How do I add a domain controller to my existing forest?
Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Upgrade domain controllers to a newer version of Windows Server
In this article
This article provides background information about Active Directory Domain Services in Windows Server and explains the process for upgrading domain controllers (DCs) from an earlier version of Windows Server. PrerequisitesThe recommended way to upgrade a domain is to promote new servers to DCs that run a newer version of Windows Server and demote the older DCs as needed. This method is preferable to upgrading the operating system of an existing DC, which is also known as an in-place upgrade. Follow these general steps before you promote a server to a DC that runs a newer version of Windows Server:
Installation actions and required administrative levelsThe following table provides a summary of the installation actions and the permissions requirements to accomplish these steps.
Supported in-place upgrade pathsOnly 64-bit version upgrades are supported. For more information about supported upgrade paths, see Supported upgrade paths. Adprep - forestprep and domainprepFor an in-place upgrade of an existing DC, you must run adprep /forestprep and adprep /domainprep manually. You need to run Adprep /forestprep only once in the forest for each newer version of Windows Server. Run Adprep /domainprep once in each domain in which you have DCs that you're upgrading for each newer version of Windows Server. If you're promoting a new server to a DC, you don't need to run these command-line tools manually. They're integrated into the PowerShell and Server Manager experiences. For more information on running adprep, see Running Adprep. Functional-level features and requirementsWindows Server 2019 or later requires a Windows Server 2008 forest functional level as a minimum. Windows Server 2016 requires a Windows Server 2003 forest functional level as a minimum. If the forest contains DCs running an older forest functional level than the operating system supports, the installation is blocked. Those DCs must be removed and the forest functional level raised to a version that's supported before you add newer Windows Server DCs to your forest. For more information about supported functional levels, see Forest and domain functional levels. Note No new forest or domain functional levels have been added since Windows Server 2016. Later operating system versions can and should be used for domain controllers. They use Windows Server 2016 as the most recent functional levels. Roll back functional levelsAfter you set the forest functional level to a certain value, you can't roll back or lower the forest functional level, with the following exceptions:
After you set the domain functional level to a certain value, you can't roll back or lower the domain functional level, with the following exceptions:
For more information about features available at each of the functional levels, see Forest and domain functional levels. Active Directory Domain Services interoperabilityActive Directory Domain Services isn't supported on the following Windows operating systems:
Active Directory Domain Services can't be installed on a server that also runs the following server roles or role services:
Administration of Windows ServerUse the Remote Server Administration Tools for Windows 10 or later to manage domain controllers and other servers that run Windows Server. You can run the Windows Server Remote Server Administration Tools on a computer that runs Windows 10 or later. Add a new domain controller with a newer version of Windows ServerThe following example shows how to upgrade the Contoso forest from a previous version of Windows Server to a later version.
Next steps
FeedbackSubmit and view feedback for How do I add a domain controller to the forest?Adding Domain Controller To Forest. Domain name of the Primary DC.. Administrator credentials of the Primary DC.. IP Address of the Primary DC.. (Both) Server communication required.. Static IP address with correct DNS on local Server.. How do I add a DC to an existing forest?On the Deployment Configuration screen, select Add a new domain to an existing forest and select Next. On the Domain Controller options screen, enter the Directory Services Restore Mode (DSRM) password and select Next. For the rest of the screens, select Next. On the Prerequisite Check screen, select Install.
How do I add a domain controller to an existing forest PowerShell?Add a New Domain in an Existing Forest in Windows Server 2016. Open PowerShell with elevated privileges.. Execute the following command. Install-windowsfeature AD-domain-services Install-AddsDomain -domaintype treedomain -parentdomainname yourdomain -newdomainname ourdomain.com -credential (Get-Credential). How many domain controllers can a forest have?Although it is possible to include an unlimited number of domains in a forest, for manageability we recommend that a forest include no more than 10 domains.
|