Adding a Secondary Domain Controller on Windows Server 2012

Updated on June 7, 2015
Adding a Secondary Domain Controller on Windows Server 2012 header image

Domain controllers are used to, among other things, authenticate users when Active Directory is installed. When you've set up your domain controller, simply bind a computer to your domain and everything will work. However, what if a domain controller is offline? For maintenance, or maybe there's a power outage? People will not be able to be authenticated by the domain controller and thus not able to use their computers. In order to prevent that from happening, you'll want a secondary domain controller: a domain controller that replicates all the data from the primary domain controller.

When the primary domain controller is offline, users can still be authenticated by the other domain controllers that are available. Your secondary domain controller (or if you want to setup more than two domain controllers, all your domain controllers) will replicate the data from your primary domain controller; that way, when the primary domain controller is not available, users can still continue to work.

Step 1: Deploying a second server

For every domain controller that's added to a domain, a new Windows Server must be deployed. To do this, log in to your account on the Vultr control panel, click "Deploy" in the menu, select the location, and choose "Windows Server 2012" as the OS. Then click "Place Order" to deploy your Windows Server.

Wait for the Windows Server to be deployed. It takes longer than deploying a Linux machine, as Windows Server is much heavier; also the reason why it requires at least 1 GB RAM.

Step 2: Install Active Directory Domain Services

Once the new server is deployed, log in via RDP, and go to your Server Manager. Click Manage -> Install Roles and Features. The role that you want to install is "Active Directory Domain Services", just like you have on your first domain controller. Installing Active Directory can take some time, so let it finish.

Once it says that it has finished, Windows Server will allow you to promote the server to a domain controller. Go ahead and do this by clicking the "Promote this server to a domain controller" link.

Step 3: Configure the domain controller

You will now be able to configure your domain controller. You want to check "Add a domain controller to an existing domain". After all, we don't want to add a new domain, instead, we want to add a secondary domain controller to the existing one.

You will need to specify the domain in which to add the domain controller. Click "Select..." and enter your credentials from the Administrator account. A window will open which will show all domains in the forest. Choose the domain.

Click "Next" when you are ready to proceed. Now, we need the server to be a DNS and a GC server - so make sure they're both checked. We do not want this server to be a RODC, so don't check that option. Enter your password and click "Next".

If you get an error about DNS, you can ignore it and click "Next".

We want to replicate from all domain controllers, so the "Replicate from" option should be set to "Any domain controller".

As for the paths, you can leave these as the default. Click "Next".

You will now see an overview of all the options that you have selected. Click "Next". It will verify whether or not your system can be used as an additional domain controller. Upon success, the option "Install" will become available. Click it to add the secondary domain controller.

The server will be restarted.

Congratulations, you have now added a secondary domain controller!

Repeat the steps in this tutorial to add more domain controllers, if needed.