Add a Child Domain to an Existing Forest (Server Manager)

Published: Nov 14, 2024

1725496402 Servers Hero

SHARE ARTICLE

In this guide I’ll show you how to add a child domain to an existing forest. If you have, for example, contoso.com as your single Active Directory forest domain, you may want to add some logical separation. You can add a child domain, corp.contoso.com, to your forest during the DC promotion wizard.

This article applies to: Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025.

Add the AD Domain Services server role

This scenario requires you to have an existing domain/forest already in your environment. For example, reinders.local is my forest-root domain. It was built when I created (promoted) my first domain controller (DC) in my lab environment.

All we need to do is build another Windows Server 2022 Datacenter server and confirm it has LAN access to our existing domain. I’ve built another one of these servers and named it WS22-CHILD-DC01.

The next contestant on the domain controller train
The next contestant on the domain controller train

Configure the new child domain

Putting in the details of our existing and new domain
Putting in the details of our existing and new domain
  • I chose the second option – ‘Add a new domain to an existing forest.’
  • I then typed in my existing forest domain – ‘reinders.local‘ and named our new child domain – ‘corp‘.

Remember, the wizard is only asking for the beginning of the new domain. If you type in ‘corp.reinders.local,’ it will give you an error. It only wants the beginning part. It will automatically make the DNS name – ‘corp.reinders.local’.

  • On the Domain Controller Options screen, the Domain functional level can only be ‘Windows Server 2016‘ in my lab.
  • I entered my DSRM password and clicked Next.

You will undoubtedly need to make a choice in your test and/or production environments. My advice – choose a level as high as you can. (Note – Windows Server 2025 is the highest possible level at this time.)

Choosing our Domain Controller Options
Choosing our Domain Controller Options
  • On the DNS Options screen, the wizard will automatically create a DNS delegation in our parent zone (reinders.local).
DNS Options - DNS delegation to be created
DNS Options – DNS delegation to be created
  • On the Additional Options screen, we verify that ‘CORP’ is the NetBIOS domain name. Click Next.
Verifying 'CORP' as our NetBIOS domain name
Verifying ‘CORP’ as our NetBIOS domain name
  • I clicked Next on the Paths screen and got to the Review Options section.
  • I clicked View script to show you the script for this scenario.
  • I then clicked Next. (Did you notice the ‘DomainMode’ attribute? “Threshold” was the Microsoft codename for several of the Windows 10 versions. Windows Server 2016 is based on Windows 10 version 1607).
On the Review Options screen and the PowerShell script for our scenario
On the Review Options screen and the PowerShell script for our scenario!

We can verify everything on the Prerequisites Check screen, and after doing that we’re ready for launch.

  • Click Install. (The server will automatically reboot as it warns you at the bottom of the window.)
Prerequisites Check is complete. We are ready for launch!
Prerequisites Check is complete. We are go for launch!

During the progress, we can see the replication of objects from reinders.local to our new child domain, corp.reinders.local.

The domain controller is being configured and installed
The domain controller is being configured and installed

Check the new child domain configuration

After the server rebooted, I logged into WS16-DC1, one of my DCs in our parent domain – reinders.local. I opened Active Directory Users and Computers (ADUC), right-clicked on the reinders.local domain tree, and clicked Change Domain…

Changing the domain to view in ADUC
Changing the domain to view in ADUC
  • I clicked the ‘Browse…‘ button and expanded ‘reinders.local’. There’s our new child domain, corp.reinders.local!
Accessing corp.reinders.local!
Accessing corp.reinders.local!

To verify a few more things, I clicked the Domain Controllers folder and there’s our new domain controller – WS22-CHILD-DC01. Very good.

SHARE ARTICLE