Adding an additional Domain Controller to an existing domain in Windows Server 2012 R2

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video I'm going to add an additional domain controller to my new test domain I made a domain in a prior video called test domain comm and it's the first and only domain controller on this brand new domain in a brand new forest all of the settings have been configured I have a static IP address and DNS was brought along with that installation other than that it's a pretty basic brand new installation nothing else special to it but now what I want to do is I want to add a second domain controller onto my network that way if one of my domain controllers is unavailable my clients can still use that second domain controller for logins for gaining access to services etc it's always good to have a backup and even though this isn't what you could consider traditionally a backup its fault tolerance if one server fails the other one is there working so what we're going to do is we're going to look at what it takes to make this second server a domain controller on this same domain now the most important thing when setting up domain controllers or clients towards Active Directory is making sure that DNS is set properly the IP address of my domain controller is 192.168.1.2 i can do an IP config slash all and I can see the results of that command 192.168.1.2 is the IP address and my first domain controller as it should is using itself for DNS you'll notice the colon colon 1 which is the ipv6 loopback and the 127 0.01 the ipv4 loopback address now in order for anyone to find anything in Active Directory DNS needs to be pointed correctly so if I want to make this second server a domain controller on that test domain that I've created I need to make sure that my DNS is set properly so I can go into my adapter and I'm going to go into tcp/ip version 4 and I can check to make sure that my IP address is set statically my subnet mask is correct and my preferred DNS server is the IP address of a domain controller on a Microsoft network every single client and every single server should be using the DNS server on a domain controller because this is set correctly I shouldn't have any trouble adding this computer as an additional domain controller on my existing domain now in order to do this it's almost the same process as if I was creating a brand new domain on a brand new forest I'm going to add roles and features I'm going to create a role based installation on my server and I'm going to add the Active Directory domain services role when I add this role in I'm going to bring along some features that include active directory administrative center some other active directory tools so not only will it be a domain controller but I want all those tools available to me on either server now if I didn't want that I could leave them off but in most cases I would want that I'll say next I don't want any more features than those that I've already selected to bring along here's some tips about Active Directory domain services and then the confirmation and the summary of the things that I want to select I won't need to restart after this installation is complete because when this installation completes I actually enter the process of promoting this server to a domain controller now this process won't take too long it's simply putting all of the binaries in place it's not configuring anything and no choice is about Active Directory you've really been made yet it's simply putting the files in place so that in the future I can promote this server so no harm is really done by running through this process and it goes fairly quickly the installation process is completed but you'll notice that configuration is required there's a link right here to promote this server to a domain controller if you happen to close this out you can always go up to the notifications area and also choose to promote this server here to a domain controller now this time is a little different than creating a brand new domain I'm going to add a domain controller to an existing domain which is also on an existing forest if I wanted a brand new one I would create a brand new forest but in this case I'm simply making a second server to balance the load and provide me with the fault tolerance that I need so the domain I want to become part of is test domain comm and I will need some credentials you can't just be any old user that joins this domain you need to have credentials that are allowed to become a domain controller otherwise you'd be stealing credentials so I need to put in credentials for my test domain comm so I can do this one of two ways I can say test domain backslash administrator or I can use the user principal name which is administrator at test domain com either one will work and either one shouldn't give you any trouble you will need the password and when you say okay you can say next now it's going to use these credentials to attempt to join this computer as an additional domain controller on this domain now you may have noticed this computer isn't even on this domain at all yet and that doesn't matter at all it does not matter at all where this computer lives when it's going to join or become a domain controller on the new domain this blue progress bar will run across the screen a little bit as we go because that means it's doing some prerequisite checks or it's doing some testing against that server to see what type of configuration is necessary now we have a couple of choices to make this was trivial when setting up our very first domain controller in a new domain and a new forest but now we have a choice we don't have to be a domain name system server we don't need to be a DNS server on the second domain controller for redundancy purposes it's often good to do though if you're going to have two domain controllers why would you create a single point of failure with only having one DNS server so it normally makes sense to leave your second domain controller as a DNS server as well same thing with global catalog if global catalog is going to be unavailable because it's only on one server then you might consider making your second server global catalog as well and in this particular case I want both of my servers to be readwrite domain controllers if this second server was going to a branch office I would consider a read only domain controller for security purposes I want to make sure that there's nothing worth stealing on this particular server that I couldn't easily remediate and because I haven't created any new sites yet on my brand new domain there isn't really much to choose here in the site name once you've