How to create Child Domain on Windows Server 2012 R2
In this article, we’ll learn the steps to create Child Domain on Windows Server 2012 R2. A child domain means a domain having a parent domain. The concept of child domain is primarily used in the big organizations where one parent company start multiple business units or they are extending their businesses to multiple geographical locations. In those scenarios, it would be difficult for the administrators to manage a single Forest or big environment.
Creating child domain will isolate their organization’s environment which will be beneficial for administrators to manage their domain efficiently and effectively. Planning organization’s structure using child domains depends on your requirements. An administrator can use child domain to separate their departments, branches or tailor the same as per their requirements. Different permissions and restrictions can be applied to the child domains for using resources of parent domain or other child domains.
Let’s use an example to understand the concept of child domain. Assume an organization with the domain name www.itingredients.com is managing a free technical blog to share their knowledge and skills. In future they want to start another business model under the same nume which is to start email services. In that case they can use the child domain i.e. mail.itingredient.com to offer Email services. By using this strategy, we can can isolate both the services i.e. technical blog and email services. Hope it helps you in understanding the concept to create child domain on Windows Server 2012 R2.
Steps to create child domain in Windows Server 2012 R2
Please ensure you have a parent Domain Controller up and running in the environment before you start with the steps of promoting Child Domain. You cannot create Child Domain without creating a parent Domain.
1. To create child domain, open Server Manager and click on “Add roles and features” to add the role of Active Directory Users and Computers.
2. On Before you begin console, we can read all the pre-requisite tasks to be performed before proceeding further. Before installing any role, please verify that administrator account must have a strong password, network settings such as static IP address is configured. Click on Next to continue.
3. On Select installation type console, select “role-based or feature-based installation” and click on Next to proceed.
4. On Select destination server console, select the server from server pool on which you want to promote a Child Domain and click on Next. However in this example, only one server is available i.e. DC02.itingredients.com.
5. On Select server roles console, select “Active Directory Domain Services” role to be installed on the selected computer. It will ask to add some required features for Active Directory Domain Services, click on Add Features and then click on Next to continue.
6. On Select features console, all the required features are already selected. Click on Next to continue.
7. Active Directory Domain Services console explains the importance of this role. Click on Next to continue.
8. On Confirms installation selections console, confirm all the selections and click on Install to start the installation process. Group Policy Management would be installed to manage Group Policies.
9. After completing the installation click on Close to close this wizard.
10. Again on Server Manager, click on the yellow warning sign and then click on “Promote this server to a domain controller”.
11. On Deployment Configuration console, select “Add a new domain to an existing domain” under select the deployment operation option. Select the “Child Domain” from the drop down options of Select Domain Type option. Parent domain name is already selected (itingredients.com). If you have multiple parent domains and want to change the parent domain then click on Select and choose the desired domain. Enter the new domain, in this practical we have entered “mail” as child domain and its full name will be “mail.itingredients.com“. Click on Next to continue.
12. On Domain Controller Option console, domain functional level is already selected as Windows Server 2012 R2. Global Catalog (GC) and DNS server is already selected under the option of “Specify domain controller capabilities and site information”. Enter the DSRM password and click on Next to proceed.
13. On DNS Options console, “Create DNS delegation” is already selected and grade out because this will become the first domain controller of the domain “mail.itingredients.com”. Credentials of delegation creation is already selected. Click on Next to continue.
14. On Additional Options console, verify the NetBIOS name assigned to the domain and change it if necessary. Click on Next to continue.
15. On Paths console, verify the location of AD DS database, log files, and SYSVOL. Click on Next to proceed.
16. On Review Options console, review all the selected options on previous consoles. Click on previous and make changes if required otherwise click on Next.
17. On Prerequisites check console, click on Install to start the installation process. After the successful completion close the console and restart your server.
18. After restarting your server, open system properties and verify the full computer name and domain name. Here, the full computer name of our machine is “DC02.mail.itingredients.com” and the Child Domain name is “mail.itingredients.com”.
19. When we open a command prompt and run “netdom query fsmo” command to check the FSMO roles, it shows that DC01.itingredients.com is the master of Schema master and Domain naming master because these are forest-wide roles. Whereas, PDC, RID pool manager, Infrastructure master role is assigned to DC02.mail.itingredients.com because they are domain-wide roles.