Hyper Expert /Blog
About
Archives

HOW-TO: Add a secondary Windows Server 2012 domain controller with integrated DNS to your domain

We previously talked about how to configure a dedicated secondary DNS server in Windows Server 2012, in this post, I will show you how to configure a secondary domain controller with integrated DNS for backup and redundancy.

Note: you must be on a static IP address. your preferred DNS IP should be the primary DNS server, and your alternate DNS IP should be yourself, either 127.0.0.1 or whatever your server IP address is

Launch your Server Manager if it is not already up

capture_02272013_095847

Click on “Add roles and features”

capture_02282013_141624

In the “Add Roles and Features Wizard”, read over the notes before you begin, once done, click Next

capture_02282013_141635

Select “Role-based or feature-based installation”

capture_02282013_141638

In your “Select destination server” window, you will most likely only see one selection, which is the server you are on, if there are more than one in the list, make sure you select the server you are on then click Next

capture_02282013_141641

Select “Active Directory Domain Services”

capture_02282013_141654

A popup will launch to confirm that there are other features that needs to be installed with your Active Directory Domain Services role, click β€œAdd Features”

capture_02282013_141658

Select “DNS Server”

capture_02282013_141704

You will see another popup asking for more features to be installed for your DNS Role, click “Add Features”

capture_02282013_141707

Once done selecting your server roles, Click Next

capture_02282013_141711

In the “Select features” screen, you do not have to select any extra features, click Next

capture_02282013_141719

Read over things to note about your Active Directory Domain Services role, once done, click Next

capture_02282013_141723

Read over things to note about your DNS Server role, once done, click Next

capture_02282013_141725

Confirm that you have all the selected roles and features, click Install

capture_02282013_141731

Once your installation is done, click Close

capture_02282013_141921

Installing the Active Directory Domain Services role and the DNS Server role is done, now we need to configure them to work with our primary setup. In your Server Manager, at the very top under your notifications icon, you will see a yellow triangle with exclamation mark, indicating an action that needs to be done, which in our case, is setting up the new domain controller and DNS. Click on the icon

capture_02282013_141927

Click on “Promote this server to a domain controller”

capture_02282013_141932

Make sure that “Add a domain controller to an existing domain” is selected, then under “Specify the domain information for this operation” click on the “Select…” button

capture_02282013_142951

Make sure you supply credentials with domain administrator permissions, otherwise the set up will not work. click OK when done

capture_02282013_143005

In the “Select a domain from the forest” window, select your primary domain and click OK

capture_02282013_143013

Verify that you have the right domain selected and the right user account, which must be a domain admin account, once done, click Next

capture_02282013_143019

Make sure “Domain Name System (DNS) server” and “Global Catalog (GC)” are selected. Provide a Directory Services Restore password, this can be any password, does not necessarily have to be the same domain admin password, click Next

capture_02282013_143050

You will see a warning saying that DNS delegation has failed, you do not have to worry about it, once we are done with this wizard, everything will work. Click Next

capture_02282013_143124

In the “Additional Options” screen, under “Replicate from”, for security reasons, do not keep it at “Any domain controller” but select your primary domain controller server instead then click Next

capture_02282013_143135

capture_02282013_143142

Under “Paths” leave everything with the default entries and click Next

capture_02282013_143145

Review all of your selected options, click Next

capture_02282013_143151

Wait for the server to finish your Prerequisites Check, when it is done and you get the green check mark, click Install

capture_02282013_143159

Once done, the server will need to be restarted to finish the installation

capture_02282013_143212

capture_02282013_143303

If you did not run into any problems, everything should be set up now, after the server restarts, it should already be setup as a secondary domain controller with integrated DNS, to verify your set up, go to your Start screen, click on Administrative Tools, go to either Active Directory Users and Computers, or DNS and verify that all of your information has replicated from your primary server.

///////

Hi, my name is Ali. I am a Systems Engineer. I live in the beautiful Evergreen state. I have a Bachelor degree of science in Information Technology with a handful of accompanying I.T. certificates. I also have a degree in Computer Networking. I am an Apple Certified Technician, Microsoft MCITP and a Linux expert.

47 Comments

  1. Robert Saffel · June 15, 2013

    Perfect instructions. Thank you.

    Reply
    • Ali · June 15, 2013

      No problem. I am glad it helped πŸ˜‰

      Reply
      • Syed Touseef Ali · September 30, 2016

        Assalam O Alaikum
        Dear Ali

        thanks a lot for ahring your experince and knowledge with everyone, I appricitiated to see this.
        can you please let me know after this activity, should we need to transfer FMSO rules if yes then how..can you please assist.
        than s in advance

        regards
        Touseef Ali

        Reply
  2. Bair · July 16, 2013

    Thank you!
    Good luck!:)

    Reply
  3. Kyle Grizzell · December 20, 2013

    I’ve never seen such a concise and accurate walkthrough on something that can be initially seen and construed as intimidating. Kudos sir.

