Finally the help of IT is here

Blog of computer solutions.

Create secondary domain controller running Windows Server 2008 R2 x64

Written by Xaus Xavier Nadal on December 4th, 2009


DCPromo is the tool to promote a server to Domain Controller, ie make a server that is not domain controller is.

In the installation itself may decide whether to create a separate domain, be part of an existing domain, etc ...

In our case what we do is an installation of a domain controller to become part of an existing domain called

We will ensure that connectivity to other domain controllers in the network is satisfactory. As in this case the domain controller will belong to an existing domain we will introduce what he previously making the connection test and we have done.

To promote a domain controller with Windows Server 2008 we must first prepare the forest and domain as long as the domain functional level is not Windows mixed 2000 (Remember that this functional level is only valid in the case that still dispongáis driver NT Server domain).

You can follow this article: Prepare forest and domain to domain controllers Windows Server 2008 R2.

When we have the steps in the previous article carried proceed to install the server with Windows Server 2008. You can follow this article but without the passage of sysprep (since there will be a base): Installing Windows Server Std 2008 R2 X64 step by step to use BASE.

Now that we have a clean server Windows Server 2008 with the latest patches, the forest and domain preparations proceed to make the first settings to prepare the server for a promotion to domain controller.

As promised so you can plan spaces ...:

The space available after installation:


Steps to follow:

Set up a fixed ip.

Configure a name server.

Enter the server in the domain.

Now run dcpromo from Start -> Run -> dcpromo.



click on Next. (Advanced mode only serve us if you want to install the domain controller via a backup, in case you want to modify the default generated NETBIOS name or to select a different source domain controller).


click on Next. (This message warns that the authentication algorithm that was used in the past on Windows NT is no longer supported and if a Windows NT 4.0 computer tries to use the NETLOGON service to establish a secure channel to a domain controller based on Windows Server 2008, the operation may fail) you can find more information here:


We mark Existing forest y Add a domain controller to an existing domain and click on Next. (Like us what we want here is to have a child domain controller in an existing domain this is the option we choose). In future articles and create a domain in another forest apart to show you how to trust relationships, etc ...


click on Set to provide a user with sufficient permissions so you can make promotion to domain controller. (Must be a domain administrator).


click on OK.


press sobe Next.


Select the domain and click on Next.

In case your domain is not ready for RODC will receive the following message:


If you have intention to make a domain controller for reading I recommend realizéis the adprep / rodcprep before continu
ar. You can look at the item Prepare forest and domain to domain controllers Windows Server 2008 R2. Otherwise click on And it is to continue.


Select the site will be located where our domain controller and click on Next.


We leave the DNS settings and GlobalCatalog marked. (It never hurts a DNS 3er in the organization and other Global Catalog where users can make their requests, although in the case that we have domain controllers 2 which houses the role of Infrastructure Master should not be as comprehensive catalog can be problematic and is not recommended unless all domain controllers in the organization are also global catalog).

The option Read only domain controller (RODC) is not marked and we have at least one domain controller running Windows Server 2008 installed.

click on Next.


click on And it is.


To improve performance I / O is recommended to host the database and log files in a different unit than the SYSVOL.

click on Next.


This password will be required in case we need to go into Active Directory Restore mode. Write down a safe and remember-the sets as only once and not again request password under any circumstances. Only when it is needed most do in a disaster recovery.

We write the password and ulsamos on Next.


Data check that you are correct and just click on Next. In case you want to save this setting for a response file click on Export settings.


When installation is complete: (Not taking too long)


click on Finish (We note that the message there is no error).


click on restart Now.

Upon entering we again ask for a username and password (Remember that we can no longer be entering local domain controller) so we enter a domain user. Of course (Domain Administrator).

Well, that's all for today.

I hope you have been helpful and the next MegaCracks.

Related Posts Plugin for WordPress, Blogger ...
Tags: , , , , , , , , , , , ,

7 Responses to "Creating secondary domain controller running Windows Server 2008 R2 x64"

  1. jhen Says:

    hello very nice theme but I have a hard time trying to create a user in the subdomain to only have contact with the bone subdomain when turn off the domain to continue running my client user or bone I can not create a client (view) only link to the subdomain
    I hope you can help me thanks .....

  2. xavixaus Says:

    Good jhen.

    Sorry to tell you but do not understand what you're saying.

    Want to create a user on a subdomain and then deleting the domain to keep it running?

  3. jhen Says:

    I'm sorry if I was not exactly clear .... that was trying to say please can you help me thanks and God bless him

  4. Diego Says:

    I made a small correction.
    In this documentation you ask the option to leave DNS and Global catalog labeled in the same process as the controller Promotion Domino server. I do not recommend leaving these roles activated in this process. It would arise mostly with DNS services. It is advisable to promote the server and once it is validated that the AD is working properly there just add the DNS role and take global catalog functions. Waiting for DNS replication (if that is the AD-integrated zones) and validate the build process validation records and name resolution.

    These drawbacks are mainly in conditions where a structure is already generated AD. Not when it comes to AD almost cute in a laboratory situation.


  5. xavixaus Says:

    Good Diego, Thanks for the contribution but I disagree with your comment, in my case I have installed hundreds of domain controllers always have done with this procedure and have never had any problems, especially production environments. Always check the replication before the promotion and also check the event recorders detected and by solving any problems before the dcpromo.

    Greetings and see you soon.

  6. Diego Says:

    When you leave these options enabled global catalog and DNS. When you run DC promo. To start this by assigning a role (in this case DNS) which has not even replicated DNS zones within it. Thus errors in the event you will generate secure.

    Except, I did not find mentioned in the documentation. The order of assignment you are using DNS on the server I have to assume you're using as the primary DNS computer that has previously assigned the role of secondary DNS as newly promoted the same server, waiting for that to be successful replications relevant to later modify that order.

    In addition to this beyond the extension of the command you schedule the report as correct. Validation should be undertaken from the ADSIEdit to actually extended the scheme is properly. Since I have seen cases where the command reports correct operation when in reality it is implementing all the changes. And after a few days begin to apercer events whose recommendation is to restore from backup partition scheme.

    The same validation should be performed to see if the DNS zones are correctly loaded in the scheme.

    In mixed environments where you are still keeping domain controllers with w2003 w2008 as well generating a series of events that requires modification of permits for they do not bother with color rojito in the event viewer if I was recuredo for any topic encryption.


  7. Punk Says:

    Thank you very much! I came from pearls .. greetings

Leave a Reply

XHTML: You can use in Original tags: <a href="" title=""> <abbr title = ""> <acronym title = ""> <b> <blockquote cite = ""> <cite> <code> <del datetime = ""> <em> <i> <q cite = ""> <s> <strike> <strong>

GTranslate Your license is inactive or expired, please subscribe again!