Support Portal

8. Prepare Existing AD Domain (If There Is One) For The Installation

If you have an existing Active Directory domain which your new domain controller will be joining, you need to prepare the existing Active Directory in advance of the installation. Please note that this article assumes familiarity with managing Microsoft Active Directory and Domain Controllers.


All these steps must be performed on the existing Domain Controller

Step 1. Create a new user
Logon to an existing Domain controller - preferably in the same LAN/site in which you are deploying your new server, and preferably one that currently holds all 5 Flexible Single Master Operation (FSMO) roles; it should also be a Global Catalog (GC) Server.

Open Active Directory Users and Computers and Create a domain user account called zcommission. The account needs to be a member of the Domain Admin group.

Keep a note of the zcommission users password, as you will need it during the installation process.

Note: you can identify which Domain Controller currently holds the FSMO roles by running "netdom query fsmo" on a Domain Controller and you can transfer all 5 FSMO roles by following the steps outlined in these three articles: and and

Note: you can confirm if a Domain Controller is a Global Catalog server by following the steps outlined here: and you can add the Global Catalog to an existing Domain Controller by following the steps outlined here:

Step 2. Configure the secondary DNS server
Configure the network card to set the secondary DNS server to be the IP address of ZDC (ZDC will become your new domain controller). You can find out the IP address from the Commissioning Console. If you need help changing the secondary DNS server IP please view the article: How to change the secondary DNS server IP address


Step 3. Check the existing Active Directory is healthy

On the existing Domain Controller, Run a DCDIAG on their existing domain controller to verify the existing Active Directory is OK.

Any failures should be investigated and resolved. 

Here is a useful article on using DCDIAG to identify any issues:

Here is a Microsoft Technet article on using DCDIAG:

 If you currently have more than one Domain Controller in your Active Directory, ensure that they are all replicating successfully - run "repadmin /showrepl" and "repadmin /syncall /Aed" and ensure there are no errors. More information on these commands is available in this article:

Any existing errors in Active Directory replication should be resolved first. Any old Domain Controllers that are permanently offline should have server metadata cleanup performed, as outlined here:

As suggested above, it is recommended to perform the above steps on a Domain Controller that holds the 5 FSMO roles and is a GC. During the automated join of the new Domain Controller on your new server to your current Active Directory that you will carry out in a subsequent step, the 5 FSMO roles will be transferred from the current Domain Controller that holds them to the new one.

Step 4. Check Forest Functional level

On the existing Domain Controller, ensure the Active Directory Forest Functional level is 2003 or higher. If it is not at 2003 you must first raise it.

Here is an article explaining how to check the Forest Functional level:

Here is an artuicle explaining how to raise the Forest Functional level (you need to raise it to 2003 or higher)


If there are any Windows 2000 Domain Controller's, these need to be decommissioned before you can proceed.


Once all of the above is complete please read the article QUICK START GUIDE - Perform an Installation

Was this article helpful? 0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk