Active Directory

How to Install a Replica DC in an Existing AD Domain on Windows Server 2003

How do I install a second Domain Controller in my Active Directory domain on my Windows 2003 Server?

First make sure you read and understand Active Directory Installation Requirements. If you don’t comply with all the requirements of that article you will not be able to set up your AD (for example: you don’t have a NIC or you’re using a computer that’s not connected to a LAN).

Note: This article is only good for understanding how to install the SECOND DC in an EXISTING DOMAIN in and EXISTING AD FOREST.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Note: For the installation of the FIRST DC in the AD Domain read How to Install Active Directory on Windows 2003.

Here is a quick list of what you must have:

  • An NTFS partition with enough free space
  • The Domain Admin’s username and password
  • The correct operating system version
  • A NIC
  • Properly configured TCP/IP (IP address, subnet mask and – optional – default gateway)
  • A network connection (to a hub or to another computer via a crossover cable)
  • A persistent and un-interrupted connection with the domain’s existing DC
  • An operational DNS server which holds the relevant SRV Record information for the AD domain and forest
  • The Domain name for the domain that you want to join
  • The Windows 2003 CD media (or at least the i386 folder)
  • Brains (recommended, not required…)

This article assumes that all of the above requirements are fulfilled.

For a Windows 2000 version of this article please read How to Install a Replica DC in an Existing AD Domain on Windows 2000.

Step 1: Configuring the computer’s TCP/IP settings

You must configure the would-be Domain Controller to use the IP address of the DNS server, so it will point to it when registering SRV records and when querying the DNS database.

Configure TCP/IP

  1. Click Start, point to Settings and then click Control Panel.
  2. Double-click Network and Dial-up Connections.
  3. Right-click Local Area Connection, and then click Properties.
  4. Click Internet Protocol (TCP/IP), and then click Properties.

  5. Assign this server a static IP address, subnet mask, and gateway address (optional). Enter the DNS server’s IP address in the Preferred DNS server box.

    Note: You MUST have an operational DNS server that already serves as the DNS server of the domain/forest.

  6. Click Advanced.
  7. Click the DNS Tab.
  8. Select “Append primary and connection specific DNS suffixes”
  9. Check “Append parent suffixes of the primary DNS suffix”
  10. Check “Register this connection’s addresses in DNS”. If this Windows 2000-based DNS server is on an intranet, it should only point to its own IP address for DNS; do not enter IP addresses for other DNS servers here. If this server needs to resolve names on the Internet, it should have a forwarder configured.
  11. Click OK to close the Advanced TCP/IP Settings properties.
  12. Click OK to accept the changes to your TCP/IP configuration.
  13. Click OK to close the Local Area Connections properties.

      Step 2: Running DCPROMO

      After completing all the previous steps and after double checking your requirements you should now run Dcpromo.exe from the Run command.

      Note: In Windows Server 2003, unlike Windows 2000, you can choose to install the Replica DC from a backed-up media thus saving considerable amounts of time and bandwidth. Read Install DC from Media in Windows Server 2003 for more info.

      1. Click Start, point to Run and type “dcpromo”.
      2. The wizard windows will appear. Click Next.
      3. In the Operating System Compatibility window click Next.

      4. Choose Additional Domain Controller for an existing domain and click Next.

      5. In the Network Credentials window enter the username and password for a Domain Admin in the domain you’re trying to join. also enter the full DNS domain name. Click Next.

        This step might take some time because the computer is searching for the DNS server.

        Note: Although the wizard will let you get to the last window and begin to attempt to join the domain, if you enter the wrong username or password, because of the wrong credentials you’ll get an error message:

        If you enter the domain name in a wrong way you’ll get this error message:

        The wizard will not be able to continue past the domain name window.

        If you have wrong DNS settings, i.e. the computer “thinks” that it should be “talking” to one DNS server, while in fact it should be using another DNS server, you’ll get an error message like this one:

      6. In the Additional Domain Controller window type or browse to select the domain to which you want to add the replica DC.

      7. Accept the Database and Log file location dialog box (unless you want to change them of course). The location of the files is by default %systemroot%\NTDS, and you should not change it unless you have performance issues in mind. Click Next.

      8. Accept the Sysvol folder location dialog box (unless you want to change it of course). The location of the files is by default %systemroot%\SYSVOL, and you should not change it unless you have performance issues in mind. This folder must be on an NTFS v5.0 partition. This folder will hold all the GPO and scripts you’ll create, and will be replicated to all other Domain Controllers. Click Next.

      9. Enter the Restore Mode administrator’s password. Whatever you do – remember it! Without it you’ll have a hard time restoring the AD if you ever need to do so. Click Next.

