Promote a Server to Domain Controller (Full Guide)

Learn how to promote a server to domain controller with this full guide. Promoting a server into a domain controller involves configuring a server to function as a DC, which is essential for efficient network administration and security.

In this article I’m going to share a step-by-step guide for promoting server to domain controller in a Windows Server environment.

Prerequisites

1. Install Windows Server: Ensure the server runs a supported Windows Server version (e.g., Windows Server 2016, 2019, or 2022).
2. Set a Static IP Address: Domain controllers require static IP addresses to ensure reliable connectivity.
3. Update System & Security Patches: Apply the latest updates and patches for enhanced security and stability.
4. Rename the Server (If Necessary): A proper naming convention helps in easier identification and management.
5. Install Active Directory Domain Services (AD DS): The AD DS role must be installed before promoting a DC.

Promote a Server to Domain Controller

I’m going to share the instructions that you must follow in order to successfully promote the server to a domain controller.

Step 1: Install the AD DS Role

To install the Active Directory Domain Services role, follow these steps:

1. Open Server Manager.
2. Click on Add roles and features.
3. In the Add Roles and Features Wizard, select Role-based or feature-based installation.
4. Choose the server you want to promote.
5. Select Active Directory Domain Services and click Next.
6. Follow the prompts to complete the installation.

Step 2: Promote the Server to a Domain Controller

Once the AD DS role is installed, follow these steps to promote the server:

1. After installing AD DS, click on the Notification flag in Server Manager and select Promote this server to a domain controller.
2. In the Deployment Configuration window:
   • Choose Add a new forest if you’re creating a new domain.
   • Select Add a domain controller to an existing domain if you’re adding a DC to an existing domain.
3. Provide the necessary details, such as the domain name and credentials.
4. Configure the Domain Controller Options, including DNS and Global Catalog settings.
5. Set the Directory Services Restore Mode (DSRM) password.
6. Review the Prerequisites Check and resolve any issues if prompted.
7. Click Install to promote the server to a domain controller.

Step 3: Configure Domain Controller Options

1. Specify Domain Controller Capabilities:
   • Domain Name System (DNS) Server if the DC will also act as a DNS server
   • Global Catalog (GC): Helps in faster user authentication and object searching.
   • Read Only Domain Controller (RODC): If setting up a read-only domain controller for security purposes.
2. Set Directory Services Restore Mode (DSRM) Password:
   • This password is required for recovering the AD database.
3. Replicate from an Existing DC (if applicable).

Verify the Promotion

1. After the server reboots, log in and open Server Manager.
2. Navigate to Tools > Active Directory Users and Computers.
3. Verify that the new domain controller appears in the list of domain controllers.

Post-Promotion Steps

After promoting the server to a domain controller:

• Verify the Installation: Use the dcdiag command to test the DC’s health.
• Check Replication: Run repadmin /replsummary to ensure proper synchronization.
• Create & Manage User Accounts: Use the Active Directory Users and Computers (ADUC) console.
• Set Group Policies: Apply security policies using the Group Policy Management console.

Conclusion

Promoting a domain controller is a fundamental task for IT professionals managing Active Directory environments. By following this step-by-step guide, you can ensure a smooth and successful promotion process. Remember to plan carefully, follow best practices, and verify your configuration to avoid common pitfalls.