In an Active Directory infrastructure, you need at least 1 different domain controller per domain to be managed.
To add a domain to an Active Directory infrastructure, you must therefore install a new domain controller using the "Active Directory Domain Services" role.
Once the "Active Directory Domain Services" role is installed, click on the "Promote this server to a domain controller" link.
To add a new domain to an existing forest, select "Add a new domain to an existing forest" and click the "Select" button.
Specify the credentials of an account authorized to join this server to the desired parent domain.
Select the desired parent domain and click OK.
The parent domain and credentials appear automatically.
For the type of domain, you have the choice between :
Source : Deployment Configuration
In our case, we select "Child Domain" and we click on Next.
When you create an Active Directory subdomain, you have the option of choosing a lower functional level than the forest if you want to support older versions of Windows Server (if that is your case).
In our case, we only have servers on Windows Server 2016, so we leave the default.
For explanations of the other options available here, refer to our tutorial : Create an Active Directory domain controller on Windows Server 2016.
As explained in our "The basics of Active Directory Domain Services (AD DS)" article, a trust relationship is automatically created between the child domain and the parent domain when you add a new domain to an existing forest.
The wizard therefore also automatically creates a delegation at DNS level.
The wizard generates a NETBIOS domain name based on the name of the subdomain.
So, in our case : WEB.
As usual, you have the option of changing the location of the various folders for the database, log files, and SYSVOL folder of your domain controller.
A summary is displayed indicating that the new "web" domain will be a child of "informatiweb.lan".
Wait while checking the system requirements.
Once the verification is complete, click Install.
Wait while the domain controller is installed.
After the domain controller is installed, the server will restart.
Log in as the administrator of the subdomain ("web" in our case).
As you can see, this domain controller (dc2) is a member of the "web" subdomain of our "informatiweb.lan" domain.
As explained in our "The basics of Active Directory Domain Services (AD DS)" article, a trust relationship is automatically created between the subdomain and its parent.
To check this, open the "Active Directory Domains and Trusts" console.
If you right-click "Properties" on the parent domain ("informatiweb.lan" in our case), you will see that a two-way (outgoing + inbound) trust relationship of the "transitive" type has automatically been created with the "web" sub-domain that we have just created.
In the properties of the subdomain you just created ("web" in our case), you will see the corresponding trust relationship.
Since the DNS zone of the subdomain is not on the same server as the DNS zone of the parent domain, a DNS delegation was automatically created.
Indeed, as you can see, the "web" folder which corresponds to this subdomain has a gray icon which indicates that the management of this subdomain is delegated to another DNS server.
If you view the properties of this "web" subdomain, you will see that the specified name server is your new domain controller.
And on your new domain controller, you will find the DNS zone for your subdomain.
Windows Server 4/3/2021
Windows Server 8/8/2012
Windows Server 1/9/2013
Windows Server 9/22/2017
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2020 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.