How to Add a Child Domain on Windows Server 2016

Extra AD domains are not recommended because they are hard to administer. However, you may need an extra domain (child domain for this tutorial) in the following scenarios:

  1. The two companies have different hardware resources. Some prefer high quality and reliable hardware and some prefer to save money, it is preferable to have two separate domains on different hardware in this situation.
  2. The two companies have different IT support staff. Imagine a single domain, and suppose if a technician set a wrong permission unintentionally, it can cause whole AD data to be compromised.

In this article, I will see how to configure a child domain on Windows Server 2016 in a lab environment.


It is mandatory to have a parent domain already configured for this tutorial to work. But there are more prerequisites.

  1. An administrator account has strong password.
  2. A static IP is configured.
  3. A firewall is turned off.
  4. Latest updates from Microsoft are installed.
  5. DNS server settings in TCP/IPv4 are correct and they are pointing to DNS of parent domain controller.

Add a Child Domain on Windows Server 2016

Step 1. Open server manager dashboard and click Add roles and features.

Step 2. Read prerequisites and click Next.

Add roles and features wizard

Step 3. Choose Role-based or feature-based installation and click Next.

Step 4. Choose desired destination server on which you want to install the role and click Next.

Select destination server

Step 5. Choose AD Domain Services from server roles. As soon as you choose, a new will window pop up. Click Add Features.

Choose AD Domain Services

Step 6. Click Next.

Select server roles

Step 7. Click Next.

Select Features

Step 8. Click Next.


Step 9. Click Install and wait for an installation to finish (This may take several minutes to complete).

Install now

Step 10. Click Promote this server to a domain controller.

Promote this server to a domain controller

Step 11. Choose "Add a new domain to an existing domain",  "Child Domain" from domain type, and provide a parent and new domain name. Click Change to provide the credentials of a user which is part of enterprise domain admins group. Click Next.

Deployment configuration

Step 12. Choose Domain Name System (DNS) server and Global Catalog (GC). Provide DSRM password and click Next.

Domain Name System (DNS) server

Step 13. Leave default selection and click Next.

DNS Options

Step 14. Click Next.

Additional Options

Step 15. Click Next.


Step 16. Click Next.

Review Options

Step 17. Click Install and wait for configuration to finish. This may take several minutes to complete.

Prerequisites check

Once a configuration finishes, a system is rebooted. Upon reboot, you can login with domain admin credentials to newly added child domain.

Leave a Comment