Adding Secondary Domain Controller
Having a single Domain Controller in any organization is not recommended. Creating a single point may bring a big problem in the cause of any failure. To avoid this type of failure it is advisable to have a secondary Domain Controller (DC). The secondary DC will basically act as a primary one if the primary one fails. This article will describe steps to add a second Domain Controller in a Windows Server domain.
Creating Primary Domain Controller (DC)
First, prepare a fully functional Domain Controller (DC). This will be our 1st DC. You can install/Configure DC using the Server Manager.
Now that the role is installed, we can promote the server to a Domain Controller. Click in the message “Promote this server to a domain controller”. Click Add a new forest. This will create completely a new domain.
Give suitable Directory Services Restore Mode (DSRM) password. It allows an administrator to repair or recover an Active Directory Database.
You will most likely receive the error below that says “A delegation for this DNS server cannot be created….” This is common.
Creating Secondary Domain Controller (DC)
Just like the primary one, install “Active Directory Domain Services” on the second server also. This will be our secondary domain controller. The only difference will be during promoting the Domain Controller. Back in Server Manager, you will see a yellow triangle at the top right that needs to be clicked. In the message details click “Promote this server to a domain controller”.
On the Deployment Configuration, choose “Add a domain controller to an existing domain”.
On the Domain Controller Options page, Domain Name System Server & Global Catalog should be checked. Our goal is to make both DNS Servers writable, which means we will NOT check RODC option.
On the additional options page, select where you want this server to replicate from. Here we will choose to replicate from both domain controllers. The only condition is that both DCs should be in the same site.
Once the install and configuration are complete, reboot both servers. To verify functionality, go into Administrative Tools, Active Directory Sites and Services and verify the new Domain Controller is listed under your site.
Now both Domain Controllers should be synchronized with each other. That will ensure that if one DC fails, the other will still carry the job.
Similarly, Group Policies, as well as AD Structures are also synchronized with each other.