Hyper Expert /Blog

HOW-TO: Add a secondary Windows Server 2012 domain controller with integrated DNS to your domain

We previously talked about how to configure a dedicated secondary DNS server in Windows Server 2012, in this post, I will show you how to configure a secondary domain controller with integrated DNS for backup and redundancy.

Note: you must be on a static IP address. your preferred DNS IP should be the primary DNS server, and your alternate DNS IP should be yourself, either or whatever your server IP address is

Launch your Server Manager if it is not already up


Click on “Add roles and features”


In the “Add Roles and Features Wizard”, read over the notes before you begin, once done, click Next


Select “Role-based or feature-based installation”


In your “Select destination server” window, you will most likely only see one selection, which is the server you are on, if there are more than one in the list, make sure you select the server you are on then click Next


Select “Active Directory Domain Services”


A popup will launch to confirm that there are other features that needs to be installed with your Active Directory Domain Services role, click β€œAdd Features”


Select “DNS Server”


You will see another popup asking for more features to be installed for your DNS Role, click “Add Features”


Once done selecting your server roles, Click Next


In the “Select features” screen, you do not have to select any extra features, click Next


Read over things to note about your Active Directory Domain Services role, once done, click Next


Read over things to note about your DNS Server role, once done, click Next


Confirm that you have all the selected roles and features, click Install


Once your installation is done, click Close


Installing the Active Directory Domain Services role and the DNS Server role is done, now we need to configure them to work with our primary setup. In your Server Manager, at the very top under your notifications icon, you will see a yellow triangle with exclamation mark, indicating an action that needs to be done, which in our case, is setting up the new domain controller and DNS. Click on the icon


Click on “Promote this server to a domain controller”


Make sure that “Add a domain controller to an existing domain” is selected, then under “Specify the domain information for this operation” click on the “Select…” button


Make sure you supply credentials with domain administrator permissions, otherwise the set up will not work. click OK when done


In the “Select a domain from the forest” window, select your primary domain and click OK


Verify that you have the right domain selected and the right user account, which must be a domain admin account, once done, click Next


Make sure “Domain Name System (DNS) server” and “Global Catalog (GC)” are selected. Provide a Directory Services Restore password, this can be any password, does not necessarily have to be the same domain admin password, click Next


You will see a warning saying that DNS delegation has failed, you do not have to worry about it, once we are done with this wizard, everything will work. Click Next


In the “Additional Options” screen, under “Replicate from”, for security reasons, do not keep it at “Any domain controller” but select your primary domain controller server instead then click Next



Under “Paths” leave everything with the default entries and click Next


Review all of your selected options, click Next


Wait for the server to finish your Prerequisites Check, when it is done and you get the green check mark, click Install


Once done, the server will need to be restarted to finish the installation



If you did not run into any problems, everything should be set up now, after the server restarts, it should already be setup as a secondary domain controller with integrated DNS, to verify your set up, go to your Start screen, click on Administrative Tools, go to either Active Directory Users and Computers, or DNS and verify that all of your information has replicated from your primary server.


Hi, my name is Ali. I am a Systems Engineer. I live in the beautiful Evergreen state. I have a Bachelor degree of science in Information Technology with a handful of accompanying I.T. certificates. I also have a degree in Computer Networking. I am an Apple Certified Technician, Microsoft MCITP and a Linux expert.


  1. Robert Saffel · June 15, 2013

    Perfect instructions. Thank you.

    • Ali · June 15, 2013

      No problem. I am glad it helped πŸ˜‰

      • Syed Touseef Ali · September 30, 2016

        Assalam O Alaikum
        Dear Ali

        thanks a lot for ahring your experince and knowledge with everyone, I appricitiated to see this.
        can you please let me know after this activity, should we need to transfer FMSO rules if yes then how..can you please assist.
        than s in advance

        Touseef Ali

  2. Bair · July 16, 2013

    Thank you!
    Good luck!:)

  3. Kyle Grizzell · December 20, 2013

    I’ve never seen such a concise and accurate walkthrough on something that can be initially seen and construed as intimidating. Kudos sir.

  4. nOOr · February 6, 2014

    Nicely done (y) keep it up

  5. Raha · February 19, 2014

    Hi there
    thanks for this article
    I installed active directory domain and then add a new forest . but after that when I turn on my windows it’s start up is so slow with this message :
    “Please whaiting for session local manager ”
    now how can I remove active directory domain and it’s forest ?
    Does it possible ?
    I’m new in server and just I need to install sharepoint foundation to work with sharepoint app I forced to install windows server 2012 ?
    Please help me how to speed it up more and remove the message in start up or any new way to fix this error ?
    Great Regards :

  6. GJCS · May 17, 2014

    Thank you for your excellent, concise, detailed instructions. I appreciate that you took the time to put this out there. Made my day a little easier!