created sites you'll know which one to choose because when you create them these will be defined as the different physical locations of your offices just like with our very first domain controller we need a directory services restore mode password and it's always a good idea to keep that in a safe place because it's likely that you'll forget it because restoring from a backup is probably not something that's going to happen in the first weeks or months of a new server it's something that would happen years down the road and this password is kind of an easy one to forget I still cannot create a DNS delegation because I'm using a pretend domain now somebody out there may actually own test domain comm I don't know but I'm using this as a simple example of my domain I'm not actually joining my new domain with DNS and Active Directory onto the Internet as an additional domain controller on a domain I have some choices I can actually install from media but this would require me to have already created a USB flash drive containing the Active Directory database you will also usually be used in a situation where I don't have actual network connectivity between my two servers as long as I have reasonable network connectivity between my two servers it's always best to simply replicate directly from an additional domain controller that already exists on your domain that way when you set up your server it is completely up to date installing from media is only as up-to-date as your media is but in a pinch installing from media is a nice choice I'm given the choice as to where to store my Active Directory database log files in sis file in my testing environment I'm going to leave everything in its own place but in a real environment I might consider moving sis file if I plan on using a lot of that space and I might move it to a larger disk and in a perfect world on a busy domain controller I would consider separating my database folder and my log files because of the way that those files are accessed databases are read relatively randomly it's going to seek all over the disk a log file is going to be read and written sequentially I can review my selections at this point and I can even view the script for creating this additional domain controller nice thing about this is there's nothing different about this particular script if I'm setting up a second domain controller or my 200th domain controller the script will work the same on any server so if you wanted to quickly roll out a bunch of domain controllers this script can be used to make that process happen very quickly I'll say next and a prerequisites check will be run it's going to make sure that I pass all of my prerequisites and a lot of these prerequisite warnings that you see here are related to the same warnings I saw when I created my very first domain you can't really create a brand-new domain without some level of warning but that's just Microsoft telling you that here's a couple of issues that you might run into with your new domain in this case I also have one physical adapter that doesn't have a static IP address but I do have at least one adapter that does have a static IP address that I'm going to be using as my DNS server and my domain controller services the delegation can be created again that's not always a critical issue if you do need this to be registered past another DNS server then that's worth checking into but in any test environment this is really not going to be a concern at all we'll say install and it will install the new domain controller in my case I didn't already have DNS so dns does need to be installed as well it will slow down the process a little bit but it is kind of neat to see the progress as this installation goes through and you could watch it on your own server as it goes through but this process does take a couple of minutes because there's a lot of things that need to synchronize with the new server it needs to join the domain it needs to create computer objects needs to replicate the schema and several other items so sometimes it does take a little while but it's normally not too bad domain controllers also need to secure various areas of the operating system because we need to hold a domain controller to a higher security standard than we would an ordinary PC an ordinary PC has some local accounts but a domain controller holds all the corporate accounts in your entire organization it would be awfully dangerous for that to fall into the wrong hands the server reboots automatically because really it doesn't have any local user account database anymore it needs to reboot and start using this new Active Directory database it actually gets rid of access to all of those local accounts in order to only use the domain accounts when it boots back up it actually will query the first domain controller to make sure it's up to date and it normally happens pretty quick if you have fast internet access but you might notice if you have more than one domain controller on your domain it may take a very long time to start a domain controller if it can't contact another domain controller and that's because one domain controller starting up on its own isn't sure if it's up-to-date anymore and it doesn't want to start broadcasting out bad information so it waits and it really tries to connect to another domain controller before turning out all of its services and now I can login the user profile service creates my new test domain administrator profile it sets everything up for me it runs my group policies even though I haven't created anything other than the defaults that are there and now I have two domain controllers that are working together to manage my domain and I can jump over here into Active Directory users and computers on my first server I can take a look at my test domain and I don't have any member servers or computers on my network yet but I do have two domain controllers server one and server to which both happen to be global catalog servers as well in in the next video that I create I'm going to take a look at managing some of the unique roles that two domain controllers have to manage as well as some of the replication issues that can occur between two domain controllers

Info

Channel: Patrick Hornung

Views: 144,612

Rating: 4.8994284 out of 5

Keywords: Macomb Community College, ITOS 1510, Active Directory, Domain Controllers, Domain Controller, AD DS, AD, Windows, Server, 2012 r2, Windows Server 2012 R2, Additional domain controller, additional dc, second dc, second domain controller, Active Directory Domain Services

Id: ivTaQJXNDdc

Channel Id: undefined

Length: 15min 29sec (929 seconds)

Published: Thu Apr 28 2016