    Reply
  4. nOOr · February 6, 2014

    Nicely done (y) keep it up

    Reply
  5. Raha · February 19, 2014

    Hi there
    thanks for this article
    I installed active directory domain and then add a new forest . but after that when I turn on my windows it’s start up is so slow with this message :
    “Please whaiting for session local manager ”
    now how can I remove active directory domain and it’s forest ?
    Does it possible ?
    I’m new in server and just I need to install sharepoint foundation to work with sharepoint app I forced to install windows server 2012 ?
    Please help me how to speed it up more and remove the message in start up or any new way to fix this error ?
    Thanks
    Great Regards :
    Raha

    Reply
  6. GJCS · May 17, 2014

    Thank you for your excellent, concise, detailed instructions. I appreciate that you took the time to put this out there. Made my day a little easier!

    Reply
    • Ali · May 17, 2014

      You are welcome. Im glad it helped. I will be doing an update soon for Server 2012 R2

      Reply
      • Youri Wolffensperger · October 20, 2015

        The instructions worked perfectly fine with Server 2012 R2 as well, thank you for your accurate walk-through.

        Reply
  7. Nauman · May 26, 2014

    Dear Ali , I have tried on Windows Server 2012 DataCenter excellent info all done perfectly many thanks

    Reply
  8. Simba · July 17, 2014

    I know after a year…But Thanks a bunch. Worked within minutes. Very well written and displayed! Take care…

    Reply
  9. Gustavo Alvarado · September 2, 2014

    Hello Ali, thank you very much! Very simple and clear. I was wondering, mabe you can help me. For hardware reasons, now that I have a secondary domain controller, I want to convert this one into the primary controller. Do you know how to do this?

    Reply
    • Ali · September 2, 2014

      Hi Gustavo, in a domain environment, there is really no “Primary”, “Secondary” and so on…I know the title could be misleading. Secondary here basically means a second domain controller. All of your domain controllers are basically “primary” unless you have a “Read Only” Domain controller, but that’s a different story.

      Once you have the second domain controller set up and replicated then all you need to do is demote the first domain controller and you should be good to go.

      Hopefully that helps.

      Reply
  10. Gustavo Alvarado · September 2, 2014

    Thanks for your quick response Ali. What I really need to do is to format the server that contains the first domain controller and reinstall de operating system. So, if I understand well, now that I have a second domain controller, there will be no problem if I disconnect the first domain controller? What do you mean with “demote the first domain controller”?, before disconnecting and reinstalling this server should I do something to “demote” it?

    Reply
    • Ali · September 2, 2014

      Of course. DO NOT just disconnect the first one and rebuild it. You have to demote it first. What that means is basically telling your domain controllers that after the demote process, this first server will not exist anymore. If you just disconnect it without demoting it first. Your second domain controller will just think that the first one is down and you will have problems adding it again after you re-install it.

      To safely do this, you need to demote the first server. After the demotion is done, it will be safe to just disconnect it and reinstall Windows again. Search for “how to demote a domain controller”. Unfortunately, I don’t have a guide for it but its very straight forward πŸ˜‰

      Reply
  11. pablo · September 23, 2014

    hello, a question off the main server and secondary esl ,, leave when joining a domain to a client does not have to be turned binds the principal to be a … any suggestions to correct this problem as should join without primary and secondary qye this
    Note : Reproduce the steps in the tutorial

    thank you

    Reply
  12. Itech · December 22, 2014

    Hi, my second DC is not taking over when other one is off. Outlooks asking for password. Could you please help?

    -I had Windows 2012 Server as DC.
    -I have installed 2012 R2 as second DC
    -I`ve AD integrated DNS
    -Both servers DNS also
    -When I open “Operation masters”, I only see first DC in both section.
    The problem is that when I turned off the PDC yesterday, the new one didn`t take over. The Outlooks were giving authentication errors.
    When I click change DC to transfer roles, it showing version as “unknown” for new server with R2. I didn`t try to transfer but it may fail, too.
    Do you think it is showing since second one is R2? How can I make sure it would take over next time?

    Please see my IPCONFIG /all below.
    DC1
    C:\Users\Administrator>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : MYD-DC01
    Primary Dns Suffix . . . . . . . : mycompany.loc
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mycompany.loc

    Ethernet adapter Ethernet 4:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #5
    Physical Address. . . . . . . . . : 00-15-5D-90-85-00
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::a1c1:6bd1:c62f:331d%19(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.144.132(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.144.1
    DHCPv6 IAID . . . . . . . . . . . : 369104221
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-A5-74-A4-00-15-5D-90-54-0D

    DNS Servers . . . . . . . . . . . : 192.168.144.4
    192.168.144.132
    NetBIOS over Tcpip. . . . . . . . : Enabled
    DC2
    C:\Users\administrator>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : MY-DC2
    Primary Dns Suffix . . . . . . . : mycompany.loc
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mycompany.loc

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : HP Ethernet 1Gb 2-port 361i Adapter
    Physical Address. . . . . . . . . : 9C-B6-54-6C-71-12
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::4435:dfcb:f5e:3883%12(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.144.4(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.144.1
    DHCPv6 IAID . . . . . . . . . . . : 312260180
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-B9-DB-FA-9C-B6-54-6C-71-12

    DNS Servers . . . . . . . . . . . : ::1
    192.168.144.132
    192.168.144.4
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Reply
  13. Glenn · December 28, 2014

    Hey i got an error message of encountered an error contacting domain
    the server is not operational

    can u please help me with screenshot?

