The process to convert a member server to a domain controller (DC) – known as promotion – requires a number of inputs to complete the wizard. As Active Directory has evolved, additional steps/inputs have been added to the wizard, but, the process itself has undergone very little change. If you are coming to Windows Server 2012 or newer from a previous version of Active Directory, the most noticeable change is that the dcpromo tool dating to Windows 2000 is gone. In fact, if you try to run dcpromo on a Windows Server 2012 or newer server, you’ll receive a message similar to this:
Active Directory Domain Services Installer
The Active Directory Domain Services Installation Wizard is relocated in Server Manager. For more information, see http://go.microsoft.com/fwlink/?LinkId=220921
Instead of dcpromo, you’ll instead need to use the new Active Directory Domain Services Configuration Wizard that is accessible from Server Manager. Alternately, you can use Windows PowerShell to promote a domain controller as described here. To begin, you’ll need to install the Active Directory Domain Services (AD DS) server role.
- Open Server Manager and click Add roles and features.
- During the Installation Type step, choose Role-based or feature-based installation.
- In the Server Selection step, ensure the local server is selected.
- Select the Active Directory Domain Services role as shown below.
- In the Features step, accept the defaults. Windows will automatically add additional features that are necessary to support AD DS.
- Continue through the wizard to the Results step. Once the AD DS role installation completes, click the Promote this server to a domain controller link as highlighted below.
At this point in the process, you have installed the AD DS server role and launched the AD DS Configuration Wizard that will be used to promote the server to be a domain controller. The remaining steps will illustrate the process to add an additional Windows Server 2012 R2 domain controller to an existing domain. The member server that will be promoted has the following attributes:
- Domain – cohovines.com
- Site – Tokyo
- Read Only Domain Controller – No
- Global Catalog – Yes
- DNS Server – Yes
While the screenshots may vary slightly, the process is largely identical to prior versions of Windows Server.
- In the Deployment Configuration screen, specify the domain that the member server will become a domain controller for. You must also provide a set of Domain Admin credentials to complete the promotion process, as shown below.
- In the Domain Controller Options step, you should:
- Specify if the DC will run the DNS Server service, act as a Global Catalog, or function as a Read Only Domain Controller.
- Select the correct AD Site that the DC will be a member of.
- Provide a Directory Services Restore Mode (DSRM) password.
- Ignore the DNS Options step shown below and any warnings displayed. It is not relevant to adding a domain controller to an existing domain since it is assumed that you have a functional AD forest with working DNS prior to beginning this process.
- On the Additional Options step, you can specify the source domain controller to perform initial replication to this server if necessary.
- On the Paths step, you may need to modify where the AD DS database (ntds.dit file), transaction logs, or SYSVOL share are stored if your standards dictate. In many cases, accepting the defaults is OK.
- Take a moment to review your selections on the Review Options step prior to continuing. You can save a copy of the Windows PowerShell command to promote a domain controller with the options you selected by clicking View script, as shown below.
- The Prerequisites Checker will run and attempt to guarantee that the domain controller promotion will succeed. If there are any blocking issues, you will not be able to proceed until the issues are corrected. You may receive warnings about DNS zones, for example, as shown below that can typically be ignored.
- Click Install and then monitor the progress on the Results screen. The progress is subtletly updated at the top of the screen as highlighted below.
Whether you leave the AD DS Configuration Wizard open or close it, the server will automatically reboot when the promotion process is complete. Once the server reboots, it will be a member of the domain chosen at the beginning of the wizard and ready to begin functioning as a domain controller.