
Learn how to promote a server to domain controller with this full guide. Promoting a server into a domain controller involves configuring a server to function as a DC, which is essential for efficient network administration and security.
In this article I’m going to share a step-by-step guide for promoting server to domain controller in a Windows Server environment.
Table of Contents
Prerequisites
- Install Windows Server: Ensure the server runs a supported Windows Server version (e.g., Windows Server 2016, 2019, or 2022).
- Set a Static IP Address: Domain controllers require static IP addresses to ensure reliable connectivity.
- Update System & Security Patches: Apply the latest updates and patches for enhanced security and stability.
- Rename the Server (If Necessary): A proper naming convention helps in easier identification and management.
- Install Active Directory Domain Services (AD DS): The AD DS role must be installed before promoting a DC.
Promote a Server to Domain Controller
I’m going to share the instructions that you must follow in order to successfully promote the server to a domain controller.
Step 1: Install the AD DS Role
To install the Active Directory Domain Services role, follow these steps:
- Open Server Manager.
- Click on Add roles and features.
- In the Add Roles and Features Wizard, select Role-based or feature-based installation.
- Choose the server you want to promote.
- Select Active Directory Domain Services and click Next.
- Follow the prompts to complete the installation.
Step 2: Promote the Server to a Domain Controller
Once the AD DS role is installed, follow these steps to promote the server:
- After installing AD DS, click on the Notification flag in Server Manager and select Promote this server to a domain controller.
- In the Deployment Configuration window:
- Choose Add a new forest if you’re creating a new domain.
- Select Add a domain controller to an existing domain if you’re adding a DC to an existing domain.
- Provide the necessary details, such as the domain name and credentials.
- Configure the Domain Controller Options, including DNS and Global Catalog settings.
- Set the Directory Services Restore Mode (DSRM) password.
- Review the Prerequisites Check and resolve any issues if prompted.
- Click Install to promote the server to a domain controller.
Step 3: Configure Domain Controller Options
- Specify Domain Controller Capabilities:
- Domain Name System (DNS) Server if the DC will also act as a DNS server
- Global Catalog (GC): Helps in faster user authentication and object searching.
- Read Only Domain Controller (RODC): If setting up a read-only domain controller for security purposes.
- Set Directory Services Restore Mode (DSRM) Password:
- This password is required for recovering the AD database.
- Replicate from an Existing DC (if applicable).
Verify the Promotion
- After the server reboots, log in and open Server Manager.
- Navigate to Tools > Active Directory Users and Computers.
- Verify that the new domain controller appears in the list of domain controllers.
Post-Promotion Steps
After promoting the server to a domain controller:
- Verify the Installation: Use the
dcdiag
command to test the DC’s health. - Check Replication: Run
repadmin /replsummary
to ensure proper synchronization. - Create & Manage User Accounts: Use the Active Directory Users and Computers (ADUC) console.
- Set Group Policies: Apply security policies using the Group Policy Management console.
Conclusion
Promoting a domain controller is a fundamental task for IT professionals managing Active Directory environments. By following this step-by-step guide, you can ensure a smooth and successful promotion process. Remember to plan carefully, follow best practices, and verify your configuration to avoid common pitfalls.