How to Add a Secondary Domain Controller to an Existing Domain

Relying on a single Domain Controller (DC) in your Active Directory environment is risky. If that one server goes down, no users can log in, and critical services depending on authentication will stop working. To avoid this single point of failure, best practice is to deploy at least two Domain Controllers per domain.

In this guide, we’ll walk through adding a second Domain Controller—DC02—to an existing domain (exoip.local), where DC01 is the original controller.

Here you’ll find a wide variety of valuable stories and advice from information security industry veterans with decades of combined experience. It is our hope that their tips will help you set yourself up for success in our course and the test itself.

Why Multiple Domain Controllers Matter

  • Redundancy: Ensures availability in case one DC fails
  • Load balancing: Authentication and queries can be spread across both servers
  • AD DS Management: Keeps administration running even if one DC is offline

🚨 If your only writable Domain Controller fails, you lose access to domain-level management!

Prerequisites

  • Install Windows Server on your new machine (DC02)
  • Ensure it’s already joined to the domain
  • Set the preferred DNS on DC02 to the IP of DC01

Example IP configuration for DC02:

  • IP: 192.168.1.52
  • Preferred DNS: 192.168.1.51 (DC01)

Step 1 – Install AD DS Role on DC02

  1. Open Server Manager
  2. Navigate to:
    Dashboard > Manage > Add Roles and Features
  3. Choose Role-based or feature-based installation
  4. Select the server from the server pool
  5. Check Active Directory Domain Services
  6. Click Add Features when prompted
  7. Keep clicking Next, then click Install

After installation, you’ll be ready to promote DC02 to a Domain Controller

Step 2 – Promote DC02 to Domain Controller

  1. In Server Manager, click:
    Promote this server to a domain controller
  2. Select Add a domain controller to an existing domain
  3. Enter domain admin credentials if prompted
  4. Set a Directory Services Restore Mode (DSRM) password
  5. Choose the replication source (DC01 or any DC)
  6. Continue through the wizard and click Install

The server will reboot automatically once the promotion completes.

    Step 3 – Verify New DC Configuration

    Check DNS Settings

    On DC02:

    • Preferred DNS: DC01 (192.168.1.51)
    • Alternate DNS: 127.0.0.1

    On DC01:

    • Preferred DNS: DC02 (192.168.1.52)
    • Alternate DNS: 127.0.0.1

    Confirm in ADUC (Active Directory Users & Computers)

    1. Launch ADUC
    2. Expand the Domain Controllers OU
    3. You should see both DC01 and DC02 listed

    Verify Replication Status

    Run the following command in PowerShell:

    repadmin /replsummary

      Check that:

      • There are no replication errors
      • Both DCs are listed with 0 fails

      You’ve successfully added a secondary Domain Controller to your domain. This improves fault tolerance and ensures that your Active Directory infrastructure is more resilient to outages.

                    Morris James

                    I am a Infrastructure & DevSecOps Engineer with over a decade of experience in cloud computing, cybersecurity, and automation. As the founder of Infotech Ninja, I share my expert insights on IT strategy, system administration, and security best practices. Holding certifications like CCNP Enterprise, MCSE, and VCP-DCV, I specialize in optimizing IT infrastructures and leveraging automation to drive efficiency.

                    Share this post

                    Copyright © 2025 InfoTech Ninja