Active DirectoryMicrosoft TechnologiesWindows Server

How to create child domain server ?

Sometime to maintain network hierarchy in a domain environment you may need to create child domains. I have seen in various occasions its called as "sub domain" as well. But the microsoft recommended term for this is "Child Domain".

In a domain environment child domains can be use on separate departments, branches. it can be in different geographical areas or even in same building. It is hard to define exact situations where child domains should implement on a domain environment. But this helps to define security, resources boundaries. you can apply different policies, permissions for set of users, resources in child domain with out affecting parent domain rules, policies. its provide more control over the network and its resources and get best benefits out of it.

in here my demo i have parent domain called sprint.local installed. it is windows 2008 R2. I will install child domain called "sales" under parent domain sprint.local.

Before we start on setup, the server need to be prepare by installing windows server 2008 r2, DNS server role, Active directory domain services role. I have described how these roles can be added in previous section. Also server ip addresses should be changed in to static and change it to the same network segment where primary domain controller runs.

•    Once all above are done start the dcpromo wizard by Start > Run > dcpromo. Then click on “next” to continue.

ch1

•    Then it will give message about the OS and compatibility. Click on “next” to continue.

ch2

•    The next step is important. In here it will give opportunity to select what kind of setup we need with AD. So as per requirement we will need to use “existing forest” but “create new domain controller in existing forest”. After selecting those options click “next” to continue.

ch3

•    In next window we can input the details about the existing forest. As per setup its “sprint.local” and specify the credentials to log in to it.

ch4

•    In next wizard it asks for the sub domain name. here the parent domain will be “sprint.local” and subdomain will be “sales.sprint.local” then press next to continue.

ch5

•    In next window it will ask to select the site. As I explain here I will not be go for different sites setup. I will be using one site setup. Select the default and click on next to continue.

ch6

•    In next window we need to select to make it as “global catalog” server and “dns server”. It will give opportunity to each department to handle the login requests as well as dns queries.

ch7

•    In next window it will show the paths for logs.

ch8

•    Next window is to define recovery password, once create a password click on “next” to continue.

ch9

•    In next window it will give the summery. Click next to continue.

ch10

•    In next window it will start the installation.

ch11

•    After reboot you can login to domain using

User Name : sales.sprint.local\administrator
Password : xxxxxxx

Under Active Directory Users and Computers it will show the subdomain dc attributes

ch12

•    In Primary domain controller under “Active Directory Sites and Services “we can see the newly added “Test2” DC.

ch13

 

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Cyber SecurityMicrosoft DefenderMicrosoft Technologies

Microsoft Defender for Identity Part 02 – Create Directory Service Account

In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *