How to Add Child Domain to Active Directory

It is very important to have a concrete step by step plan when adding a child domain to active directory. You cannot easily recover active directory from fatal errors, especially in large Active Directory environments. I will walk through how to add child domain to active directory and properly configure DNS. The best practice is to delegate child DNS domain to child DNS Server.

Design Child Domain DNS Infrastructure

Terminology:

Root DNS ServerThis is the DNS server that holds the DNS for root domain. For example: mylab.com

Child DNS Server (also Child DC )
This is the DNS server that holds the DNS for child domain. For example: sub1.mylab.com

How DNS Delegation Works
Delegation of child DNS domain allows root DNS server to forward DNS queries for Child DNS domain to Child DNS Server. When a client request for a lookup on resource on child DNS domain against root DNS Server, the root DNS Server forwards the query to child DNS Server.

Create DNS Delegation for Child Domain:

On root DNS Server,

1. Open DNS management console.
2. Right click on root zone, choose “New Delegation”, click Next.
3. Enter the child DNS server, click Next.
   

On child DNS Server.

4. Confirm child DNS server is using the root DNS server as the only DNS Server.
5. Install DNS Server from Add/remove Windows Components.
6. Open DNS management console
7. Create Standard Primary, Forward lookup zone ( right click DNS server, choose New Zone)
8. Enter the name of the child zone example: sub1.mylab.com
9. Click Next, click Finish
10. Make sure the zone allow dynamic updates
11. Promote child DNS Server to Domain Controller ( start > Run, type “dcpromo”)

Posted in: WindowsServer