    • Ali · May 17, 2014

      You are welcome. Im glad it helped. I will be doing an update soon for Server 2012 R2

      • Youri Wolffensperger · October 20, 2015

        The instructions worked perfectly fine with Server 2012 R2 as well, thank you for your accurate walk-through.

  7. Nauman · May 26, 2014

    Dear Ali , I have tried on Windows Server 2012 DataCenter excellent info all done perfectly many thanks

  8. Simba · July 17, 2014

    I know after a year…But Thanks a bunch. Worked within minutes. Very well written and displayed! Take care…

  9. Gustavo Alvarado · September 2, 2014

    Hello Ali, thank you very much! Very simple and clear. I was wondering, mabe you can help me. For hardware reasons, now that I have a secondary domain controller, I want to convert this one into the primary controller. Do you know how to do this?

    • Ali · September 2, 2014

      Hi Gustavo, in a domain environment, there is really no “Primary”, “Secondary” and so on…I know the title could be misleading. Secondary here basically means a second domain controller. All of your domain controllers are basically “primary” unless you have a “Read Only” Domain controller, but that’s a different story.

      Once you have the second domain controller set up and replicated then all you need to do is demote the first domain controller and you should be good to go.

      Hopefully that helps.

  10. Gustavo Alvarado · September 2, 2014

    Thanks for your quick response Ali. What I really need to do is to format the server that contains the first domain controller and reinstall de operating system. So, if I understand well, now that I have a second domain controller, there will be no problem if I disconnect the first domain controller? What do you mean with “demote the first domain controller”?, before disconnecting and reinstalling this server should I do something to “demote” it?

    • Ali · September 2, 2014

      Of course. DO NOT just disconnect the first one and rebuild it. You have to demote it first. What that means is basically telling your domain controllers that after the demote process, this first server will not exist anymore. If you just disconnect it without demoting it first. Your second domain controller will just think that the first one is down and you will have problems adding it again after you re-install it.

      To safely do this, you need to demote the first server. After the demotion is done, it will be safe to just disconnect it and reinstall Windows again. Search for “how to demote a domain controller”. Unfortunately, I don’t have a guide for it but its very straight forward πŸ˜‰

  11. pablo · September 23, 2014

    hello, a question off the main server and secondary esl ,, leave when joining a domain to a client does not have to be turned binds the principal to be a … any suggestions to correct this problem as should join without primary and secondary qye this
    Note : Reproduce the steps in the tutorial

    thank you

  12. Itech · December 22, 2014

    Hi, my second DC is not taking over when other one is off. Outlooks asking for password. Could you please help?

    -I had Windows 2012 Server as DC.
    -I have installed 2012 R2 as second DC
    -I`ve AD integrated DNS
    -Both servers DNS also
    -When I open “Operation masters”, I only see first DC in both section.
    The problem is that when I turned off the PDC yesterday, the new one didn`t take over. The Outlooks were giving authentication errors.
    When I click change DC to transfer roles, it showing version as “unknown” for new server with R2. I didn`t try to transfer but it may fail, too.
    Do you think it is showing since second one is R2? How can I make sure it would take over next time?

    Please see my IPCONFIG /all below.
    C:\Users\Administrator>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : MYD-DC01
    Primary Dns Suffix . . . . . . . : mycompany.loc
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mycompany.loc

    Ethernet adapter Ethernet 4:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #5
    Physical Address. . . . . . . . . : 00-15-5D-90-85-00
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::a1c1:6bd1:c62f:331d%19(Preferred)
    IPv4 Address. . . . . . . . . . . :
    Subnet Mask . . . . . . . . . . . :
    Default Gateway . . . . . . . . . :
    DHCPv6 IAID . . . . . . . . . . . : 369104221
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-A5-74-A4-00-15-5D-90-54-0D

    DNS Servers . . . . . . . . . . . :
    NetBIOS over Tcpip. . . . . . . . : Enabled
    C:\Users\administrator>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : MY-DC2
    Primary Dns Suffix . . . . . . . : mycompany.loc
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mycompany.loc

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : HP Ethernet 1Gb 2-port 361i Adapter
    Physical Address. . . . . . . . . : 9C-B6-54-6C-71-12
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::4435:dfcb:f5e:3883%12(Preferred)
    IPv4 Address. . . . . . . . . . . :
    Subnet Mask . . . . . . . . . . . :
    Default Gateway . . . . . . . . . :
    DHCPv6 IAID . . . . . . . . . . . : 312260180
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-B9-DB-FA-9C-B6-54-6C-71-12

    DNS Servers . . . . . . . . . . . : ::1
    NetBIOS over Tcpip. . . . . . . . : Enabled

  13. Glenn · December 28, 2014

    Hey i got an error message of encountered an error contacting domain
    the server is not operational

    can u please help me with screenshot?

