How to Install a Secondary Domain Controller in Active Directory.

This tutorial contains steps by step instructions on how to add a Secondary Domain Controller on a Active Directory Domain environment.

Adding a secondary domain controller is a critical security measure, because if for some reason the Primary Domain Controller fails (PDC), essential tasks will be interrupted making it impossible to work for many hours. Additionally, a secondary domain controller reduces the workload of the primary domain controller, improving performance and responsiveness.

In this guide you'll learn how to add a second Domain Controller to an existing domain running on a Windows Server 2016 or 2019.

How to Add a Second Domain Controller.

Step 1. Prepare a Windows Server to Become a 2nd Domain Controller.

At first, on the Windows Server 2016/2019 computer that you want to promote to a secondary domain controller, do the following:

1. Set its Computer Name.

2. Set a Static IP address and point the DNS address to the IP address of the existing domain controller.

3. Ensure that the Date and Time is correct.

4. Join the new Windows Server to the Domain.

Step 2. Install Active Directory Domain Services.

1. Open the Server Manager and click Add roles and features.

2. Click Next at the first screen.

2. In the 'Installation type' options, leave selected the Role-based or feature installation and click Next.

3. In the 'Select destination server' options, choose Select a server from the server pool, then ensure that selected server is the machine you working on and click Next.

4a. On the "Select server roles' options, select the Active Directory Domain Services and then…

4b. …click Add Features.

4c. Then, click Next to proceed.

5. On 'Select features' page, click Next.

6. On the "AD DS" information page, click Next.

7. Click Install to start the installation of the selected roles and features.

8. Now wait the installation to complete and when its done, click Close.

Step 3. Promote the Windows Server to Domain controller.

1. In Server Manager, click on the yellow exclamation mark on the top and click Promote this server to a domain controller.

2. In Deployment Configuration:

1. 1. Choose Add a domain controller to an existing domain.
   2. Make sure the existing domain name is correctly recognized below.
   3. Click Next.

3. In Domain Controller Options, do the following and then click Next:

1. 1. Check the Domain Name System (DNS) server
   2. Check the Global Catalog (GC)
   3. Type and confirm the domain Administrator password.

4. In the DNS options screen, ignore the error message "A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found" and click Next.

5. In Additional Options page, you can either select "Any Domain Controller" if you have more one domain controllers on the network, or use the drop-down menu and select a specific domain controller to replicate from. Then click Next

6. In the Paths page, leave the defaults paths and click Next.

7. Click Next on the Review Options page.

8. At the next screen, ensure that all the prerequisites are passed successfully and click Install.

9. Wait for the installation to complete and then let the server to restart.

Step 4. Verify the Functionality of the Secondary Domain Controller.

After the restart, the server will have become a secondary domain controller. To verify it, do the following on the new DC:

1. Open Server Manager > Active Directory Users and Computers and check if the domain users and computers appear in the corresponding groups.

2. Then, open the DNS Manager and verify that the Forward & Reverse Lookup Zones entries have been updated from the primary domain controller.

3. Open PowerShell and issue the following command to verify that no errors occurred during replication:

• repadmin /replsummary

Step 5. Configure DNS Server settings on Domain Controllers.

After verifying that the replication is successful, then change the DNS settings on each server so that each one points to the other.

For example, lets assume that the 1st Domain Controller has the IP "192.168.1.10" and the second one the IP "19.168.1.11". In this case, this is how the DNS settings on each server should be.

That’s it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free:

• Author
• Recent Posts

Konstantinos Tsoukalas

Konstantinos is the founder and administrator of Wintips.org. Since 1995 he works and provides IT support as a computer and network expert to individuals and large companies. He is specialized in solving problems related to Windows or other Microsoft products (Windows Server, Office, Microsoft 365, etc.).

Latest posts by Konstantinos Tsoukalas (see all)

• FIX: Device encryption is temporarily suspended and does not resume after the computer restarts (Windows 11). - May 5, 2026
• How to Install Chrome or any 'Line of Business' app on Intune Enrolled Windows Devices. - April 29, 2026
• How to Create a DDM Update Policy for iOS Devices in Intune. - April 23, 2026