Active Directory  «Prev  Next»
Lesson 6 Create a child domain
Objective Create a child of the root domain.

Create Child of the Root Domain

Creating a Child Domain in Active Directory on Windows Server 2019

This guide will provide you with step-by-step instructions on how to create a child domain in Active Directory on Windows Server 2019. The child domain will be created under an existing root domain, and the process will require domain administrator credentials.
Prerequisites:
  1. A functioning root domain on Windows Server 2019.
  2. An additional server running Windows Server 2019 to be promoted as the domain controller for the child domain.
  3. Domain administrator credentials for the root domain.
Procedure:
  1. Configure the new server's hostname and IP settings:
    1. Open Server Manager.
    2. Click 'Local Server' on the left pane.
    3. Click on the computer name to change the hostname, and click 'OK' to apply changes.
    4. Click 'IPv4 address assigned by DHCP' to assign a static IP address, and configure the DNS server to point to the root domain's domain controller.
  2. Install the Active Directory Domain Services (AD DS) role on the new server:
    1. In Server Manager, click 'Manage' and then 'Add Roles and Features'.
    2. Click 'Next' until you reach the 'Select server roles' page.
    3. Check the box for 'Active Directory Domain Services', and click 'Next'.
    4. Click 'Next' until you reach the 'Confirm installation selections' page, and then click 'Install'.
    5. Wait for the installation to complete and click 'Close'.
  3. Promote the new server as a domain controller for the child domain:
    1. In Server Manager, click the notification flag in the upper right corner and select 'Promote this server to a domain controller'.
    2. In the Deployment Configuration page, choose 'Add a new domain to an existing forest', and select 'Child Domain'. Click 'Next'.
    3. Enter the fully qualified domain name (FQDN) of the root domain, and the desired FQDN for the child domain. Click 'Next'.
    4. Provide the domain administrator credentials for the root domain and click 'Next'.
    5. Choose the functional levels for the new child domain, and enter a Directory Services Restore Mode (DSRM) password. Click 'Next'.
    6. Review the DNS options and ensure a delegation is created for the child domain. Click 'Next'.
    7. Confirm the NetBIOS domain name for the child domain, and click 'Next'.
    8. Verify the default paths for AD DS database, log files, and SYSVOL folder. Click 'Next'.
    9. Review your selections, and click 'Next'.
    10. Allow the prerequisite check to complete, and if there are no issues, click 'Install'.
    11. The server will automatically reboot after the installation process is complete.
  4. Verify the child domain creation:
    1. Log in to the new child domain controller using the root domain administrator credentials.
    2. Open the Active Directory Users and Computers (ADUC) console by pressing 'Win + R', typing 'dsa.msc', and pressing 'Enter'.
    3. Confirm that the new child domain is visible under the root domain.
You have now successfully created a child domain under your root domain using Active Directory on Windows Server 2019.
After you establish the root domain, you can create additional domains within the tree if your network plan requires multiple domains. Each new domain within the tree will be a child domain[1] of the root domain or a child domain of another child domain.

This shows a child domain.
This shows a child domain

How to create Child Domain

As with other phases of the installation process, you begin creating a child domain by starting the Active Directory Installation Wizard. When the wizard asks you which installation option you'd like to follow:
  1. Click Domain controller for a new domain.
  2. Select Create a new child domain in an existing domain tree, as shown here:

This is the box where you request to install a child domain.
This is the box where you request to install a child domain
  1. Then, as when creating a root domain, specify the following information:

  1. The username, password, and domain name of a user account in the Enterprise Admins group, which exists in the root domain of the forest
  2. The DNS name of the parent domain and the name of the new child domain
  3. The NetBIOS name of the new domain
  4. The locations for the Active Directory database and log files
  5. The location of the shared system volume
  1. Once you have decided where and under what name to place the child domain, you will have to decide on the permissions status of this particular domain, that is, whether to weaken permissions to support users who access the network through remote access servers running Windows NT 4.0, as shown here:

This shows the box where you will specify the permissions status of the child domain.
This shows the box where you will specify the permissions status of the child domain.

After you finish specifying the installation information, the wizard installs Active Directory, converts the computer to a domain controller, and adds the consoles described earlier to the Administrative Tools menu on that computer.

[1] Child domains: A domain located in the namespace tree directly under another domain name (the parent domain), which contains the name of the parent in its own name. Example: sales.tacteam.net is a child domain of the tacteam.net parent domain.
For instance, a domain named europe.contoso.com is a child of the root domain, contoso.com. The next domain that you create within that tree can be a child of constoso.com or a child of europe.contoso.com.