Domain controllers play a central role in managing user authentication and security policies across the network. However, relying on a single domain controller can put the entire organization at risk in the event of a failure.
Here it is:additional domain controller” comes into play. In this article, we will take a detailed look at what an additional domain controller is, how it works, and how to integrate it into a network structure.
Our previous article was on Server Core. Active Directory We had installed it and it was Primary Domain Controller We have structured it as, you can access the relevant article via the link below.
Table of Contents
What is Additional Domain Controller?
Additional domain controlleris a domain controller used to share the load and provide redundancy within an existing domain. Primary domain controllerIt serves as an alternative to and ensures that the network continues without interruption. It is a critical component, especially for large-scale or geographically distributed organizations.
For the installation of Additional Domain Controller, there must be a Primary Domain Controller in our existing environment.
How Does Additional Domain Controller Work?
A additional domain controller, Active Directory It hosts a copy of the database. This reduces the load on the main domain controller and automatically takes over if the main machine goes down. Users and other network devices can access both controllers, increasing system availability and availability.
How to Install Additional Domain Controller?
My environment too Windows Server 2019 working on Primary Domain Controller I have a server, in addition to this again Windows Server 2019 working on an Additional Domain Controller I will do the installation.
First of all, I set the Hostname, IP and DNS information of my Additional Domain Controller server. The IP and DNS information of the Domain Controller in the Active Directory environment must be Static.
We have completed the server name configuration process. Now we will configure our IP and Primary Domain Controller the IP address of our server to the server where we will install the ADC DNS We specify as. Alternate DNS Server as for the part ADC The IP address of our server that will serve as the server must be specified.
Note: It would be better to set the IP address you give to the Additional Domain Controller server as the primary DNS.
After making the relevant changes, we need to restart the server that we will configure as ADC.
Active Directory Role Installation
In our environment, we have one Domain Controller server running on Windows Server 2019, we also need to install an Active Directory Role for the Additional Domain Controller server.
Server Manager We open the console. Dashboard on the screen Add roles and features we click.
The “Before you begin” window opens and I move on to the next configuration screen with Next to start the Active Directory Role installation.
Our next screen is “Select installation type”, here we are presented with two options.
Role-based or feature-based deployment : This is the area where we install and configure the Roles and Features options. The roles and features on Windows Server 2019 are installed with this option. We need to perform the Active Directory Role installation with this step.
Remote Desktop Services installation : You can quickly and standardize the installation and configuration of Remote Desktop, formerly known as Terminal Service and named Remote Desktop Services (RDS) with Windows Server 2008, with this option. With this option, you can only provide RDS installations.
We continue with the “Role-based or feature-based installation” option.
Our next screen is "Select destination server". Here we mark the server where we will install the ADC and continue with the Next button. Since we do not have another server that we manage in the Server Manager area, we can only see the Local server here.
Our next screen is “Select server roles”. For the ADC installation, we will first install the standard Active Directory Domain Services. It will be enough to select the “Active Directory Domain Services” option.
We do not make any markings on the Select features screen. Because when we mark the "Active Directory Domain Services" role service on the Select server roles screen, under Group Policy Management, Remote Administration Tools, Active Directory Module for Windows Powershell, Active Directory Administrative Center, AD DS Snap-Ins and Command Line Tools We have also allowed the installation of features. The “Active Directory Domain Services” option automatically installs other features as a package.
Our next screen is “Active Directory Domain Services”. On this screen, you can enable our Active Directory role service to work with Azure and Office 365 platforms. You will find the necessary information for Azure. Microsoft Azure You can access it from the link. We proceed on this screen without performing the configuration process.
We came to the screen where we will start the installation. We start the installation with the Install button without selecting the "Restart the destination server automatically if required" option. With this option, if the server needs to be restarted after the Active Directory Role installation is completed, Windows Server restarts the system as a system.
The installation is complete. We start our configuration process by selecting “Promote this server to a domain controller” for the configuration process.
Up to this point, everything is proceeding as standard. We are performing the Role installation normally. The ADC difference comes into play in the configuration process. We will now configure the role service we installed.
