There are times when you need to separate or delegate some parts of your Active Directory infrastructure, and the best way in those cases is to simply create a new child domain in the existing AD forest. This way you don’t have to create trusts between the two domains; trusts are created automatically and are created in a two-way direction, meaning domain A automatically trusts domain B, and vice versa.
Before going into the topic let’s learn something about the Latest Release of Windows Server 2016
Why Add a Child Domain?
- Less Network Traffic between your main office and the new one
- You will be able to delegate control of the new network to another administrator who actually lives in the location of the new office.
- The child domain will allow you to keep track what is going on in a specific Location.
Before You Begin:
1. In order to create a child domain on your network, you will need another server, or rather a Domain Controller.
You can build that DC in your main office and then ship it out to the new office. This DC will also be a Global Catalog as well as DNS Server to assist all the clients in the new office with any DNS requests, etc.
2. You also need to prepare your current network for the new sub domain. So before you begin with the new DC configuration you need to do the following:
- Create a new site in your Active Directory that will represent the physical structure of your network. In my example our main office is in India and the new one is in Amsterdam. Based on that info, you would create a new site for the Amsterdam office.
- In addition to the new site you will also need to Create a new subnet for your new location. It will allow you to track all of your machines by location. This new subnet should be assigned to your new location.
Once you prepare your network as mentioned above, we are now ready to create a new Domain Controller.
After you have installed Windows Server 2008 on your new machine and completed all the Initial Configuration Tasks, open up Server Manager and click on the Roles section.
We will need to install the Active Directory Domain Services (ADDS) Role first. So go ahead and check the box next to it and click Next and proceed further.
Review the confirmation and click on “Next”
Review the installation confirmation and click on “Next”
It will take few minutes to complete and when it’s done you will get this confirmation. And then click on “Close”
I assume you have a proper VPN connection between the two locations, and both servers can communicate. Now we can start creating the child domain in the branch office. Do a Start > Run > dcpromo and click OK.
The Active Directory Domain Services Installation Wizard will start, either enable the checkbox beside Use Advanced mode installation and Click Next , or keep it unselected and click on Next
The Operating System Compatibility page will be displayed, take a moment to read it and click Next
Since this is going to be your child domain, make sure you select the Existing forest option and then select Create a new domain in an existing forest.
When ready, click on the Next button.
Type in your domain name with the correct internet suffix. In my example I’m are using our DoubtsClear.com domain.
Since this domain already exists and you are logged in to this machine only as a local administrator you will also need to enter alternate credentials of a domain administrator in order to proceed.
So go ahead and click on the Set button.
Enter the domain administrator’s name and password, then hit OK
When ready, click on Next.
In this step you will need to enter the Fully Qualified Domain Name (FQDN) of your child domain in two steps.
The first is the FQDN of your parent domain. In our example it is going to be DoubtsClear.com.
Next you need to enter the single-label DNS name of your child domain — that means anything that is before the DoubtsClear.com.
In my example I entered cdc for cdc.globomantics.com — as seen on the bottom.
That will be our FQDN for the new child domain. Once ready, click on the Next button.
Now it’s time to select a site for this DC.
Now you see why we needed to create the new site before we started this installation. Select the correct site and click Next.
As mentioned earlier we are going to make this DC be our DNS server as well as Global catalog for our new site.
Make sure both check-marks are checked and then click on the Next button.
I would recommend leaving the default locations for these databases unless you have a really good reason not to. Click Next.
In this windows you will need to setup the Directory Services Restore Mode Administrative Password for restore purposes.
Go ahead and type that in and then click on the Next button.
On this summary window double check your selections and when ready click Next.
You can check the box Reboot on completion and let the installation complete.
- How to Install Active Directory on Windows Server 2008
- How To Create Additional Domain Controller (ADC) In Windows Server 2008
- Steps for Deploying & Installing an Read-Only Domain Controller (RODC)
Congratulations! Your Child Domain has been created!
Hope This tutorial help you Guys.. Please Don’t forget to leave your comment.