Promote a Server to a Domain Controller

Paul Hill

February 18, 2021 • 5 min read

    In this lesson you are going to learn how to promote a server to a domain controller. This procedure is something you will complete after successfully installing the AD DS Server role.

    If you’re interested in learning more about Active Directory, consider creating a free account to get access to our Active Directory Fundamentals course at the link below.. it’s FREE!

    Course: Active Directory Fundamentals

    This free course will teach you the fundamentals of Active Directory. You’ll learn how to create and…

    10 Lessons
    1 Quizzes
    1 Labs
    1 Hr

    Before we get started, you should have already installed the AD DS server role. If you haven’t done that yet, click here to learn how to install the AD DS server role.

    Promote this server to a Domain controller

    Step 1. Open Server Manager

    Open Server Manager by clicking the Windows button and clicking Server Manager or by searching for Server Manager.

    Step 2. Launch DC promotion wizard from Notification Flag

    Select the notification flag, then Promote this server to a domain controller:

    Step 3. Select the Deployment Operation

    The next screen will ask you to specify if you want to join an existing domain, add a new domain to an existing forest or add a new forest. Since we are installing the first domain controller in our network, we will need to choose the last option.

    Click Add a new forest. Enter your desired domain name (mine will be and click Next:

    Step 4. Configure Domain Controller Options

    Domain and Forest Functional Level

    Select the desired forest and domain functional level. The default options will work fine in our scenario. 

    If this is a new domain you should select the highest available option. You should only choose older options if you have older domain controllers in your domain or forest.

    Specify Domain Controller Capabilities

    The default opens for your first domain controller are DNS and GC (Global Catalog). This are required for the first domain controller installation in your domain unless you have a separate DNS server installed.

    We do not, so we are going to go with those settings.

    Specify the Directory Services Restore Mode (DSRM) password

    The DSRM password is used when you launch the domain controller into DSRM mode. One example of when you will do this is when you need to restore a system state backup of the server.

    For my lab environments I always use the same passwords so I am going to enter that here. You should use a secure password that you save somewhere in case of a critical failure of your server.

    Click Next:

    Step 5. Configure the DNS Options

    On the DNS options page you will most likely see a warning for DNS Delegation not being created. This error means that the server cannot create a DNS delegation for the DNS zone “above you”.

    In our case, it’s trying to create a DNS delegation in for The DNS for is handled by CloudFlare, a non-windows DNS server that my server has no permissions for.

    This is why we see this warning message. We can safely ignore it because we don’t need the public DNS to work with our local active directory domain.

    Click Next:

    Step 6. Additional Options

    This page simply shows the NetBIOS domain name. This is a 16-byte name that is a more friendlier way of identifying the domain and computers on the domain than the FQDN (fully qualified domain name,

    No changes are needed, so click Next:

    Step 7. Paths

    The next screen allows you to modify the Paths for your domain controller. I will briefly explain what each folder is:

    Database Folder

    This is where your Active Directory database (ntds.dit) is stored.

    Log files Folder

    Just like it sounds – your Active Directory logs will also be stored here.

    Sysvol Folder

    This is a repository for your active directory files like Group Policy files, domain security info, logon scripts and more. When you have multiple domain controllers, this is the folder that replicates your active directory data between your DCs.

    You don’t need to modify any of these settings unless you prefer to place them on separate disks for performance. In our lab environment this is not needed. Click Next:

    Step 8. Review Options

    The next page will allow you to review the options you configured and even view a PowerShell script (click View Script) with the same options you configured. This could be useful if you plan on promoting several domain controllers.

    Review the settings and click Next:

    Step 9. Prerequisites Check

    The next page will run through a list of prerequisite checks. You should see a few security notifications and a warning for the DNS delegation. Look for a message at the top that indicates all prerequisites checks passed successfully, then click Install:


    The installation can take up to 30 minutes depending on the resources your server has available. During the installation the server will reboot, when it’s complete you will be brought to the login screen:

    Here you should see the NETBios name of your domain (in my case, AD) followed by your administrator username.

    That’s it! Now you’ve successfully promoted your server to a domain controller. Great job!

    In next weeks lesson you are going to learn how to create Active Directory user accounts.

    System AdministratorWindows

    Want to improve your IT skillset? Start with a free account and get access to our IT labs!


    Sign up free and start learning today!

    Practice on REAL servers, learn from our video lessons, interact with the Server Academy community!