Greetings, I'm Professor Kay. And in this short video presentation, we're going to see how we go about creating a replica domain controller in our server 2016 domain. Now this lab is optional. So if you want to do it, you'll have to create a new virtual install of server 2016 full desktop so that you can complete it. Is it important? Yes, it is important because we don't want to leave our force root out there hanging all by itself, without any way to recover the domain.

So to help us in this process, we create what's called a replica domain controller, which is an exact duplicate of our forest root. If the forest root goes down, we bring up the replica and we install all of the operation masters and anything else that we have to do to make it the New Forest route, you can have as many replica domain controllers as you want. Normally, we have at least one to help protect the network in case of the root domain controller does go down. With domain controllers, it's never a matter of if they're going to go down. It's just a matter of when. So you want to make sure that you have a way to recover.

And we do this by performing backups and having a replica ready to go. Now I've already configured this server 2016 full install, just as I would windows 10, or Server Core or any other machine that I need to join to the domain. So the first thing I have to do before I can promote this to a replica is get it inside of the domain. Now currently, this machine is called VC to have already configured the IP addresses. Let's take a look at that real quick. So I go up here.

Started my network adapter. I'm going to go to ipv4. And you'll see that I have given it the host IP of 12. And I imported it over to my DNS server, that configuring of your machines to join the network doesn't change regardless what else you're trying to install. If I'm doing windows 10, server 2012, server 2016, Windows eight, it makes no difference. The procedure for joining these machines to the domain remains constant and it does not change.

So to add a machine to a existing domain, I have to have a host IP that belongs to the networking portion where that domain resides. So my domain has a networking IP address of 192 dot 168 dot 145. I then have to assign it a host IP from the available range of IP IP addresses. Now to find the domain controller, we have to tell it where it can find a DNS server, I have a DNS server installed on the root DC for this domain. And the IP address that is to say, the networking IP address assigned to that domain controllers 192 dot 168 dot 145 10. So we're going to go ahead and say OK to that, say, OK to this, close this out.

Now we're back up to my Server Manager. Now remember, I can use Server Manager to join this machine to the network. Or I can use the system properties. But it's much easier if I just use what I have in front of me. So I'm just gonna double click this and that brings up the System Properties. And now I can use the change option that I have here.

I've already given a user friendly name of VC to now I need to join the domain. One thing that I forget To mention, you have to ensure that all your machines are in the same timezone. That's very important. That's because of the timestamps, that Kerberos and Active Directory are going to place on everything that they do, and communicating with your machines. So make sure they're all on the same timezone. And that your time on the clock is off no more than five minutes.

So I've typed in my sub domain name that I'm using for my domain, US cyber offense, Comm. I'm going to hit OK. And just a minute, it should pop up and ask me for my credentials, and now wants the domain administrator credentials, so that can join this machine to the domain. So I'm going to type in administrator and then I'll type in my domain administrator password. So I've got my information typed in correctly. Now, one word of warning. If you do not get this dialog box and you get an error message, make sure that you're networking today.

Adapters are configured correctly for this machine. Once I click OK, I'm then Welcome to the cyber offense comm domain. I'm going to say OK to that. Now, it's telling me that I must restart with the change to take effect. I'm going to say close. And now I'm going to restart.

My machine has rebooted, were back up, and I'm now ready to log on. But I need to make sure that I log on to the domain and not locally onto this server. So I'm going to make sure that I select other user, and then I sign on to cyber offense. So I got to type in cyber offense, backslash administrator, make sure things spell correctly. I'm gonna type in my administrator password for the domain. I'm gonna hit Enter.

And I'm now pulling down all the policies and user settings for the domain on this server. I now have a desktop Server Manager has completed loading up and it has refreshed I'm going to click on local server. And you'll see that this machine is now part of the cyber offense comm domain. Now that we have successfully joined our existing domain, we can now promote this server to a domain controller to be a replica. So what we're going to do is go up here to manage, and we're going to go to add Roles and Features. Here, we're just going to say next, we're going to say next.