  14. Ron Feldman · February 3, 2015

    To move the FSMO roles I had to type in the server name because it was not listed. I forced the transfer and later on I logged into the old DC (did not demote it yet) and the server says the Operations Master is Error and (that is not the name of my new 2012 R2 server) and I am told that there is an RPC error. I am also given an error
    1925 Warning Microsoft-Windows-ActiveDirectory_DomainService Directory Service ”
    I need to get this migration working. I am thinking to build a Windows 2008 R2 server, have server join as a DC, transfer roles to that server and then transfer roles to 2012 R2 server. Not best plan but I need to do this upgrade at 2 other forests/domains.

  15. Joe Finsterwald · May 19, 2015

    Thanks!!! Awesome step by step instructions! You saved me a ton of time. πŸ™‚

  16. Shoaib · September 5, 2015

    Thank you so much for the nice instruction and support, it is very help full.
    as i did step by step configuartion as you mentioned, my ADC replicated to DC. all DNS and active Directory reconard came to ADC, but when i want to disconnect DC from network and want to verify that does my DNS work from ADC or not, then DNS from ADC is not working, browsing is not wokring, and i am unable to browse internet from ADC but when i connect DC in network back, browsing working.
    so my question is that why my ADC DNS is not working. looking for your help and support. please help me how i slove this issue as i am trying since long time. please give me steps in my gmail as momand.engineer@gmail.com
    thanks in advance.

  17. Nick Smith · September 15, 2015

    Really great instructions!!!!!!!!!!!!! Thank you so much!!!

  18. Mike Brule · November 5, 2015

    Excellent documentation, Ali! Thank you!

  19. Sergio Haurat · December 20, 2015

    My language is not English, I am using Google translator, I hope you can understand the question.

    I’ve seen many tutorials that explain how to install an additional domain controller, none of the tutorials explains how to configure DNS in both domain controllers and configure, for example, an Exchange server or DHCP service.

    What would be the correct settings for each case ?, the following example is correct?

    DNS 1:
    DNS 2:

    DNS 1:
    DNS 2:

    DNS 1:
    DNS 2:

    DHCP: -> 200
    DNS 1:
    DNS 2:

  20. Abdul-Mateen · February 27, 2016

    Excellent instructions thanks for putting in the effort to write them up.


  21. rickitickitoc · March 14, 2016

    i’ve come across an odd problem. I’m running Remote Desktop services on a Server which didn’t previously have AD. (I was only promoting the server so to get a backup DNS server by the way). Anyway, the configuration went through fine, but after the reboot I now can’t remote to anything – none of the RemoteApps or Remote Desktop on that server. i get the error:
    “This computer can’t connect to the remote computer, try connecting again, if the problem continues, contact the owner of the remote computer or your network administrator”
    the only thing that’s changed is the AD and DNS install, i was running remotely when configuring the process above. Does anyone have any ideas?

  22. How To Demote A Additional Domain Controller 2008 | Information · February 11, 2017

    […] HOW-TO: Add a secondary Windows Server 2012 domain … – We previously talked about how to configure a dedicated secondary DNS server in Windows Server 2012, in this post, I will show you how to configure a secondary domain … […]

  23. How To Add New Domain Name To Dns | information · February 12, 2017

    […] HOW-TO: Add a secondary Windows Server 2012 domain … – We previously talked about how to configure a dedicated secondary DNS server in Windows Server 2012, in this post, I will show you how to configure a secondary domain … […]

  24. pierre · March 2, 2017

    I need to learn how I can intall 2 server with domain controller if any one of them turned off the second stay online

  25. Oleg · March 9, 2017

    Thanks for the detailed guide. I wonder what do you think about DNS client settings for the secondary controller. I have thought mixed recommendations. But i personally feel that maybe using its own IP as primary DNS server (after you have setup DC) and put the primary DC’s IP address as secondary. This way the second DC will resolve queries locally, which probably is better for performance. Not sure about this.

  26. Pepo · June 11, 2017

    Ali thank you very much for the post, in my network I have a Windows Server 2008 where the Active Directory is running for the organization; My question is: Could I add a Secondary Active Directory with Windows 2012 but hosted in the cloud? Would he have any restrictions? What recommendation could you make? I thank you very much for your help

  27. BIN Sophon · June 13, 2017

    Thanks you much for your sharing. I have done it at the moment.


Would you like to share your thoughts?