Scribd
Upload
9 views

New DC Post Docu

The document provides steps to install a new Windows Server 2019 domain controller into an existing Active Directory domain. It details prerequisites, preparation such as health checks, installation steps like joining the domain and promoting the server, and verification of the new domain controller through replication checks and user object replication.

Uploaded by

p.rasmijn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views

New DC Post Docu

The document provides steps to install a new Windows Server 2019 domain controller into an existing Active Directory domain. It details prerequisites, preparation such as health checks, installation steps like joining the domain and promoting the server, and verification of the new domain controller through replication checks and user object replication.

Uploaded by

p.rasmijn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

New Windows Server 2019 Domain Controller at POST

ARUBA NV
Table of Contents

1. Introduction

2. Prerequisites

3. Preparation

o 3.1 Health Check


o 3.2 Replication Check (Optional)
o 3.3 Identify FSMO Roles (Optional)

4. Installation

o 4.1 Join the Domain


o 4.2 Install Active Directory Domain Services (AD DS)

5. Promotion

o 5.1 Promote to Domain Controller

6. Verification

o 6.1 Logon
o 6.2 Verify Replication

7. Additional Considerations

o 7.1 FSMO Roles (Optional)


o 7.2 DNS Configuration (if applicable)
o 7.3 Security

8. Resources
1. Introduction

This guide details the steps for installing a new Windows Server 2019 Domain Controller (DC)
into an existing Active Directory domain. A Domain Controller authenticates users and manages
access to network resources in a Windows domain environment.

2. Prerequisites

Before proceeding, ensure you meet the following requirements:

 A functional Windows Server domain with a minimum functional level of Windows


Server 2008 (Verify with Netdom query domain /domainlevel in Command Prompt).
 The domain must utilize DFS-R for SYSVOL replication.
 A new Windows Server 2019 member server added to the existing domain.
 Administrative credentials for the domain.
 It is highly recommended to have a backup of all existing Domain Controllers.

3. Preparation

3.1 Health Check

It's crucial to ensure the health of your existing domain environment. Open Command Prompt as
administrator on a current Domain Controller and perform the following checks:

 DC Consistency: Type Dcdiag /v and press Enter. Review the output for any errors.
 Replication Health (Optional):
o Type repadmin /showrepl and press Enter to view replication connections
between DCs.
o Type repadmin /replsum and press Enter for a replication health summary.
o Ensure all replication is functioning correctly.

3.2 Replication Check (Optional)

This step is optional, but recommended. It verifies Active Directory replication functionality.

3.3 Identify FSMO Roles (Optional)


Knowing which Domain Controller holds the Flexible Single Master Operation (FSMO) roles is
helpful for future management. Use the Active Directory Users and Computers console to
identify these roles:

1. Open the console.


2. Right-click on the domain name and select "Operations Master Roles".
3. This window displays the DC currently holding each FSMO role.

4. Installation

4.1 Join the Domain

1. On the new Windows Server 2019 member server, open Settings > System > About.
2. Click on "Join a domain or Azure AD".
3. Enter the domain name and credentials for a domain administrator account.
4. The server will join the domain.

4.2 Install Active Directory Domain Services (AD DS)

1. Open Server Manager on the new server.


2. Click on "Add roles and features".
3. Select "Role-based or feature-based installation" and click "Next".
4. Choose the server from the server pool and click "Next".
5. Under "Server Roles", check the box for "Active Directory Domain Services".
6. Click "Next" through several screens to confirm feature selections.
7. Optionally, under "Installation options", you can select "Add DNS Server" to install the
DNS Server role on this DC.
8. Click "Next" to begin the installation. The server may reboot during this process.

5. Promotion

5.1 Promote to Domain Controller

1. Once the installation completes, the AD DS Configuration Wizard will launch


automatically.
2. On the "Deployment Configuration" page, select "Add a domain controller to an existing
domain".
3. Provide the domain administrator credentials and click "Next".
4. Choose the container (usually the domain root) to place the new DC object in Active
Directory.
5. Review the configuration summary and click "Next" to begin promotion.
6. The server will reboot one or more times during the promotion process.

6. Verification
6.1 Logon

After the server reboots, sign in to the newly promoted DC using domain administrator
credentials.

6.2 Verify Replication

There are two main ways to verify replication on the newly promoted Domain Controller (DC)
and ensure it's successfully syncing with other DCs in your domain:

1. Using the Active Directory Users and Computers Console:

 This method offers a quick verification but doesn't provide detailed information.

1. Open the Active Directory Users and Computers console on the new DC.
2. Create a new test user object (e.g., "TestUser_Replication").
3. Wait a few minutes to allow replication to occur.
4. Log on to another existing Domain Controller in your domain.
5. Open the Active Directory Users and Computers console on this existing DC.
6. Search for the test user ("TestUser_Replication") you created on the new DC.

 If the test user is present and has the same attributes on both DCs, replication is likely
functioning correctly.

2. Using the Repadmin Tool (Recommended):

Repadmin is a command-line tool that provides detailed information about Active Directory
replication. It offers a more comprehensive verification approach.

1. Open Command Prompt as administrator on the new DC.


2. Type the following command and press Enter:

repadmin /replsummary

 This command displays a summary of replication between the new DC and its replication
partners, including:
o The source DC (where the data originated)
o The destination DC (where the data was replicated)
o The last successful replication time
o The percentage of successful replication attempts
 Look for any errors or warnings in the output. Ideally, you should see successful
replication with a 100% success rate for all replication partners.

Here are some additional Repadmin commands you can use for further verification:
 repadmin /showrepl <source DC name> <destination DC name>: This shows
detailed information about replication between two specific DCs.
 repadmin /queue <source DC name> <destination DC name>: This displays any
queued replication requests, which could indicate replication delays.

Demoting existing Domain Controllers


1. Open Server Manager on the DC you want to demote.
2. Navigate to Manage > Remove Roles and Features.
3. Click Next on the initial screen.
4. Select Server selection and choose the target DC. Click Next.
5. Uncheck the box next to Active Directory Domain Services. This will prompt a
confirmation dialog.
6. Review the removal options carefully:
o Remove Active Directory Domain Services and AD DS features: This is the
recommended option for complete decommissioning.
o Leave AD DS features installed: Choose this if you plan to use the server for
Active Directory management tools after demotion.
7. Click Next.
8. On the Confirmation page, review the summary and click Remove.
9. The server manager will perform the demotion process. Once finished, click Close.

Additional Steps (if applicable):

 Remove from Active Directory Sites and Services:


1. Open Active Directory Sites and Services on another DC.
2. Locate the demoted server in the console tree.
3. Right-click the server and choose Delete.
 Remove from DNS (if the DC hosted DNS role):
1. Open DNS Manager on another DC.
2. Expand Forward Lookup Zones and locate your domain.
3. Right-click the domain name and select Properties.
4. Go to the Name Servers tab.
5. Select the demoted server and click Remove.

You might also like