Table of Contents
Adding a Domain Controller (DC) is essential for managing users, devices, permissions, security policies, and authentication inside a Windows-based network.
Step 1: Set a Static IP Address
Before promoting the server, assign a permanent IP (never use DHCP for a DC).
Open PowerShell:
Get-NetAdapterSet IP:
New-NetIPAddress -InterfaceIndex 3 -IPAddress 192.168.1.10 -PrefixLength 24 -DefaultGateway 192.168.1.1Set DNS (points to itself):
Set-DnsClientServerAddress -InterfaceIndex 3 -ServerAddresses 192.168.1.10Step 2: Install Active Directory Domain Services (AD DS)
Open PowerShell:
Install-WindowsFeature AD-Domain-Services -IncludeManagementToolsOr via Server Manager:
-
Manage → Add Roles and Features
-
Enable Active Directory Domain Services
-
Accept required tools.
Step 3: Promote the Server to a Domain Controller
If this is a new domain:
Install-ADDSForest -DomainName "example.local"You will be prompted to:
-
Set Directory Services Restore Mode (DSRM) password
-
Confirm the installation
The server will reboot automatically.
Step 4: Join an Existing Domain (Alternative Scenario)
If you already have a domain and want to add another DC:
Install-ADDSDomainController -DomainName "example.local"The wizard will:
-
Replicate AD data
-
Configure DNS
-
Restart the server
Step 5: Verify Domain Controller Status
After reboot, check replication and AD health:
dcdiag /vCheck AD replication:
repadmin /replsummary
List DCs in the domain:
Get-ADDomainController -Filter *Step 6: Add Reverse Lookup Zone (Recommended)
Open DNS Manager → Reverse Lookup Zones → Create new zone.
Or via PowerShell:
Add-DnsServerPrimaryZone -NetworkId "192.168.1.0/24" -ReplicationScope "Domain"This helps correct name resolution for PTR records.
Step 7: Add Additional Administrator Accounts (Optional)
Use PowerShell to create admin accounts:
New-ADUser -Name "ITAdmin" -AccountPassword (Read-Host -AsSecureString "Password") -Enabled $true
Add-ADGroupMember "Domain Admins" ITAdminOptional Step: Create Organizational Units (OUs)
Keeping AD organized prevents future headaches.
New-ADOrganizationalUnit -Name "Servers" -Path "DC=example,DC=local"
New-ADOrganizationalUnit -Name "Users" -Path "DC=example,DC=local"Always create at least two Domain Controllers for redundancy. If one fails, authentication and DNS remain operational across the network.
