Set Up Child Domain on Windows Server 2016

Extra domains make the network more complex to administer. In the past extra domains were created because of the limitations in creating a large number of objects in active directory and there was only one password policy per domain. Now active directory can scale to millions of objects and it has more than one password policy per domain. Before you create a child domain, ask the following question. 

Why Do You Create a Child Domain?

Business Requirements – Sometime company’s business units having different policies may need separate domains to keep business management separate 

Different Budgets and Funding – Each business units may have different budgets and funding for their IT department. Some prefer a high quality and reliable hardware and some prefer to save money. In such cases, it is simpler to have separate domains.

Different IT staff – Each business unit may have separate staff. If there is a single domain, a small wrong mistake like permissions can cause the domain data to be compromised.

In this article, I will walk you through to set up a child domain on SRV01 Windows Server 2016. In my test environment, I have one existing domain (yourdomain.com) which is configured on SRV02.yourdomain.com server. Let’s get started.

Prerequisites

Before you set up a child domain, make sure you have an accessible parent domain on your network. Apart from parent domain, your server must meet the following requirements:

Installing Active Directory Domain Services Server Role

Open server manager dashboard. Click Add roles and features and then follow the below mentioned steps. 

Step 1. Verify the requirements and click Next

Step 2. Choose Role-based or feature-based installation and click Next

Step 3. Choose the destination server from server pool on which you want to setup child domain and click Next

Step 4. Choose AD Domain services from server roles. As soon as you check the relevant box, a new window appears, click Add Features

Step 5. Click Next

Step 6. Click Next

Step 7. Click Next

Step 8. Click Install and wait for an installation to finish. This may take several minutes to complete so be patient

Promoting the Server to Domain Controller and Configuring it for Child Domain

Once an installation has been successful, go for these configuration steps.
Step 1. Click Promote this server to a domain controller

Step 2. Choose Add a new domain to an existing forest and Child Domain from domain type. Provide parent domain name, new domain name and the credentials of an account which is part of enterprise admins group in parent domain. Click Next

Step 3. Choose Domain Name System (DNS) server and Global Catalog (GC). Provide DSRM password and click Next

Step 4. Keep default selection and click Next

Step 5. Click Next

Step 6. Click Next

Step 7. Click Next

Step 8. Click Install and wait for few minutes. When configuration finishes, a server will be rebooted

Testing the Configuration

When a server has been rebooted, login with domain admin credentials and execute the following commands

netdom query fsmo

The command returns the roles owner. You will notice that the DC of child domain is holding three domain wide roles while DC of parent domain controller is holding only two forest wide roles (because it is root domain in the forest) as shown in the following figure.

At this point, you can be sure to continue joining client machines, creating AD users, and computers in active directory of new child domain. 

References Used