How to add a child domain in an existing Directory Domain Services (AD DS) forest in Windows Server 2012

In this blog we will explore adding a child domain to an existing forest. The Active Directory Domain Services (AD DS) design team has finished the design phase for the new AD DS environment and now it is time to add a new child domain to the environment.  Using Microsoft’s best practices the Domain Name System (DNS) has been configured to support the new child domain. The following steps have been accomplished:

  • A Site named Arizona has been created and configured in AD DS. (see diagram below)

  • A static IP Address was configured with the DNS entry pointing to the corporate DNS server.
  • The server DNS suffix has been updated on the new DC computer name.
  • DNS has been configured with the child domain.
  • Verify the server has registered its host record for the new Domain. (see diagram below)

To install AD DS complete the following steps:

Use Server Manager to add the Active Directory Domain Services Role to install the Binaries to support the server becoming a Domain Controller.

  1. Launch Server Manager, select the Manage drop down menu, select Add roles and features.

  1. Review the Before You Begin page, Click Next. 
  2. On the Select installation type page ensure Role-based or feature-based installation radial button is selected, click Next.

  1. On the Select destination server page Select the desired server from the Server Pool.

        Note: The 2012 Server Manager allows roles and features to be installed remotely.

  1. Click on the Active Directory Domain Services box.

  1. The Add features that are required for Active Directory Domain Service dialog box pops up, select Add Features, click Next.

  1. Do not add any features on the Select features page, click Next.

  1. Review the Active Directory Domain Services information page, click next.

  1. The AD DS Binaries are now being installed, click Close to close the Installation progress dialog box.

10. If you close the above window you can click on the notification flag to check on installation status.

 

Note: The Binaries are now installed on the server to support this server becoming a Domain Controller. Use DCPROMO to promote this computer to a Domain Controller.

Using Server Manager to make this server a Domain Controller and install the replica domain controller.

  1. In previous versions of Windows Server you used DCPROMO to create the first Domain ControllerOn Window Server 2012 running DCPROMO will result in the following dialog box. DCPROMO is still supported for unattended installations.

  1. In Server Manager Title bare click on the yellow triangle to perform post-deployment configuration of promote the server to a Domain Controller.

  1. Click on Promote this server to a domain controller to start the promotion wizard.

4. On the Deployment Configuration page complete the following tasks

  1. Select the Add a domain to an existing forest radial button. 
  2. On the Select domain type drop down box select Child Domain.
  3. Fill in the Parent domain name box with the parent AD DS Domain Name.
  4. Fill in the desired New domain name.
  5. Click change to supply the credentials for a member of the Enterprise Admins group.

  1. Verify the entries change if needed, click Next.

  1. On the Domain Controller Options page De-select DNS or GC during this installation, Enter a desired DSRM Password, click Next.
    Note: Because the server’s IP Address is in a different site defined in Active Directory Sites and Services, the site name has been pre-selected for that site.

 

  1. Verify the NetBIOS domain name and click Next.

  1.  On the Paths page verify the desired locations of the Database, Log files and SYSVOL folders, change the locations is required, click Next.

  1. On the Review Options page, click Next.

Note: If an Unattended PowerShell installation script is desired, click view script and then save from the file drop down menu.

  1. The AD DS Configuration Wizard will perform and Prerequisite check before the installation can continue. After the check is completed successfully click Install.

10. The server will restart once the configuration has completed, the server is now a domain controller for the newly formed domain.

Verifying the installation of AD DS

  1. Logon to the Parent Domain’s First Domain Controller using the Administrator account credentials.
  2. Launch the DNS console and verify the creation of Service Records for the newly established domain controller. In the appropriate domain and site.
  3. Launch Active Directory Sites and Services, verify the new Domain Controller has populated the correct site.

Active Directory Domain Services is now installed and has established the child domain, until next time, RIDE SAFE!

 

To review the previous blogs visit:

Establishing an AD DS Forest

Adding a replica Domain Controller to an existing AD DS Domain

Adding a replica Domain Controller to an existing AD DS Domain using the Install From Media (IFM) method

Adding a Replica Windows Server 2012 Domain Controller using Cloning

 

Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ

Posted in Windows Server, Windows Server 2012 | Posted in , , , , , , , | 4 Comments

Your Feedback: (4 Responses)

  • Rick Trader says:

    Hi Raymond,

    The default of the dialog box is to prompt you for credentials of the child domain you are creating. In the user portion of the dialog box put in the credentials of the Enterprise Administrator from the Forest Root domain. You will have to use the conical name for logon, example if your Forest Root is USSHQ.Mil you would enter usshq\administrator. You could also use the UPN for the logon, example would be administrator@usshq.mil.

    Hope this clears things up.

  • Raymond Anthony says:

    I tried to add a child domain to an existing forest but could not. Having entered the name of the child domain and coming to the credentials step, it should have prompted me to enter the administrator of the forest root domain as per your screenshots. Instead it was prompting me for the administrator of the yet to be created child domain and of course I got nowhere. Not sure where to go next.

  • mo says:

    Excellent article… the only challenges I have is that you did not provide the link to the technet / other article for the MS best practices and at points it can be unclear as to which server you are referring to (child / parent). Thank you for your efforts.

  • rownok says:

    Dear sir, your article is very useful. last month i create a child domain over VPN. after continuous try fro 8 days finally i can manage to create the child domain by installing separate DNS server on child site. here u write not to install DNS server rather use root DNS server. it must be easier process then my.
    Now i am in a ad problem.
    I have a domain controller installed on win2008 server. recently i have installed an additional domain controller windows server 2012 R2 on the domain. now when i take the PDC offline and new ADC running, user can not authenticate. and on ADC I can not open any ADDS tool, it says – server not found.
    What can I do now?

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">