On the Deployment Configuration screen, we are presented with three options.
Add a domain controller to an existing domain: We need to select this option to configure a new Domain Controller within our existing Forest structure. So we will configure the Additional Domain Controller with this option.
Add a new domain to an existing forest: We need to select this option to configure a new Domain within our existing Forest structure.
Add a new forest: We choose this option when we will configure a new Forest and Domain in our environment.
Because we want to add Additional Domain Controller to our environment. Add a domain to an existing domain We will continue with the option.
If we had included our server, which will be the ADC, in the domain environment before installing the Active Directory Role, we would see the Specify the domain information for this operation tab not empty but with our domain name configured.
We write the Domain name of our Primary Domain Controller server in the Domain section and LOGIN with our authorized account.
When we provide our connection information, it will show us the domains on our Domain server. Since I am using only one domain, I mark that domain and continue with the Next button.
Our next configuration screen is Domain Controller Options.
Domain Name System (DNS) Server: Active Directory and DNS integration is one of the most important features of Windows Server System. Active Directory and DNS have a similar hierarchical naming structure in which objects can be presented as both Active Directory objects and DNS domains and resource records. As a result of this integration, computers in Windows Server Network use DNS Servers to learn the location of computers running certain services specific to Active Directory. If the DNS infrastructure of the Domain to be created is not prepared before the installation, the DNS infrastructure can be established during the installation.
Active Directory Global Catalog (GC): It keeps a read-only copy of some objects in all trees, all domains and all DCs within the forest. In short, we can call it a kind of cache system. Thus, when searching for an object, the system easily finds it from here and directs you instead of asking one by one from the bottom to the top. It should not be forgotten that in an Active Directory structure, at least one Domain Controller must host the Global Catalog server role in each site.
Read Only Domain Controller (RODC): One of the features that came into our lives with Windows Server 2008. RODC has a different structure than Active Directory Services servers. It contains the same AD database but does not have permission to write to the database. You can read all the objects created on it but you cannot add or delete them.
Directory Services Restore Mode (DSRM): It is a service used to restore from a backup in case of a problem encountered in domain environments.
After some explanations, let's go back to our configuration process. We are not making any changes in the Domain Controller Options window. We are just creating the passwords needed for DSRM.
Our next step is in the DNS Options section, we do not need to make any changes, we continue with the Next button.
Our next screen is Additional Options, we have two options on this screen.
Specify Install From Media (IFM) : We defined ADC at the beginning of the article. When ADCs are installed, they pull the necessary information (database, AD structure) through the DC(s) we have determined. In other words, when an ADC is installed, it has to replicate with a DC. In short, this means network traffic for your system.
Especially when installing in remote locations with insufficient network bands, this replication can sometimes be a complete disaster and your ADC installation cannot be completed successfully or it blocks your traffic for a while. In short, IFM is a method that makes ADC installation in remote locations easier. Instead of making a direct replica of the backup via DC during the installation, it allows you to make the installation by showing the previously taken backup.
Specify additional replication options: In this section, we will specify which DC we will create the database on.
The next steps include the Paths and Review sections, where we can proceed without making any changes.
Our Active Directory installation has started, the system will restart when the installation is completed.
Additional Domain Controller installation is completed and our server is turned on, Active Directory Console appears on the Server Manager screen.
We can see our newly added Domain Controller server in the Domain Controller object in the ADUC (Active Directory Users and Computers) section.
Check Active Directory Replication Status
We have included our Additional Domain Controller server in our Active Directory environment. Now we need to check the replication status.
Repadmin /showrepl
Repadmin /replsummary
There have been no problems so far, you can use the command below to trigger the replication process with CMD.
Repadmin /syncall
To check the Replication queue in your Active Directory environment, the command to be used is as follows;
Repadmin /queue
Result:
Additional domain controller is an important redundancy solution that increases network security and accessibility, especially in large and complex network structures. This system ensures that the network remains constantly operational and allows users to receive uninterrupted service even in the event of a possible system crash.
2 comments on “Additional Domain Controller Installation”