How to Add a Domain Controller to an Existing Domain (PowerShell)

Published: Nov 14, 2024

Datacenter networking servers

SHARE ARTICLE

How do you add a new domain controller (DC) to your existing Active Directory (AD) domain? In this post, I will show you how to quickly add a new DC to AD.

This article applies to: Windows Server 2025, Windows Server 2019, Windows Server 2022, and Windows Server 2016

Check the domain and forest functional levels of your domain

The only main prerequisite to adding a Windows Server 2025 domain controller into an existing domain is that the domain functional level needs to be running Windows Server 2016. I can use PowerShell to confirm the domain and forest functional levels.

Get-ADForest | fl Name, ForestMode
Get-ADDomain | fl Name, DomainMode
image 9
Using PowerShell to confirm the forest and domain functional levels

Install Windows Server and rename the server

The initial setup includes firing up a new virtual machine and installing Windows Server. When setup finishes, I can use this PowerShell command to rename the computer.

Rename-Computer -NewName "WS25-DC5" -Restart

Check for updates using SConfig

After rebooting, I can use the ‘SConfig’ program in PowerShell to check for updates and install them. (They are already installed, so no updates are pending)

image 10
Using SConfig to check for and install Windows Updates

After one more reboot, we need to assign a Static IP Address to our server. Here are the commands.

New-NetIPAddress –IPAddress 192.168.1.138 -DefaultGateway 192.168.1.254 -PrefixLength 24 -InterfaceIndex (Get-NetAdapter).InterfaceIndex

Set-DNSClientServerAddress –InterfaceIndex (Get-NetAdapter).InterfaceIndex –ServerAddresses 192.168.1.240,192.168.1.241

This will assign a static IP of 192.168.1.38 on my lab network with the default gateway and add my first two DCs as DNS servers. We will need this when we join the computer to the domain next.

image 3
All set to join to AD and promote to DC

Join Windows Server to the Active Directory domain

The next step is to join the computer to my AD domain – reinders.local. Let’s use this command to handle the process in one step.

Add-Computer -DomainName "reinders.local" -Restart
image 4
Using PowerShell to join my server to my domain

Install the AD DS server role

After a reboot, I’ll log in to the server with my domain admin account (mreinders). We are ready – we can first run this command to install the Active Directory Domain Services (ADDS) role.

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
image 5
Installing the AD Domain Services role with PowerShell

Promote the server to a domain controller

With this complete, we can run this command to promote the server to a DC.

Install-ADDSDomainController -DomainName "reinders.local" -InstallDns -Credential (Get-Credential) -Confirm:$false

One quick note – I need to temporarily add my domain admin account to the Enterprise Admins group to allow this change. Check out Manage Active Directory Groups Using PowerShell on Petri.com to add your account to the Enterprise Admins group.

image 6
Windows is configuring the server to be a DC

After that was completed, Windows prompted me to reboot.

image 7
After that is complete, we need to reboot. Notice the AD schema version was updated…

After one more reboot, we are good. I can use PowerShell to confirm we have 5 DCs.

Get-ADDomainController -Filter * | Select-Object Name, IPv4Address, OperatingSystem
image 11

Thank you for reading my post on adding a Windows Server server as a new domain controller in an existing AD domain.

SHARE ARTICLE