Offcanvas

When Should We Call You?

Edit Template

Installing and configuring an Active Directory (AD) Primary and Secondary Domain Controller

Spread the love

Introduction

This guide provides a detailed step-by-step process for setting up an Active Directory (AD) environment with two domain controllers (DCs). It covers the installation of virtual machines, applying system updates, configuring Active Directory Domain Services (AD DS), creating a domain forest, and ensuring proper replication between the two domain controllers. This setup ensures redundancy and enhances the reliability of the AD infrastructure.

 

Step 1: Preparing the Infrastructure

Installation of Two Virtual Machines (VMs)

Create VMs on Hyper-V, Azure or your preferred hypervisor

a) VM1 DC1 – Primary Domain Controller.

b) VM2 DC2 – Secondary Domain Controller.

c) Configure Network Settings. .

d) Apply Patches to Both VMs. 

  1. a) Open Settings > Windows Update
  2. b) Download and install all updates
  3. c) Restart both servers. 
 

Step 2: Deploying Active Directory

 Install Active Directory Domain Services (AD DS)

a)        Install AD DS Role on DC1.

2)       Create the Active Directory Forest : for example (TIC.local)

2.1        Promote DC1 as the Primary Domain Controller.

3)       Add DC2 as a Secondary Domain Controller.

3.1      Join DC2 to the Domain.

3.2       Promote DC2 as a Domain Controller.

3.3       Verify Replication.

Conclusion.

 

Step 1: Preparing the Infrastructure

Installation of Two Virtual Machines (VMs)

Create VMs on Hyper-V, Azure or your preferred hypervisor

a)VM1 DC1 – Primary Domain Controller

    • 4 vCPU, 4 GB RAM, 60 GB disk

    • Windows Server 2019

b)    VM2 DC2 – Secondary Domain Controller

    • 4 vCPU, 4 GB RAM, 60 GB disk

    • Windows Server 2019

c)   Configure Network Settings

  • DC1:

    • IP: 10.0.0.4

    • DNS: 127.0.0.1

    • Gateway: 10.0.0.1

  • DC2:

    • IP: 10.0.0.5
    • DNS: 10.0.0.4

1)   Apply Patches to Both VMs

a)     Open Settings > Windows Update.

b)    Download and install all updates.

a)     Restart both servers.

Step 2: Deploying Active Directory

-Install Active Directory Domain Services (AD DS)

Install AD DS Role on DC1

  • Open Server Manager.
  • Click Manage > Add Roles and Features.
  1. Select Role-based or feature-based installation
  • Select the server and check Active Directory Domain Services
  • Click Next
  • Click Next and Install.

After completing the AD DS installation, let’s create the Active Directory Forest

1)   Create the Active Directory Forest : for example (TIC.local)

Promote DC1 as the Primary Domain Controller

  • In Server Manager, click Promote this server to a domain controller.
  • Select Add a new forest and enter ( TIC.local ).
  • Choose Forest and Domain Functional Level: Windows Server 2016.

NOTE: If you’re installing Windows Server 2025, you should set both the Forest and Domain Functional Levels to Windows Server 2025 to take advantage of the latest Active Directory features and security enhancements.

  • Set a Directory Services Restore Mode (DSRM) password.

Important Note: Ensure you remember the DSRM password, as it is required to restore the NTDS database in case of server failure or database corruption. Losing this password could prevent the recovery of your Active Directory environment.

  • DNS delegation is not needed at this stage as no DNS server has been configured yet.
  • For more information of DNS server check this link . click Next
  • Enter the NetBIOS domain name (default recommended by Microsoft).
  • Specify the database, log, and SYSVOL paths (default recommended by Microsoft).
  • Click Next and Install

Note: The server will restart automatically to complete the installation. If it does not restart by itself, reboot manually to continue.

1)   Add DC2 as a Secondary Domain Controller

-Join DC2 to the Domain

  • Open System Properties.
  • Click Change settings > Change.
  • Enter TIC.local and provide domain admin credentials.
  • Restart the server.

Install AD DS role. Follow the steps of DC1 installation  

-Promote DC2 as a Domain Controller

  • In Server Manager, click Promote this server to a domain controller.
  • Select Add a domain controller to an existing domain.
  • Provide credentials and select DNS Server and Global Catalog (GC).
  • Do not select DNS delegation, as DNS will be configured later. click Next
  • Choose Replication from:
  1. Any domain controller (default) OR
  2. A specific domain controller.
  • Specify the database, log, and SYSVOL paths (default recommended by Microsoft)
  • Click Next and Install. The server will restart automatically to complete the installation. If it does not restart by itself, reboot manually to continue.
 Verify Replication

To verify Active Directory (AD) replication using the GUI, follow these steps:

  • Open Server Manager.
  • Click on Tools in the top-right corner
  • Select Active Directory Sites and Services
  • Expand SitesDefault-First-Site-NameServers
  • Click on the first Domain Controller (DC1)
  • Right-click on the Connection Object (under NTDS Settings)
  • Select Replicate Now.
  • A confirmation message should appear indicating success

Conclusion

With this setup, your Active Directory environment is fully configured for user and group management, policy enforcement, and secure authentication. To ensure long-term stability and security, it is essential to regularly monitor replication, apply system updates, and follow best practices for backup and disaster recovery


Spread the love

Leave a Reply

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Popular Articles

Most Recent Posts

  • All Post
  • Active Directory
  • azure
  • Azure Cloud
  • Azure Infrastructure
  • Azure Patch
  • Azure Security
  • Cloud
  • Cloud Computing
  • Exchange Server
  • Manage M365
  • Messaging
  • Microsoft
  • Microsoft 365
  • Microsoft Purview
  • News
  • Patch Tuesday
  • Request Call
  • Security
  • Security M365
  • Websites
  • Windows Server
  • Windows Server Patch

Information

Disclaimer

Privacy Statement

Terms of Service

ThankYou