In this blog post, I’ll show you how to promote a new Windows Server Core 2016-member server to be Domain Controller using Windows PowerShell.
According to Microsoft Active Directory best practices, it is recommended to have minimum two Domain Controllers installed and configured In the environment.
When you have more than one Domain Controller, the two DCs will replicate the data between them and in case one fails the data will be protected and users will be able to authenticate which one server is offline.
Active Directory is the most important component in Windows Server network environment which many administrators forget to acknowledge.
The Domain Controllers provide authentication and access services to users and computers that are part of the Domain.
Active Directory Domain Services has been the cornerstone In Windows Server Domain Environment since its release with Windows Server 2000.
It also used as the Identity engine behind Microsoft Azure Active Directory and Office 365.
AD allows us to manage users and groups across all Microsoft Core product like Exchange, SharePoint, Skype For Business and Office 365.
To promote an additional Domain Controller I will use a Domain Administrator account to log into the member server that will be promoted.
I’ll Install the AD Domain Services feature that will enable be to use the PowerShell module that will promote the server.
Install PowerShell Module
The first step in promoting the Server to be a DC is to Install the AD Domain Services Module using the cmdlet below
Add-WindowsFeature AD-Domain-Services, RSAT-AD-AdminCenter,RSAT-ADDS-Tools
Promote Member Server to be a Domain Controller
Once the tools are Installed, I’ll use the cmdlet below to promote the Server to be a DC and Install DNS Server
install-addsdomaincontroller -installdns -domainname test.local
The wizard will ask for a Safe Mode password that will be used for Ad restoration
Now the actual Installation will start and as part of the process, Active Directory replication data will be copied from the existing DC (VDC01) to the new DC (VDC02).
This process can take a few minutes to 40 minutes depending on the replication data size, network link, and Server CPU, memory, etc.
When finished, I restart the computer using the cmdlet below:
After restart, I’ll log to the Server and will run the cmdlet below that will show me all the Domain Controllers in the Domain
Get-ADDomainController -Filter * | ft
As you can see, I have two DCs ( the new one is VDC02).
Using PowerShell to promote Member Server to be a Domain Controller is much faster, secure and easy.
I recommended Using Windows Server Core 2016 because it needs less patching, restart and the attach surface Is smaller.
In terms of performance, Server Core will take fewer resources compared to Server with GUI.
It’s important to know that every Active Directory Domain Environment is consist of :
- Forest – Group number of Domains that share the same forest scheme
- Domain – Each domain has Users, Group and other Directory objects that are part of it and can access resources in it.