And we got our machine properly selected, we're going to say next. And here we're going to select the role of Active Directory Domain Services. You can see everything that's going to be installed when we install the Active Directory Domain Services. So we can go ahead and say add features. We can click on Next. And we can go ahead and say next, and we can now click on Install.

Now this is just going to, again install the Active Directory Domain Services. We will promote this machine to be in a rep Click. When this part of the installation has completed, the Active Directory Domain Services have been successfully installed, we can now close out this wizard. And you'll see that we have that warning up here. So I'm going to go ahead and click on that. It tells me I need to promote this server to a domain controller.

I'm going to go ahead and use this link right here. And that's going to bring up the wizard that we need to use. Now we already have a new forest. So we're not going to go that route again, we're going to add a domain controller to an existing domain. That's where we're at. So the domain that we currently have is listed here.

And we have the credentials, we have everything we need. So I'm just going to go ahead and click on Next. Since this machine is going to be a replica of the forest root, it wants to install DNS and the global catalog server and that's fine. So I'm gonna go ahead and type in mine Recovery password for the directory service restore mode. So we're going to go ahead and click Next. Again, you can ignore the delegation for this DNS server cannot be created.

Not important, we're going to go ahead and say next, you can leave everything here on Check. It's already set for a default, and we can click Next. On this window, we can leave everything as is, and we can click Next. This is your final option. This is the script that's going to be created to promote this machine to a replica domain controller in our existing domain. I'm going to go ahead and click Next.

It's now going to run through the checks. Again, don't worry about these yellow triangle warnings. This is the one that you're concerned with up here where it says all reviser quits, checks pass successfully. We can go down here and now we can scroll. And we can see that that's also available here and we can click on Install We can ignore all these default warnings. They're just the default warnings that come with every install of server 2016.

And server 2012. And again, we talked about this delegation for this DNS server cannot be created. That's not important. It tells you right down here that you can ignore this. And it's going to automatically restart course, closes out. Our replica domain controller has rebooted and we're ready to do an input and a Control Alt Delete.

And now this machine is only going to allow me to log on as administrator to the domain. So I'm going to log on as administrator for cyber offense using my domain administrator account password. Server Manager has settled down, I'm at my desktop. Now I have my Server Manager in front of me on this new replica domain controller, and it's no different than any other domain controller on my network. For instance, I can go in here. And I can add to this Server Manager, DC one and Server Core and manage them from here, just as well as I can from DC one, and it's Server Manager.

So I've typed in Server Core, I'm going to moving on over here to the next window, I'm going to go ahead and add it. I'm now going to add another server, I will add DC one, I'll type in DC one tilt to find it. And there it is. I'll move this over. Now say OK to that. And if I go into all servers, you're going to see that I have DC one DC two and Server Core inside of my Server Manager on this rip replica.

So that regardless of which machine I'm on, I don't have to jump from this DC to DC one, just so that I can manage your machine remotely. I can do it here just as well. It tells me that my Server Core is not accessible at this time. That is correct. Because I have it powered down, you may be asking, so what happens if my root domain controller goes down, and it takes the DNS server with it? Well, having a replica also installs DNS.

So we see that my DNS server right here is actually a replica of my primary DNS server over on DC one. And that is because they are both Active Directory integrated, open this up, go to my zone here. If I right click, and I go to properties, you'll see that it says, Active Directory integrated now that's for both of these DNS servers. So you're seeing exact replica of what is on my DNS server over on VC one. So if DC one goes down, this machine will also so if DC one goes down, and I lose my DNS server, this replica, which is also Active Directory, integration Id will take over the role of providing DNS information for all the machines on the network. So now that I have this replica, and it has its own IP address of dot 12, well, then I could configure my DNS settings for everyone, all my devices on the network to have a Secondary DNS server pointing to 192 dot 168 dot 145 dot 12.

That will ensure that in the event that my DC one and my primary DNS goes down, my Secondary DNS server which is configured as dot 12, in their TCP IP settings will be present. That's going to conclude this short video presentation on how we go about creating a replica domain controller for our 2016 domain. So if you have any questions or you have any concerns about any of the information in this video or the lab, please don't hesitate to reach out and contact Your instructor and I'll see you in my next video.