How to add a Backup Domain Controller to an existing Active Directory Domain

An Active Directory Domain with a unique Primary Domain Controller (PDC) is something that you should not rely on. A hardware failure can make your day a really bad one and, for this reason, Microsoft give us the possibility to add a (or more) Backup Domain Controller (BDC) to our domain.

The configuration is quite simple on Windows Server 2012 // R2, a much appreciated gift from Redmond.

First of all, add the Active Directory Domain Services role to our brand new server (that must be in the same local network – or VPN – of the Primary Domain Controller but outside the domain):

Now that Active Directory Domain Services are installed, open the network preferences and add the Primary Domain Controller as the primary DNS server (in our example 192.168.2.103 while the BDC IP is 192.168.2.104). Then restart the machine:

It’s time to configure the new Backup Domain Controller. Click Promote this server to a domain controller:

Check Add a domain controller to an existing domain then click Select:

Specify the credentials of the domain administrator:

Select the domain:

Specify a Directory Services Restore Mode password then click Next:

Click Next:

Select the Primary Domain Controller from the dropdown menu then click Next:

Default paths are fine. Click Next:

Click Next:

Windows Server will check if it’s all ok. Then click Install:

After a few minutes the Backup Domain Controller will be ready. Just restart the machine and remember to add the Backup Domain Controller IP as a secondary DNS server in your client machines: