Use PowerShell to add an additional Domain Controller to an existing Windows Server 2012 Active Directory Domain

Recently, I decided to add a second domain controller to my domain. The existing server and this new server that will become a domain controller both run the Microsoft Windows Server 2012 operating system and both were installed with the default installation type of server core (no GUI).

Even though the GUI can be turned on and off in Windows Server 2012 (unlike in Windows Server 2008 and 2008 R2), I prefer not to add the GUI unless absolutely necessary.

You’ve already loaded the base operating system, added it to the domain, and configured the server as per your organization’s standards. Log into the new server you want to add as an additional domain controller and launch PowerShell by typing “powershell.exe”. You’ll need to first add the AD-Domain-Services role to the server:


The installation of this role completes and a restart is not required:


Now to make this server an additional domain controller in the domain:


The installation will go through several steps:


A restart is required when the installation is complete:


If you’re looking to install the first domain controller in a new Active Directory forest instead of adding an additional domain controller in an existing domain, see my blog article titled “Use PowerShell to Create a New Active Directory Forest on Windows 2012 Server Core Installation (no-GUI)“.



  1. Alejandra Gutierrez


    Can you tell me how do I can configure both DNS of each DC in Powershell, I know how to do it because when I tried to do it with GUI, and I had an error, when I searched I got this and I cold resolved the problem: But I want to know if there is a way to do it on Powershell.

    Thank you

  2. Chamil Dilhan

    Hi Mike,
    Im completely oblivious to powershell. These step by step information was really useful for my training.
    Thank you

  3. louies

    Hi Mike,

    Thank for the tutorial. Its really useful, if anyone comes into trouble with the credentials
    just add on the last line the command below. It will ask credential for DC01 domain
    -Credential (Get-Credential)

  4. Ishika Kapoor

    Can we also defined the Domain Controller from which Additional Domain Controller will take the updates.

  5. Surinder Kumar

    This is very use full for me. I got great resolution in my studies.

  6. Anirban Kar

    Hi Sir, I have followed these steps to add our Windows Server 2016 CORE (Name:COREDC) and joined it to our existing domain (Name: However whenever I am running below mentioned PS command, it is asking for SafeModeRecoveryPassword and confrming it… then it is failing showing these below statements:

    I have run this command on the Windows Server 2016 CORE PowerShell prompt:

    Install-ADDSDomainController -CreateDnsDelegation:$false -DatabasePath ‘C:\Windows\NTDS’ -DomainName ‘’ -InstallDns:$true -LogPath ‘C:\Windows\NTDS’ -NoGlobalCatalog:$false -SiteName ‘Default-First-Site-Name’ -SysvolPath ‘C:\Windows\SYSVOL’ -NoRebootOnCompletion:$true -Force:$true

    PowerShell asked me to type a SafeModeRecoveryPassword and confirmed it… Then below ERROR message arrived:

    Install-ADDSDomainController : Verification of user credential permission failed. You must supply a user account name.
    At line:1 char:1
    + Install-ADDSDomainController -InstallDns:$true -CreateDnsDelegation:$ …
    +CategoryInfo : NotSpecified: (:) [Install-ADDSDomainController], TestFailedException
    +FullyQualifiedErrorId : Test.VefifyUserCredentialPermission.DCPromo.General.24,Microsoft.DirectoryServices.Deploloyment.PowerShell.Commands.InstallADDSDomainControllerCommand

    Could you please guide me urgently what went wrong and what I should do to rectify this error and then join CORE Server into existing domain as the 2nd DC?

    I will wait for your kind urgent help on this because I am struggling a lot.

    Please help.

    Thank you,

    Anirban kar

    • Mike F Robbins

      Is the server already a member of the domain you’re trying to add it to? Add it to the domain first if not, otherwise try specifying -Credential (Get-Credential) with a user account that has access to add the server as an domain controller in the domain.

      • Anirban Kar

        Thank you Sir. However, could you please just help me with the Sytax, means where to write the User account credential after the switch…. Should I type the full command like this:

        nstall-ADDSDomainController -CreateDnsDelegation:$false -DatabasePath ‘C:\Windows\NTDS’ -DomainName ‘’ -InstallDns:$true -LogPath ‘C:\Windows\NTDS’ -NoGlobalCatalog:$false -SiteName ‘Default-First-Site-Name’ -SysvolPath ‘C:\Windows\SYSVOL’ -Credential Get-Credential -NoRebootOnCompletion:$true -Force:$true

        And where to Type the Domain administrator’s userid & password in this syntax?

        I am asking because if I directly type the above syntax, it is telling that Credential not found, although Windows Server 2016 CORE server is already a member of domain.

        Kindly suggest.

        Thank you,

        Anirban kar


Leave a Reply

%d bloggers like this: