• Deploy a read-only AD controller (RODC)
• Deploy an AD controller from IFM support

To ensure the availability of your Active Directory domain, Microsoft recommends installing at least 2 Active Directory domain controllers per domain.
Creating a second domain controller for an existing domain also makes it possible to physically move a domain controller closer to where your users are located in the event that your Active Directory infrastructure spans multiple cities or different countries.

Currently, we have a domain controller for "informatiweb.lan" our domain.

Here is the network configuration used for this tutorial.
So, that the 2nd server (DC2) can find your Active Directory domain and get a copy of the configuration of this domain, make sure to add the IP address of your 1st domain controller as the primary DNS server on your 2nd server.

Then, on your 2nd server, launch the Add Roles and Features Wizard.

Install the "Active Directory Domain Services" role.

Once the "Active Directory Domain Services" role is installed, click on the "Promote this server to a domain controller" link.

Select "Add a domain controller to an existing domain", then click the "Select" button.

Specify the credentials of the Administrator account of the domain you wish to replicate on your 2nd server (DC2 in our case).
Note that you must prefix the username with the NETBIOS name of the domain to join or by using the "[username]@[domain name]" notation for this to work.

Select your domain from the list.

The selected domain appears in the wizard, as well as the name of the account used to join the domain.

As when creating the 1st domain controller, you can activate or not different options :

• Domain Name System (DNS) server
• Global Catalog (GC)
• Read-only domain controller (RODC)

When you install a second domain controller in an environment where its security cannot be ensured, it's strongly recommended that you install it as read-only (RODC).
However, this is part of another tutorial, so we will not be checking this box in this tutorial.

In our case, we have only one Active Directory site.
However, when you are a multinational, you may have users in several cities or in several countries. In this case, creating an additional domain controller for an existing domain can reduce the response time for your users by physically bringing it closer.

For more information about the options available here, refer to our tutorial : Create an Active Directory domain controller on Windows Server 2016

As when creating the 1st domain controller, a warning is displayed concerning the DNS delegation for the parent zone.
In summary, this is not possible, since the parent zone (".lan" in our case) doesn't exist and is therefore not managed by a server on Windows Server.

Since we are adding a domain controller to an existing domain, we need to replicate the data from an existing domain controller.
In our case, there is only one, so this choice does not matter.

The wizard offers you to choose where to store the different folders of the Active Directory.

A summary is displayed indicating in particular from which source domain controller the data will be replicated.
Click on Next.

Wait while checking the system requirements.

Once the checks are complete, click Install.

Note : you can ignore these warnings because we are not using a server on Windows NT 4.0 and the parent zone ".lan" doesn't exist. Therefore, the creation of the optional DNS delegation cannot be created.

Wait while this new Active Directory domain controller is installed.

As expected, the wizard will replicate the data from the domain controller previously selected as the source.

After installation and replication is complete, the server will restart.

Log in with the domain administrator account.

If you open the "Active Directory Users and Computers" console, you will see that your 2nd server (DC2 in our case) is now a domain controller.

So that your client PCs can still connect even if the 1st domain controller (DC1) fails, be sure to also add the IP address of the second domain controller (DC2) in the network configuration of your client PCs.