WinServer2025 – P15 Add a Second Domain Controller in Windows Server 2025 (ADC)

Running Active Directory with only one Domain Controller is a serious risk.
If your primary DC fails, users cannot log in, DNS may stop working, and authentication services will be interrupted.

Deploying a Second Domain Controller in Windows Server 2025 ensures redundancy, replication, and high availability for your domain environment.

In this guide, you will learn how to add an Additional Domain Controller (ADC), configure DHCP correctly, and verify replication between DCs.

1️⃣ Preparation

Before promoting the second server, ensure your infrastructure is ready.

🖥 Main Domain Controller

• DC-01

• IP: 192.168.16.186

🖥 Secondary Domain Controller (ADC)

• DC-02

• IP: 192.168.16.179

💻 Windows 10 Client

• IP: 192.168.16.134

Make sure:

• Network connectivity between servers is stable

• DNS is functioning correctly

• ADC can resolve the domain

2️⃣ Step 1 – Join Domain for ADC

Before promoting DC-02, it must first join the existing domain.

On DC-02:

• Configure correct DNS (point to DC-01)

• Join the server to the domain

• Restart if required

After reboot, confirm:

• The server is successfully joined

• Domain credentials can be used to log in

This ensures DC-02 can communicate with the existing domain infrastructure before promotion.

3️⃣ Step 2 – Promote ADC

Now promote DC-02 as a Second Domain Controller.

🔹 Add Role and Feature

On DC-02:

• Open Server Manager

• Add Roles and Features

• Install Active Directory Domain Services (AD DS)

After installation:

• Click “Promote this server to a domain controller”

• Choose “Add a domain controller to an existing domain”

• Select the correct domain

• Complete the wizard

The server will reboot automatically after promotion.

Once completed, DC-02 becomes an Additional Domain Controller (ADC).

4️⃣ Step 3 – Reconfigure DHCP Scope

After adding the Second Domain Controller, you must update DHCP settings to ensure redundancy at the DNS level.

Open DHCP configuration and modify the Scope options:

Add:

• DNS 1 → 192.168.16.186 (DC-01)

• DNS 2 → 192.168.16.179 (DC-02)

This ensures clients receive both Domain Controllers as DNS servers.

Why is this important?

Because DNS in Active Directory is tightly integrated with authentication and domain services.

If only one DNS server is provided and it fails, authentication may stop working.

5️⃣ Verify Replication Between DC-01 and DC-02

At this point, the two Domain Controllers should be synchronized automatically via Active Directory replication.

Test replication:

• Create a user on DC-02

• Wait for replication

After a short time, DC-01 should recognize the new user.

This confirms:

• AD replication is functioning

• Both DCs share the same directory database

• The domain is synchronized

Replication is automatic and multi-master in modern Active Directory environments.

6️⃣ High Availability Test – Simulate DC-01 Shutdown

To verify redundancy, simulate a failure scenario.

🔻 Shut down DC-01

Now test:

• Client login

• Authentication process

Result:

DC-02 can still authenticate client logins successfully.

This confirms your Second Domain Controller is functioning correctly and providing fault tolerance.

Even if the main DC fails:

• Users can log in

• Domain services continue

• Authentication remains operational

This is the core purpose of deploying an Additional Domain Controller.

Why You Must Deploy a Second Domain Controller

Operating with a single DC creates a single point of failure.

If that server:

• Crashes

• Experiences hardware failure

• Loses network connectivity

• Has corrupted AD database

Your entire domain becomes unavailable.

By deploying a Second Domain Controller:

• Authentication remains available

• DNS redundancy is ensured

• AD replication maintains data consistency

• Business continuity is preserved

In production environments, at least two Domain Controllers are considered best practice.

Architecture Overview After Deployment

After completing all steps:

• DC-01 and DC-02 replicate automatically

• DHCP distributes both DNS servers

• Clients can authenticate through either DC

• The domain is no longer dependent on a single server

This significantly increases reliability and stability.

✅ Conclusion

Adding a Second Domain Controller in Windows Server 2025 is a critical step toward building a resilient Active Directory infrastructure.

The process includes:

• Joining the server to the domain

• Installing AD DS

• Promoting it as ADC

• Updating DHCP DNS settings

• Verifying replication

• Testing failover

Once completed, your domain environment becomes fault-tolerant, synchronized, and production-ready.

For any real-world Active Directory deployment, configuring a Second Domain Controller is not optional — it is a foundational best practice for high availability and operational stability.