Home Lab 6: Adding a Domain Controller

Posted byWirelessHoboPosted inHomeLab, Virtualization, Windows ServerTags:,

Recently, I have been fully consumed with both authentication and Intune-related projects for work. The 180-day activation timeout is about to happen on DC01 and other servers. Seems like a good time to test swing-style upgrades should I need to move to the latest version of Windows Server in the future.

I will stand up a new domain controller, make sure it has necessary software installed matching the original, swap FSMO roles, and then swap it to the same IP address as the original. From there, decommission the expiring server and move on with myriad of testing I do in my home lab.

  1. I followed the previous blog to get a new server, ADDC01, stood up. This server will replace DC01.
  2. Once stood up, join it to the domain. In this case I incremented the last octet of the IP address to 192.168.68.201 and pointed DNS at the current domain controller. Joined and rebooted.
  3. Following the domain controller blog entry without creating a new forest.
  4. Server Manager -> Manage -> Add Roles and Features. Apologies for the lack of screenshots, but they felt unnecessary for the majority of this part of the process.
    • Add Roles and Features Wizard.
    • Before you begin. Next.
    • Installation Type. Role-based or feature-based-installation. Next.
    • Server Selection. Take defaults. Next.
    • Server Roles. Check Active Directory Domain Services and DNS Server. Next.

    • Features. Next.
    • AD DS. Next.
    • DNS Server. Next.
    • Confirmation. Check Restart the destination server automatically if required. Install.
  5. Once installed, it is time to promote ADDC01 to a domain controller.
    • Click Promote this server to domain controller.
    • This time we are adding a domain controller to an existing domain.
    • Enter a DSRM password and accept the remaining defaults.
    • Nothing to delegate. Click Next and move on.
    • Replicate from DC01. The default is any DC, but I like to be a bit more specific and replicate from the server I am replacing.
    • Accept the default database locations.
    • Review the options, but for this basic setup, click Next.
    • We have a couple of warnings, but we accept the warnings and click Install.
    • After settings apply and you will need to log back in at some point.
  6. Check domain controller health. dcdiag, repadmin /showrepl, and repadmin replsummary are your best friends at this point. There are MANY explanations on how to manage DC’s in depth. For this simple setup, replsummary will do for me.

PS C:\Users\administrator> repadmin /replsummary
Replication Summary Start Time: 2023-08-18 19:19:27

Beginning data collection for replication summary, this may take awhile: .....


Source DSA          largest delta    fails/total %%   error
 DC01                      02m:00s    0 /   5    0


Destination DSA     largest delta    fails/total %%   error
 ADDC01                    02m:00s    0 /   5    0

Great! A new domain controller is setup. Now to tidy up a few things.

Start up Active Directory Sites and Services. Renamed the Default First Site Name to Homelab. Notice that DC01 automatically has replication to ADDC01.

Transfer Flexible Single Master Operation (FSMO) Roles. 

PS C:\Users\Administrator> Get-ADForest | ft DomainNamingMaster, SchemaMaster

DomainNamingMaster     SchemaMaster
------------------     ------------
DC01.WIRELESSHOBO.TEST DC01.WIRELESSHOBO.TEST


PS C:\Users\Administrator> Get-ADDomain | ft InfrastructureMaster, PDCEmulator, RIDMaster

InfrastructureMaster   PDCEmulator            RIDMaster
--------------------   -----------            ---------
DC01.WIRELESSHOBO.TEST DC01.WIRELESSHOBO.TEST DC01.WIRELESSHOBO.TEST

PS C:\Users\Administrator> Move-ADDirectoryServerOperationMasterRole -Identity "ADDC01" -OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster

Move Operation Master Role
Do you want to move role 'DomainNamingMaster' to server 'ADDC01.WIRELESSHOBO.TEST' ?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):

Move Operation Master Role
Do you want to move role 'PDCEmulator' to server 'ADDC01.WIRELESSHOBO.TEST' ?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):

Move Operation Master Role
Do you want to move role 'RIDMaster' to server 'ADDC01.WIRELESSHOBO.TEST' ?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):

Move Operation Master Role
Do you want to move role 'SchemaMaster' to server 'ADDC01.WIRELESSHOBO.TEST' ?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):

Move Operation Master Role
Do you want to move role 'InfrastructureMaster' to server 'ADDC01.WIRELESSHOBO.TEST' ?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):
PS C:\Users\Administrator> Get-ADForest | ft DomainNamingMaster, SchemaMaster

DomainNamingMaster       SchemaMaster
------------------       ------------
ADDC01.WIRELESSHOBO.TEST ADDC01.WIRELESSHOBO.TEST


PS C:\Users\Administrator> Get-ADDomain | ft InfrastructureMaster, PDCEmulator, RIDMaster

InfrastructureMaster     PDCEmulator              RIDMaster
--------------------     -----------              ---------
ADDC01.WIRELESSHOBO.TEST ADDC01.WIRELESSHOBO.TEST ADDC01.WIRELESSHOBO.TEST

Let’s do a quick DNS check as well. Checking the properties of the primary zone, it looks like our new DNS server has been added and pointing at the right IP address.

At this point, we have a new domain controller in the environment. Data is replicating appropriately. FSMO is on the new server. DNS seems to have added the new domain controller as well.

I had a recommendation to break up my articles/notes a bit. Next time, we will swap ADDC01’s and DC01’s IP addresses.

Leave a comment