    Reply
  14. Ron Feldman · February 3, 2015

    To move the FSMO roles I had to type in the server name because it was not listed. I forced the transfer and later on I logged into the old DC (did not demote it yet) and the server says the Operations Master is Error and (that is not the name of my new 2012 R2 server) and I am told that there is an RPC error. I am also given an error
    1925 Warning Microsoft-Windows-ActiveDirectory_DomainService Directory Service ”
    I need to get this migration working. I am thinking to build a Windows 2008 R2 server, have server join as a DC, transfer roles to that server and then transfer roles to 2012 R2 server. Not best plan but I need to do this upgrade at 2 other forests/domains.

    Reply
  15. Joe Finsterwald · May 19, 2015

    Thanks!!! Awesome step by step instructions! You saved me a ton of time. πŸ™‚

    Reply
  16. Shoaib · September 5, 2015

    Thank you so much for the nice instruction and support, it is very help full.
    as i did step by step configuartion as you mentioned, my ADC replicated to DC. all DNS and active Directory reconard came to ADC, but when i want to disconnect DC from network and want to verify that does my DNS work from ADC or not, then DNS from ADC is not working, browsing is not wokring, and i am unable to browse internet from ADC but when i connect DC in network back, browsing working.
    so my question is that why my ADC DNS is not working. looking for your help and support. please help me how i slove this issue as i am trying since long time. please give me steps in my gmail as momand.engineer@gmail.com
    thanks in advance.

    Reply
  17. Nick Smith · September 15, 2015

    Really great instructions!!!!!!!!!!!!! Thank you so much!!!

    Reply
  18. Mike Brule · November 5, 2015

    Excellent documentation, Ali! Thank you!

    Reply
  19. Sergio Haurat · December 20, 2015

    My language is not English, I am using Google translator, I hope you can understand the question.

    I’ve seen many tutorials that explain how to install an additional domain controller, none of the tutorials explains how to configure DNS in both domain controllers and configure, for example, an Exchange server or DHCP service.

    What would be the correct settings for each case ?, the following example is correct?

    DC01
    IP 192.168.0.254
    DNS 1: 192.168.0.254
    DNS 2: 192.168.0.253

    DC02: 192.168.0.253
    DNS 1: 192.168.0.254
    DNS 2: 192.168.0.253

    Exchange: 192.168.0.250
    DNS 1: 192.168.0.254
    DNS 2: 192.168.0.253

    DHCP: 192.168.0.100 -> 200
    DNS 1: 192.168.0.254
    DNS 2: 192.168.0.253

    Reply
  20. Abdul-Mateen · February 27, 2016

    Excellent instructions thanks for putting in the effort to write them up.

    Thanks

    Reply
  21. rickitickitoc · March 14, 2016

    i’ve come across an odd problem. I’m running Remote Desktop services on a Server which didn’t previously have AD. (I was only promoting the server so to get a backup DNS server by the way). Anyway, the configuration went through fine, but after the reboot I now can’t remote to anything – none of the RemoteApps or Remote Desktop on that server. i get the error:
    “This computer can’t connect to the remote computer, try connecting again, if the problem continues, contact the owner of the remote computer or your network administrator”
    the only thing that’s changed is the AD and DNS install, i was running remotely when configuring the process above. Does anyone have any ideas?

    Reply
  22. How To Demote A Additional Domain Controller 2008 | Information · February 11, 2017

    […] HOW-TO: Add a secondary Windows Server 2012 domain … – We previously talked about how to configure a dedicated secondary DNS server in Windows Server 2012, in this post, I will show you how to configure a secondary domain … […]

    Reply
  23. How To Add New Domain Name To Dns | information · February 12, 2017

    […] HOW-TO: Add a secondary Windows Server 2012 domain … – We previously talked about how to configure a dedicated secondary DNS server in Windows Server 2012, in this post, I will show you how to configure a secondary domain … […]

    Reply
  24. pierre · March 2, 2017

    I need to learn how I can intall 2 server with domain controller if any one of them turned off the second stay online

    Reply
  25. Oleg · March 9, 2017

    Thanks for the detailed guide. I wonder what do you think about DNS client settings for the secondary controller. I have thought mixed recommendations. But i personally feel that maybe using its own IP as primary DNS server (after you have setup DC) and put the primary DC’s IP address as secondary. This way the second DC will resolve queries locally, which probably is better for performance. Not sure about this.

    Reply
  26. Pepo · June 11, 2017

    Ali thank you very much for the post, in my network I have a Windows Server 2008 where the Active Directory is running for the organization; My question is: Could I add a Secondary Active Directory with Windows 2012 but hosted in the cloud? Would he have any restrictions? What recommendation could you make? I thank you very much for your help

    Reply
  27. BIN Sophon · June 13, 2017

    Thanks you much for your sharing. I have done it at the moment.

    Reply

Would you like to share your thoughts?