Published: Nov 14, 2024
How do you add a new domain controller (DC) to your existing Active Directory (AD) domain? In this post, I will show you how to quickly add a new DC to AD.
This article applies to: Windows Server 2025, Windows Server 2019, Windows Server 2022, and Windows Server 2016
The only main prerequisite to adding a Windows Server 2025 domain controller into an existing domain is that the domain functional level needs to be running Windows Server 2016. I can use PowerShell to confirm the domain and forest functional levels.
Get-ADForest | fl Name, ForestMode
Get-ADDomain | fl Name, DomainMode
The initial setup includes firing up a new virtual machine and installing Windows Server. When setup finishes, I can use this PowerShell command to rename the computer.
Rename-Computer -NewName "WS25-DC5" -Restart
After rebooting, I can use the ‘SConfig’ program in PowerShell to check for updates and install them. (They are already installed, so no updates are pending)
After one more reboot, we need to assign a Static IP Address to our server. Here are the commands.
New-NetIPAddress –IPAddress 192.168.1.138 -DefaultGateway 192.168.1.254 -PrefixLength 24 -InterfaceIndex (Get-NetAdapter).InterfaceIndex
Set-DNSClientServerAddress –InterfaceIndex (Get-NetAdapter).InterfaceIndex –ServerAddresses 192.168.1.240,192.168.1.241
This will assign a static IP of 192.168.1.38 on my lab network with the default gateway and add my first two DCs as DNS servers. We will need this when we join the computer to the domain next.
The next step is to join the computer to my AD domain – reinders.local. Let’s use this command to handle the process in one step.
Add-Computer -DomainName "reinders.local" -Restart
After a reboot, I’ll log in to the server with my domain admin account (mreinders). We are ready – we can first run this command to install the Active Directory Domain Services (ADDS) role.
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
With this complete, we can run this command to promote the server to a DC.
Install-ADDSDomainController -DomainName "reinders.local" -InstallDns -Credential (Get-Credential) -Confirm:$false
One quick note – I need to temporarily add my domain admin account to the Enterprise Admins group to allow this change. Check out Manage Active Directory Groups Using PowerShell on Petri.com to add your account to the Enterprise Admins group.
After that was completed, Windows prompted me to reboot.
After one more reboot, we are good. I can use PowerShell to confirm we have 5 DCs.
Get-ADDomainController -Filter * | Select-Object Name, IPv4Address, OperatingSystem
Thank you for reading my post on adding a Windows Server server as a new domain controller in an existing AD domain.