# Enhance Active Directory: Adding an Additional Domain Controller in Windows Server

In any growing IT infrastructure, adding an additional domain controller (ADC) enhances redundancy and load balancing for Active Directory (AD). This blog walks you through the step-by-step process of configuring an additional domain controller on Windows Server.

### Why Add an Additional Domain Controller?

1. **Redundancy**: Having more than one domain controller ensures continued authentication and access if one goes offline.
    
2. **Load Balancing**: Distributes authentication requests across multiple domain controllers.
    
3. **Improved Security**: Ensures AD services are always available, enhancing overall security.
    

### Prerequisites

Before starting, ensure the following:

1. A Windows Server is installed and properly configured with the latest updates.
    
2. You have access to an existing domain and a Domain Admin account.
    
3. The new server is joined to the domain.
    
4. Network connectivity between the servers.
    
5. Static IP address configured for the new domain controller.
    

### Steps to Configure an Additional Domain Controller

**<mark>Step 1: Prepare the Server for the Additional Domain Controller</mark>**

To begin, install **Windows Server** on the new server and ensure it’s connected to the same network as the existing domain controller.

Open network adapter and select **Properties**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725815917071/802a4e5e-a2db-44ba-b97a-f0bf23436c89.png align="center")

Select **Internet Protocol Version 4 (TCP/IPv4)**, click **Properties**, and configure a static IP address. &gt; Set the **Preferred DNS** server to the IP address of your existing domain controller.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725815978975/ea961eb7-5ca6-456d-b6b5-c4f94070787b.png align="center")

#### **<mark>Step 2: Install the Active Directory Domain Services (AD DS) Role</mark>**

Open **Server Manager**

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725734336844/26827736-9e19-4a31-b5d9-d13e8705d549.png align="center")

Click on **Add roles and features**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725734146539/b6a654b0-bf43-49ec-b631-8fd740bcbb35.png align="center")

Click **Next** until you reach the **Server Roles** page.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725734528023/8982da95-2de7-40d2-aca6-a7aa864cb521.png align="center")

In the **Server Roles** window, check the box for **Active Directory Domain Services (AD DS)**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725734641430/1971b321-9c12-4206-a4f7-f9cc843c7991.png align="center")

**Complete the Wizard**: Click **Next** through the remaining screens and then **Install**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725734793379/a35c5c71-0ecd-4e9f-aec9-0e2ce3301369.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725734906663/82b04827-50cd-4d2d-8718-65a9ad707726.png align="center")

#### **<mark>Step 3: Promote the Server to a Domain Controller</mark>**

Once the role is installed, the server must be promoted to a domain controller.

In **Server Manager**, click on the **flag icon** in the top right and choose **Promote this server to a domain controller**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725735110517/cf583791-5438-4ea3-9d0a-21e8fd0eacbb.png align="center")

In the **Deployment Configuration** window, select **Add a domain controller to an existing domain**.

Enter the **domain name** (e.g., `dineshcloud.in`) and click **Select**. Provide domain admin credentials to continue.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725811956491/0a48db0d-6c53-4e5d-b176-f5fe61bf7367.png align="center")

In the **Domain Controller Options** window:

* **DNS**: Check if you want this server to act as a DNS server.
    
* **Global Catalog (GC)**: Ensure this box is checked.
    
* **Read-only domain controller (RODC)**: Leave unchecked for a writable domain controller.
    
* Set the **Directory Services Restore Mode (DSRM)** password.
    
* Click **Next**
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725812056660/7e51a3d4-1e63-47e2-ad23-82b19f82197a.png align="center")

Click **Next** to proceed through the DNS delegation warning (if applicable).

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725812100416/3ec4c12a-b90e-434d-b4a9-7f95aa6ed90c.png align="center")

In the **Additional Options** window, select the replication domain controller or leave it as default.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725812335760/86457aa2-2ceb-4063-a4a1-44d559910547.png align="center")

Choose the default file paths for AD database, log files, and SYSVOL unless you need to change them.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725812394041/eb8f978d-1ea4-496e-ae6a-c3cb6be6d9d8.png align="center")

Complete the wizard and click **Install** after the **Prerequisites Check** is successful.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725812425682/2ad84177-ca6b-4b0f-9b09-89867d9da3d9.png align="center")

#### **<mark>Step 4: Verify and Reboot</mark>**

* The server will automatically reboot after the installation completes.
    
* Log in to the server using domain credentials after the reboot.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725813308640/7c811df5-a6a7-410c-9387-43f2c7fdb20f.png align="center")

#### **<mark>Step 5: Validate Domain Controller Installation</mark>**

Once the server is up, it's essential to verify that it has been properly added as a domain controller.

Open **Active Directory Users and Computers (ADUC)** on the new server.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725813492800/57bc5599-09f6-4c0f-853c-b824451f86ba.png align="center")

Ensure that the new server appears under **Domain Controllers** in the AD structure.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725813597215/f91a5bc5-6e39-423b-8ba8-40c8bd2cb399.png align="center")

**Replication Check**:

Open **Command Prompt** as an administrator &gt; Run the following command to check AD replication

```plaintext
repadmin /replsummary
```

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1725813709435/58b2b1fd-8782-45c6-9a5d-cfe220cc715c.png align="center")

### Conclusion

Adding an additional domain controller to your Windows Server 2016 environment is a crucial step in ensuring high availability, fault tolerance, and load balancing for your Active Directory infrastructure. By following these steps, you can effectively enhance your network's security and performance.