Secondary DC

Secondary Domain Controller

Multi Branch offices

How to Add Secondary Domain Controller (2019)

Steps to Add a Secondary Domain Controller

ADDS Existing Domain.

Joining domain

Open Server Manager & Install AD DS Role

Select a server from the server pool. Select your server and click next.

Select Active Directory Domain Services, you will get a popup to add features that are required for Active Directory Domain Services, click Add features. Click Next.

Select “Add a domain controller to an existing domain”. Next, enter or select the existing domain you want to add the secondary domain controller to. You will need to click the change button to enter in administrator credentials. Click Next.

On the Domain Controller Options page, Domain Name System (DNS) server and Global Catalog (GC) should be checked. The Default First Site name should be selected for the site name unless you have created a new one. I would recommend leaving it as the default. Enter a password for the Directory Services Restore mode and click “Next”.

Domain Controller in existing DC.

Directory Services Restore MODE (DSRM) allows an administrator to repair or recover an Active Directory Database.

Choose the correct replication server from drop down menu. it should be the main domain controller in this scenario.

paths I always leave them the defaults.

Click next on the Review options page.

On the Prerequisites Check page you may see two warnings (cryptography algorithm and the delegation for DNS) this is typical. If the prerequisite passed click install.

After the successful prerequisite check, press ‘install’ to proceed

So here,

Having additional domain controller in wins 2019 server

Finally to test the configuration, 

Go to ‘Active Directory Users and Computers’ in ‘Server Manager’ and select ‘Domain Controllers’ to check whether newly installed domain controller is available or not

And also go to ‘Active Directory Sites and Services’ in ‘Server Manager’ and Check the NTDS Settings of both servers. If needed, right click on the values and select ‘Replicate Now’ to enforce replication

So, now Cross checking the Primary and Secondary Active Directory.

Once Secondary DC is connected with Primary DC need to active Replication method to communicate.

Click on Active Directory Sites and Services.

Same method applies on secondary DC server  

Go to Default First Site name – and expand DC server

If you can check I have selected first my primary server.

So, click on Right NTDS -All Tasks- Check Replication Topology.

Once checked Replication Topology.

Same method applied

ONCE CHECKED Replication same method apply on secondary server  

So, now I am creating a user in Primary DC Central.

Creating user to cross check DC1 and DC2

User pass

User created

So, replication working properly

Mohds user available in Secondary server also.

Once you will check active directory users and computer

So again, I am creating a user in secondary server.

New user assign in secondary server

Once refresh

You will get new user also listed in primary server or what ever you will create in OU it will replicate.

Backup Domain Controller
or Secondry Domain Controller
win+r

dsa.msc

How to transfer FSMO Roles when main domain controller is down or offline

FSMO Roles
2 Roles are working with:
Forest Level:
Schema Master
Domain Naming master
3 Roles are working with:
Domain Level:
RID Master
PDC
Infratcture master

Secondry DC
:
netdom query fsmo

Transfer fsmo roles to Secondry domain:

ntdsutil

after just type question mark like —

roles

and press enter

select roles

once fsmo maintenance: then type: ?

now type connections:
again ?

Now need to connect to in backup Domain Controller like—

Example) connect to server additional.querypanel.local

connect to server (servername) hit enter

and now go back to fsmo maintenance

so now need to select seize
(once Primary domain is not available so we have to seize the roles)

fsmo maintenance: seize infracture master
then hit enter
again fsmo maintenance: seize naming master

again fsmo maintenance: seize PDC
again fsmo maintenance: seize RID master
again fsmo maintenance: seize schema master

after operation open Active Directory Users and computer

right click and click to operation

check there roles belong to which domain

Leave a Reply

Your email address will not be published. Required fields are marked *