How to add an additional domain controller

In this Tutorial we are going over the process to add a new Domain Controller into an existent domain.


The first step is to add the role on Windows Server 2012 R2, we cover all the steps and a few hints on the following Tutorial:, make sure that you complete those steps before continuing in this Tutorial.

Before promoting the new server as Domain Controller, we will make sure that we covered these key points:

  • To avoid problems avoid having multi-homed Domain Controllers, so one network adapter is good enough
  • Configure the primary DNS of this new server to point out to an existent domain controller
  • This happens more often than we think, make sure that you rename the server properly (nowadays Windows Server 2012 R2 makes so easy to deploy it that sometimes we forget that the server comes with a random name).

After installing the role, open Server Manager if it is not already open, click on the notification icon located on the right-upper corner and then click on Promote this server to a domain controller.


In the Deployment Configuration page. In this page is where we define where the current server will be placed in the current environment. For this Tutorial the goal is to add an additional Domain Controller into an existent domain, so we will select Add a domain controller to an existing domain, and we wil provide the domain credentials clicking on Change… button, and finally we are going to select or type the FQDN of the domain. After providing the authentication, selecting the domain and the deployment operation we can safely click on Next to continue.


In the Domain Controller Options page. By default, we will have the DNS and Global Catalog selected, and unless you have a specific requirement we recommend to keep the default settings. Make sure that the Active Directory site is selected properly based on your environment, and the last step is to define a password to use the DSRM (Directory Services Restore Mode).

Note: The DSRM password is not the local administrator and that password will only be used during troubleshooting process. This password can be changed at any time using ntdsutil.


In the DNS Options page. Click Next.


In the Additional Options page. Leave default settings and click Next. The administrator can decide which domain controller the initial replication will occur but default settings are fine for the vast majority of the deployments.


In the Paths page. We will leave default settings, and then click on Next.


In the Review Options page. A summary of all options covered during the wizard are going to be displayed, click on Next.


In the Prerequisites Check page. The wizard will check the current environment to validate if everything is fine to continue, check all warning and if there is no major issues, click on Install.


A restart is required when installing a new domain controller, and by default the server will restart automatically after the initial replication, as shown in the figure below.


After the restart we will give some time for the server to create the replication connections with the existent domains, enable the Global Catalog, wait the default shares (netlogon and sysvol) to be listed and so forth. Give at least 20 minutes for that process in a small network.


In this Tutorial we went over the process to add an additional domain controller running Windows Server 2012 R2.