Adding A Second Domain Controller To An Existing Domain:

Today’s post deals with adding a secondary Domain Controller to the existing techstaty.local domain that we built in this last tutorial.  The reasons for adding a secondary Domain Controller vary considerably from one deployment to another.

Two compelling reasons for doing so would be redundancy and clustering – you can’t run any clustered services in a Microsoft Domain environment unless you have more than one DC.  A third common reason for additional Domain Controllers is the presence of more than one geographical location.  You can choose to make this offsite Domain Controller a Read Only Domain Controller, in which case it only receives updates from the Primary Domain Controller, or you can allow two-way replication across the WAN link.  It’s entirely up to you and depends on the requirements of each project on a case by case basis.  Let’s jump into it.

Make sure that the secondary DC is named appropriately, DC02 in this case.  A big shout out to my fellow /r/sysadmin readers who thoughtfully suggested that I ditch WMIC to rename the computer, or use the GUI/PowerShell to accomplish this.  Here’s how you rename a computer with PowerShell :

Rename-Computer ( follow the syntax suggestions )

Now that that’s out of the way, let’s dig into the good stuff.  Also suggested by /r/sysadmin was to set a static IP on the servers, something which I heavily endorse but stupidly forgot to include in the last tutorial – unfortunately I will not be installing DHCP services yet, so there will be no DHCP reservations.  Kudos to these fine gentlemen  for keeping me on my game.  Set your static IP similar to below, paying extra special care to designate the existing DNS server ( DC01 in this case ) as the primary DNS, otherwise this will fail miserably.

 

Now that you’ve set the correct networking values for your environment, add the Active Directory Role from the Server Manager – followed by DCPROMO, or you can just run DCPROMO from the start.  Accept the default values until you reach the screen below.  Since we are adding a secondary DC to an existing domain, choose the Existing Forest > Add a domain controller to an existing domain option shown below.

 

Specify the domain you are wishing to join, techstaty.local in this case, and than make sure to set the alternate credentials.  You are attempting to integrate into an existing domain, so it’s going to prompt you for a Domain Admin account. Enter your Domain Admin credentials afterwards.

 

The wizard will complete and finish up, then prompt you to run DCPROMO.  Note that since I used the Server Manager to add the Active Directory Services role it requires a DCPROMO afterwards. DCPROMO kicks off and starts to do its thing.  You’ll notice several times in this process that DNS is scrutinized by the installation wizards very heavily; it’s very important to have a healthy DNS environment in a name based network, go figure.  Go grab a beer – this part can take a while.

 

Now you’re presented with additional options for your Domain Controller, DNS Server and the Global Catalog options should be installed as this is your secondary DC.  You could select RODC if you wanted a DC that would simply read changes from DC01, but not have the ability to write back. This is helpful when you have geographically distributed sites and want to minimize traffic across the links.

 

Now you’re prompted to enter the DSRM password.  You did write that down from the last time right? ;)

 

Now you get to wait on this.  My environment is virtualized on a crappy wireless USB NIC, so this part tends to take a long time for me.  On a proper network with dedicated hardware, you’re usually looking at no longer than a few minutes.  If you’re running a test lab in a virtualized environment and this process seems to be lagging, send a quick ping -a to the DNS server to wake it up.

 

Reboot the machine, and congratulations on adding a secondary Domain Controller to your environment.  Now move that computer object to the right OU and keep your new environment clean ya mutt!