Adding a second DC

AD is the core of your network. It has ties to everything! As such, it makes sense that you would want this to be as redundant as possible. In Windows Server 2019, creating a secondary DC is so easy that you really have no reason not to do it. Can you imagine rebuilding your directory by following a single server hardware failure where you have 100 user accounts and computers that are all part of the domain that just failed? How about with 1,000 or even 10,000 users? That could take weeks to clean up, and you'll probably never get it back exactly the way it was before. Additionally, while you are stuck in the middle of this downtime, you will have all kinds of trouble inside your network since your user and computer accounts are relying on AD, which would then be offline. In this recipe, we'll go through the steps you need to follow to take a second server into your network and join it to the existing domain that is running on the primary DC to create our redundant, secondary DC. The larger your network gets, the more domain controller servers you are going to have.

Getting ready

Two Server 2019 machines are needed for this. We will assume that the first one is running Active Directory and DNS already, like the one we set up in the previous recipe. The second server is online, on the same network, and has been named DC02.

How to do it…

To create a redundant secondary DC, perform the following steps:

1. Open Server Manager on DC02 and click Add roles and features.
2. Click Next a few times until you get to the Server Roles screen. Let's choose both Active Directory Domain Services and DNS Server. It is very common for each DC to also run DNS so that you have redundancy for both services. Both of these roles will prompt for additional features, so make sure you press the Add Features button when it prompts you to allow the installation of those extra components:
   

   Figure 2.8 – Service listings in the Add a Role wizard

3. We do not require any other features, so click Next through the remaining screens and then click on Install on the last page.
4. Once the installation is finished, you have a link to click on that says Promote this server to a domain controller. Go ahead and click on that link:
   

   Figure 2.9 – Reviewing the post-deployment requirements for the ADDS feature

5. For this second DC, we are going to choose the Add a domain controller to an existing domain option. Then, in the Domain field, specify the name of the domain that is running on your existing DC. You must also specify a domain administrator account in the credentials field to validate against the domain:
   

   Figure 2.10 – Adding an additional domain controller to an existing forest

   Information Box

   If you receive an error message saying that a DC for the domain could not be contacted, you probably haven't specified a DNS address in your TCP/IP settings. Add your first DC's IP address as your primary DNS server and it should work.

6. The rest of the steps reflect the same options we chose when creating our first DC in the previous recipe. Once you have finished stepping through the wizard, you will have a secondary DC and DNS server online and running.
7. As you are hopefully expecting, here is the PowerShell equivalent of the process we just did:

   Install-ADDSDomainController -InstallDNS -DomainName ad.cookbook.packt.com

   Another one-liner!

How it works…

Creating redundancy for Active Directory is critical to the success of your network. Hardware fails, we all know it. A good practice for any company is to run two DCs so that everyone continues to work in the event of a server failure. An even better practice is to take this a step further and create more DCs, some of them in different sites perhaps, and maybe even make use of some Read-Only Domain Controllers (RODCs) in your smaller, less secure sites. See the following link for some additional information on using an RODC in your environment: http://technet.microsoft.com/en-us/library/cc754719(v=ws.10).aspx.