Post migrated to: http://kpytko.pl/active-directory-domain-services/adding-additional-domain-controller-windows-server-2012/
Great Post, used it to setup our 2nd dc.
I have setup a primary DC (DC1) and followed by another DC (DC2), just like the example. Now I would like to have the latest addition (DC2) to be the primary controller and DC1 to be the secondary controller. How is this accomplished? How can I verify which DC is being used first?
Thanks in advance.
you cannot decide to which DC users/computers would be authenticated. If you have DCs in the same Site, all of them are used for authentication. In case you wish to separate authentication traffic, you need to create separate Site and subnet for it then configure your network with new subnet and traffic will be split between DCs.
Can you show us an example of how créate, for example, two sites and let authenticate users depending on the subnet? Our DCs have the default-site created but now We would like to Split them: users on site A, authenticate at 192.168.1.1 and users on site B at 192.168.2.1. It’s not a new windows installation, DC already exits. Thanks in advance.
yes of course, this is really good topic for post. Thank you very much for that. I will try to prepare this article in the next few days and publish it. I hope you still would need this guide.
Thank you in advance for your patience.
Look here for LdapSrvPriority: http://technet.microsoft.com/en-us/library/cc957290.aspx http://technet.microsoft.com/en-us/library/cc732963%28v=ws.10%29.aspx
You have to configure the priority of the SRV records for your domain controllers on your primary DNS server
You blob is great. I follow every steps and at the last steps (when installing ) I got a error . I could not understand the reason.
The operation failed because:
The attempt to join this computer to the “windowslab.local” domain failed.
“The request is not supported.”
please give some advises,
is this case still valid? Do you still need help or did you solve the issue?
Pretty element of content. I just stumbled upon your blog
and in accession capital to claim that I get actually loved account your weblog posts.
Any way I’ll be subscribing on your augment and even I success you get entry to persistently quickly.
After added the additional domains do I need to setup DNS service (forward /reveres) separately for every domain?
I don’t have an option to ignore DNS delegation and it fails on verification. How do you avoid this?
when you say: Provide Enterprise Administrator credentials and go to the next step and you used: firstname.lastname@example.org. Is the Blah part the existing domain control’s name? or could I just use administrator for the credentials?
Thank for your Great video. please i just want ask if it possible to add server 2012 as secondary domain to my sbs 2011 primary domain. thanks
yes, it is possible as long as you do not transfer FSMO roles from your SBS Domain Controller to the additional Windows Server 2012 Domain Controller. All those steps are the same as you would add additional Windows Server 2012 DC within Windows Server 2008 R2 environment. SBS 2011 is based on Windows Server 2008 R2 operating system and there is also Exchange 2010 which was refreshed from the previous SBS 2008 edition.
Please follow this guide, but at the end do not transfer FSMO roles to the new DC
I followed your excellent Configuring a forest root domain on a fresh install of Server2012r2 and it went perfectly. I’m now following this guide to add a 2nd DC to the existing forest, but I can get past this error ‘An Active Directory domain controller for “test.local” could not be found’
I’ve configured the DNS as exactly as instructed on both servers but no matter what i try I always get stuck at the same point.
I’m using 2x Server 2012R2 standard VMs on ESXi5.0. each O/S has been freshly installed and updated from an MSDN ISO (5 attempts for each now!)
The weird thing is, if I put the IP of the first DC into the Domain field when triing to add it to the existing forest and hit select, it displays test.local, so the DNS looks like its working.
Any ideas, I might try 2012 rather than 2012r2 next ?
thank you for reading my blog and following the article. Your case is really curious 🙂
I’m really surprised that you were able to set up Windows Server 2012 R2 on ESXi 5.0 ! VMWare recommends for 2012 at least ESXi 5.0 Update 3 (earlier versions have serious bug) and for 2012 R2 at least ESXi 5.1
Please check below requirements and tell me if all of them are applied:
– both VMs are using the same vNIC
– both VMs are within the same VLAN
– ports required for AD replication are opened (see this MS article about that at http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx)
– Windows advance firewall allows for communication on the same ports as above
– VMWare guest tools are installed on both servers
– Under VMWare guest tools, time synchronization with host is disabled on both Windows servers
– system time is the same on both servers (difference lower than 5 mins!)
To verify ports, you may use portqry 2.0 toola available at http://www.microsoft.com/en-us/download/details.aspx?id=17148 or use a graphical version portqry UI at http://www.microsoft.com/en-us/download/details.aspx?id=24009
I would suppose this issue may be related with an environment (ESXi) rather than broken ISO image.
and please let me know if this is still an issue for you? Then we’ll try to find another way to discover what’s wrong.
thank you very much it is very simple way for make adc ……………..ghuffar malik
Thank You! Very well explained
Thank you! very good manual, made it easy.
Thanks for the great article.
I am still a little confused when it comes to adding a 2012 DC to an existing Domain with legacy trusts and members. I have Two DCs 2003R2 in a 2003 FFL and DFL domain. This domain has 2000 and NT 4 members and a trust to a nt4 domain. If I introduce a 2012R2 DC and keep the FFL, DFL and FMSO role as they are. Will the trust and member function as normal? is it possible to have the legacy members still authenticate on the 2003 DCs and maintain the external trust? Without any of the “Allow cryptography algorithms compatible with Windows NT 4.0” stuff.
Yes, trusts would work without changes. However, I’m not sure if you would be able to authenticate using NT4 domains when you remove Windows Server 2003 Domain Controllers
Our current DC is Windows 2008 ENterprise R2 which is again our primary DNS server.
We need to setup an Additional DC on Windows 2012 R2 Standard. Our objectives are
1.The new server will be our Additional Domain Controller (ADC)
2. The new server will be our 2ndary DNS server.
We need to add a few new virtual servers to our domain with the DNS pointing to this new ADC & once this task is completed we will promote this server as the Primary Domain COntroller and the Primary DNS server.
Which means I will need to transfer all the FSMO roles at this point.
Appreciate if all you techies out there can help me to understand the best way to go about this.
Thank You in advance.
Very clear and detailed post. Thank you!
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
You are commenting using your Google+ account. ( Log Out / Change )
Connecting to %s
Notify me of new comments via email.
Enter your email address to follow this blog and receive notifications of new posts by email.
Join 63 other followers
iSiek's blog about Microsoft Windows services
Blog at WordPress.com.