domain resiliency, used for load balancing between AD sites, and reduce the load on WAN links between the HQ and branch offices. For normal Active Directory operation, it is recommended to deploy an additional DC in each remote branch and configure replication between them.

Suppose you have one AD domain controller in the central office, and you want to add an additional DC in your remote branch office in Toronto. For example, the domain controller in HQ is called DC1, and you want to add DC2 in Toronto.

First of all, you need to create IP subnets and an AD site for your branch office. This is necessary in order for the computers and users in your branch are authorized on their own DC, and not send requests over the WAN link to the central office DC01.

Open the Active Directory Sites and Services snap-in. Expand the Sites > Subnets and create 2 IP subnets (New > Subnet):

  • 192.168.1.0/24 – head office network;
  • 192.168.10.0/24 – branch office IP network.

additional domain controller

Now create a new Toronto site (Sites > New Site).

Note. The Default-First-Site-Name site is created automatically when you deploy the first DC in the AD forest. In our example, this is the site of the central office.

add new domain controller to existing domain

Now open the properties of the 192.168.10.0/24 subnet and change the site to Toronto.

add new domain controller to existing domain 2016

Now you can install a new instance of Windows Server 2016 in the branch office. It can be a physical or virtual server.

Set the following settings on your new domain controller:

  • Change the server name to DC2;
  • Install all current Windows security updates;
  • Set the correct time and time zone;
  • Be sure to set the static IP address for a new server (in our example, this 192.168.10.11);
  • Set the address 127.0.0.1 as the primary DNS server, and the IP address of the first DC1 as an alternative (for example, 192.168.1.11);
  • Use the Server Manager console to install the Active Directory Domain Services role.

After installing the ADDS role, run the Server Manager and select Post-deployment Configuration > select Promote this server to a domain controller;

add additional domain controller

In the Active Directory Domain Services Configuration Wizard, select Add a domain controller to an existing domain and specify the name of your domain (in my example test.com):

install additional domain controller

The next step is to enable the following options:

  • Domain Name System (DNS) server;
  • Global Catalog (GC);
  • Site name > select Toronto site instead of Default-First-Site-Name;
  • Specify a password for DSRM mode.

additional domain controller 2016 step by step

In the Additional Options step, you can select the domain controller from which you want to perform the initial replication of Active Directory data. We will use DC1 as a source.

Hint. If you have a poor data channel between HQ and branch office, you can create an Install From Media image on DC1 and transfer the physical drive with the IFM image to the branch. In this case, you can use a local copy of IFM for initial replication.

domain controller and additional domain controller

Set the Paths to the AD DS database (NTDS), log files, and the SYSVOL folder. We recommend leaving the default values.

additional dc

That’s all. Check the info in the Prerequisites Check list and start the installation of an additional DC by clicking the Install button.

additional domain controller active directory

Hint. You can deploy an additional DC using a single PowerShell command:

Import-Module ADDSDeployment

Install-ADDSDomainController `

-NoGlobalCatalog:$false `

-CreateDnsDelegation:$false `

-Credential (Get-Credential TestAdministrator) `

-CriticalReplicationOnly:$false `

-DatabasePath "C:WindowsNTDS" `

-DomainName "test.com" `

-InstallDns:$true `

-LogPath "C:WindowsNTDS" `

-NoRebootOnCompletion:$false `

-SiteName "Toronto" `

-SysvolPath "C:WindowsSYSVOL" `

-SafeModeAdministratorPassword (ConvertTo-SecureString '!P@ssw0rd!' -AsPlainText -Force) `

-Force:$true

After the installation is complete, your new server will appear in the Active Directory Users and Computers (ADUC) console in the Domain Controllers section.

add new domain controller to existing domain server 2016

You can check the replication status between domain controllers using the repadmin tool:

Repadmin /replsummary

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.