      10. Review your settings and if you like what you see – Click Next.

      11. See the wizard going through the various stages of installing AD. Whatever you do – NEVER click Cancel!!! You’ll wreck your computer if you do. If you see you made a mistake and want to undo it, you’d better let the wizard finish and then run it again to undo the AD.
      12. If all went well you’ll see the final confirmation window. Click Finish.
      13. You must reboot in order for the AD to function properly. Click Restart now.

                            Step 3: Checking the AD installation

                            You should now check to see if the AD installation went well.

                            1. First, see that the Administrative Tools folder has all the AD management tools installed.
                            2. Run Active Directory Users and Computers (or type “dsa.msc” from the Run command). See that all OUs and Containers are there. See that your DC is listed in the Domain Controllers Container.
                            3. Run Active Directory Sites and Services. See that you have a site named Default-First-Site-Name, and that in it your server is listed along with the other DC in the domain/forest.
                            4. One reason for the lack of registration of SRV records is the fact the net NETLOGON service has somehow failed to register the SRV Records in the DNS zone.

                              You should try to restart the NETLOGON service to force the SRV registration.

                              From the command prompt type “net stop netlogon”, and after it finishes, type “net start netlogon”.

                              Open the DNS console. See that your new DC has registered itself in the 4 SRV Record folders.

                              Let it finish, go back to the DNS console, click your zone and refresh it (F5). If all is ok you’ll now see the 4 SRV record folders.

                            5. Check the NTDS folder for the presence of the required files.

                            6. Check the SYSVOL folder for the presence of the required subfolders.

                            7. Check to see if you have the SYSVOL and NETLOGON shares, and their location.

                                        If all of the above is ok, I think it’s safe to say that your AD is properly installed.

                                        If not, read Troubleshooting Dcpromo Errors.

                                        Related Topics:

                                        BECOME A PETRI MEMBER:

                                        Don't have a login but want to join the conversation? Sign up for a Petri Account

                                        Comments (7)

                                        7 responses to “How to Install a Replica DC in an Existing AD Domain on Windows Server 2003”

                                        1. Problemas con Controlador Secundario - P

                                          [...] pagina de , que de seguro esta basado en algun articulo de la technet que nunca enconte Lo unico que no trata el articulo, es si se debe montar previamente el servicio de DNS, yo lo [...]
                                        2. adding Win2k3 server to existing Win2k domain - part deux

                                          [...] Ok 1. I moved folders from the c and d drives on the old DC to a temp location to free up 5GB of space on each drive. Checked REPLMON - made no difference 2. I went into LDP to force the Security Descriptor Propagator to rebuild the object container. Checked REPLMON - made no difference This next one I'm a bit unsure about how to implement... 3. The problem may be related to the object's parent on this domain controller. On the source domain controller, move the object to have a different parent. Also I was checking through this guide and can't find the 4 SRV records in the DNS server. Can you shed any light on this: How to Install a Replica DC in an Existing AD Domain on Windows Server 2003 [...]
                                        3. SERVER Win2003 Active Directory spiegelen - 9lives

                                          [...] OS betreft het, 2008 of 2003? indien 2003, lees dit eens: How to Install a Replica DC in an Existing AD Domain on Windows Server 2003 __________________ Microsoft Certified IT Professional - HP Accredited Platform [...]
                                        4. Installing a second Windows 2003 AD server « Burger IT

                                          [...] Installing a second Windows 2003 AD server 1 10 2010 [...]
                                        5. Adding a Windows 2003 domain controller to your existing Windows 2000 domain |

                                          [...] server you can fire up DCPromo.exe and install Active Directory as per normal. Daniel Petri has an excellent article on how to install and test your new domain controller that you can follow, I've installed countless domain controllers and I still refer back to [...]
                                        6. Need help with new Server - Page 3

                                          [...] To give you a quick overview, take a look at these tutorials: How to Install a Replica DC in an Existing AD Domain on Windows Server 2003 and Transferring FSMO Roles I seem to remember following these at some point and it all working out [...]
                                        7. Additional Domain Controller | Click & Find Answer !

                                          [...] domain controller runnning. All of the AD info is replicated between the two.See: info.Yes, you can.The number of users/workstations as related to domain controllers is up to [...]

                                        Leave a Reply

                                        Download this eBook!

                                        External Sharing and Guest User Access in Microsoft 365 and Teams

                                        his eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure. The eBook will also outline some of the major decision points across four general-purpose guest access policy scenarios for how an organization can set this up with standard licensing.

                                        Download Now

                                        Sponsored By