Deploy a child domain - Windows Server Tutorial

- [Instructor] In Active Directory Domain Services, when it's time to branch out beyond our single forest root domain, we have to determine what type of new domain we're going to create. Now, if it's going to be a security boundary, we might create another forest. Or if there's a name space issue, then we might create a new tree. But sometimes, we just need a new administrative unit. And in that case, we create a child domain. And that's what I want to show you how to do here. So, if we look at my environment, you'll see I have a number of machines here. There's only two that have been fully configured, and they are DC-1 and DC-2. They are the two domain controllers that are running the landonhotel.local domain. Now, you'll notice that there is a machine I have right at the top here called Child-DC. But I want you to know that's simply a name right now. It's not a domain controller, it's just Windows Server 2019. Ready to be promoted to a domain controller of this new child domain. Let's connect now. Here in the server manager, I'd like to show you that I've already gone through the Add roles and features wizard to add Active Directory Domain Services. And you can tell that up here, because it says we need to promote this server to a domain controller. Okay, real fast before I do that, I also want to show you, if I click on Configure this local server, I want to show you that this machine has been named Child-DC and is already a member of the domain landonhotel.local. And, the only real significance to that, is making sure that you know that the IP configuration is one that is setup to be able to already communicate with the landonhotel.local domain. So, I'm going to click here on the Notifications and say I want to promote to a domain controller. Now, from there we don't want to Add a domain to an existing domain, we do want to Add a new domain to an existing forest. Now, from there we choose what type of domain. Do we want to be a Child Domain, or a Tree Domain? And again, this is going to be a Child Domain. So, we need to give the name of the Parent, and it is landonhotel.local. The new domain name, I'm just going to keep this simple, and just name it child, okay? So, it'll be child.landonhotel.local. And then, as far as the credentials, I'm already logged in as the LANDONHOTEL\administrator. If I wasn't, I could click on Change to change them here. Now, I click Next, and here, I need to determine do I want to a DNS server, a Global Catalog server, and I cannot be a Read Only domain controller, and the reason why is because this is going to be the first domain controller in a new domain. So, it cannot be Read Only. I do recommend that the first domain controller in any domain be a DNS server and a Global Catalog server. So, I'm going to leave those alone. All I'm going to do on this screen is basically put in a Directory Services Restore Mode password. Have to make sure I enter it the same way twice here. Click Next. I am going to create a DNS delegation up to LANDONHOTEL, right? So, there's going to be a delegation created in landonhotel.local for this new domain called CHILD, and again I could change the credentials if I needed to. But, I'm logged in as Administrator, so I will not. I'll click Next. Now, it's going to verify that the NetBios name that's going to be assigned to this domain has not been used anywhere else. And, in just a moment it'll pop up, and it should say CHILD, right? 'Cause it's just the simple name. There it is, CHILD. I'll click Next. From here, I specify the location of the database, and log files. I'll take the default, I only have one hard drive. So, I'll click Next. And, here's kind of a review. I'll click Next to that, and it's going through to make sure the prerequisites are all in place to be allowed to promote this to a domain controller. You may notice that a lot of this is very similar to any domain controller installation. And at this point, you'll see that the prerequisites have passed successfully. We get the warning like we do on pretty much any domain controller. It has to do with old NT 4.0. But, at this point I'm just going to simply click Install. Now, this is going to go through, and you'll see the same warnings come up on the screen, but basically it's going to go through the process of promoting this machine to a domain controller, a global catalog server, a DNS server, and everything that goes with it. I also want to point out that this process is pretty much the same as any other domain controller promotion, other than some of the selections to tell it well we want to be a child domain controller for a new domain. And we have to point to who the parent is. So, from this point on, pretty much everything's going to be the same. It's going to through its processes, it's going to reboot, and when it comes back up, we just simply log back in, and we are a child domain controller. And, that's how you create a new child domain controller in your forest.