Additional Active Directory Controller

In this lab, we will learn to configure a new domain controller to our existing environment. Our primary AD domain is called harchit.local and we are going to add a backup domain controller to provide resilience and fault tolerance to our primary Active Directory server. Do not attach the VM AD2 to the domain and it should just be part of the workgroup.

If you wish to revisit the steps on how to install Active Directory Domain Services, you may click on this link.

Configure Secondary DC

Virtual Machine

Role

IP Address

Preferred DNS

Alternate DNS

DC

(WinServer)

Primary Domain Controller

192.168.10.1/24

192.168.10.1

192.168.10.2

AD (New)

Secondary Domain Controller

192.168.10.2/24

192.168.10.1

192.168.10.2

Client

Client

192.168.10.100

192.168.10.1

192.168.10.2

  1. Repeat installation process of Active Directory and select Add a domain controller to an existing domain which is your primary domain.

  1. On this page, select Domain Name System (DNS) server and Global Catalog (GC). Default-First-Site-Name should be selected as shown and also provide the directory services restore mode password. If you have forgotten this password, please follow this procedure to reset it.

  1. Select the primary domain controller from which all the information is going to be replicated into the additional domain controller. Click 'next'

  1. The local of the AD DS remain default. Click 'next'

  1. Once we see the green mark saying all the Prerequisites check have passed, then install this service.

Client Configuration

Open your network settings to change an additional domain controller's DNS IP address on Windows 10. In this scenario, you are receiving an IP address from DHCP.

Alternate DNS Server IP Address.

Root DC and New DC Replication

We will now need to kick off replication between the root DC and our new DC to ensure the AD database is in sync.

Go to Active Directory Sites and Services and expand the Default-First-Site-Name Servers, then expand the name of the current server that you are now working on, then select NTDS Settings on the additional domain controller as shown. Right-click on automatically generated and then choose to Replicate now.

As shown AD services have been replicated between the DC’s

Repeat the same thing for our WinServer2 as well. Expand Server2019 node and then select NTDS Settings. Right-click on automatically generated then select Replicate now so both DC’s replicate with each

Click OK

Create a user in DC and verify you have the same user in AD.

PreviousGP ChromeNextActive Directory Certificate Services

Last updated