Server 2008 Active Directory: Adding a Child Domain
- select the contributor at the end of the page -
Unfortunately this is not always the case as expanding will usually mean more work for you.
But in case the company you work for opens up another office in a different city, state, or country, in order to keep your network manageable it's best to put the new office into its own child domain -- a.k.a sub domain.
Why Add a Child Domain?
There are several good reasons for splitting the new office into its own child domain, here are 3 of them:
- Less Network Traffic between your main office and the new one – that means your company will spend less money on the direct connection between the two offices and you will never experience a network delay.
- You will be able to delegate control of the new network to another administrator who actually lives in the location of the new office. If your offices are close and you are about 20 minutes away to any one of them, then I guess that's no big deal. But if your main office is located in New York and the new office is going to be in ... oh, let's say Paris, how the heck are you going to get there in case of an emergency? See my point?
- Having the child domain will allow you to keep track what is going on in a specific office.
These are only the main good reasons for creating a child domain. Once you start working in an environment with sub domains you will realize there are a lot more good reasons for splitting the two locations in your Active Directory.
Before you begin ...
1. In order to create a child domain on your network, you will need another server, or rather a Domain Controller.
You can build that DC in your main office and then ship it out to the new office. This DC will also be a Global Catalog as well as DNS Server to assist all the clients in the new office with any DNS requests, etc.
2. You also need to prepare your current network for the new sub domain. So before you begin with the new DC configuration you need to do the following:
- Create a new site in your Active Directory that will represent the physical structure of your network. In my example our main office is in New York and the new one is in Chicago. Based on that info, you would create a new site for the Chicago office.
- In addition to the new site you will also need to create a new subnet for your new location. It will allow you to track all of your machines by location. This new subnet should be assigned to your new location.
Once you prepare your network as mentioned above, we are now ready to create a new Domain Controller.
Creating a New Domain Controller
Once you have prepared your network for you child domain and have created the site and sub domain, it's time to install the new DC on our new site.
As you can see our main office is in New York and we have 3 DCs already configured in the New York Site (see the screenshot below).
Our new site called Chicago doesn't have any DCs configured yet –- this is where we are going to configure our new DC.
1. After you have installed Windows Server 2008 on your new machine and completed all the Initial Configuration Tasks, open up Server Manager and click on the Roles section.
2. We will need to install the Active Directory Domain Services (ADDS) Role first. So go ahead and check the box next to it and click Next.
3. In this window you will see some additional information about ADDS. Once ready, click on Next.
4. As always you are being informed that once the installation is completed the server will restart and you will need to use the ADDS Installation Wizard to make the server a fully functional Domain Controller.
Go ahead and click on the Install button.
5. The installation will now run for a few minutes.
6. Now it's time to click on the link and run dcpromo.exe.
7. Go ahead and click Next on the welcome screen.
8. And Next again (for more detailed information on this step you can check out this post on Installing Active Directory Domain Services on Server 2008).
9. Since this is going to be your child domain, make sure you select the Existing forest option and then select Create a new domain in an existing forest.
When ready, click on the Next button.
10. Type in your domain name with the correct internet suffix. In my example I'm are using our globomantics.com domain.
Since this domain already exists and you are logged in to this machine only as a local administrator you will also need to enter alternate credentials of a domain administrator in order to proceed.
So go ahead and click on the Set button.
11. Enter the domain administrator's name and password, then hit OK.
12. When ready, click on Next.
13. In this step you will need to enter the Fully Qualified Domain Name (FQDN) of your child domain in two steps.
The first is the FQDN of your parent domain. In our example it is going to be globomantics.com.
Next you need to enter the single-label DNS name of your child domain -- that means anything that is before the globomantics.com.
In my example I entered na for na.globomantics.com -- as seen on the bottom.
That will be our FQDN for the new child domain. Once ready, click on the Next button.
14. Now it's time to select a site for this DC.
Now you see why we needed to create the new site before we started this installation. Select the correct site and click Next.
15. As mentioned earlier we are going to make this DC be our DNS server as well as Global catalog for our new site.
Make sure both check-marks are checked and then click on the Next button.
16. I would recommend leaving the default locations for these databases unless you have a really good reason not to. Click Next.
17. In this windows you will need to setup the Directory Services Restore Mode Administrative Password for restore purposes.
Go ahead and type that in and then click on the Next button.
18. On this summary window double check your selections and when ready click Next.
19. You can check the box Reboot on completion and let the installation complete.
Congratulations! Your Child Domain has been created!