Add and Manage Domain Controllers

The Add and Manage Domain Controllers guided virtual lab, provided by IT Pro Challenges, has learners create a domain controller to an existing domain and test that the addition has been successful. Lab exercises supply skills to those seeking careers as cyber operators, information systems security managers, or network operation specialists.

1 hour
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


This hands-on virtual lab teaches the beginner who has some Windows Server administration, how to add an existing server as a domain controller and verify successful creation. This challenge augments guided and advanced labs in a series: Deploy and Configure a Read-Only Domain Controller, and Can You Configure an Active Directory Domain Services Infrastructure? Fundamental to security, domain controllers handle access requests from other servers and computers.

First, in the Add and Manage Domain Controllers session, learners add AS DS binaries, a compiled program, to a member server. Next, learners use Active Directory Domain Services Configuration Wizard to promote an existing domain as a domain controller. Finally, learners check that the AD domain controller server (SRV) records generated correctly, a necessary and additional step to validate the domain controller addition.

Add AD DS Binaries to a Member Server:

Learners use the Add Roles and Features Wizard to initiate Active Directory Domain Services code needed to allow users appropriate application access through logging in only once. Active Directory Domain Services keep critical data about which entities have permissions to what. Administrators customize server roles and features using either the wizard or by using Windows PowerShell, a command-line utility. In this virtual lab, participants verify that they added the AS DS binaries correctly.

Add a Domain Controller to an Existing Domain:

Learners promote DC3 as a domain controller using the Active Directory Domain Services Configuration Wizard. In this exercise, users specify domain controller capabilities as a Domain Name Server (DNS) server having a Global Catalog (GC). Domain Name Servers tracks a list of domains and translates them into internet protocol (IP) addresses, numbers the computer associates with each computer on the network. A GC keeps records of all objects in a directory’s domain to make it easier to find information about and processing access requests from other entities. In addition to the wizard, Windows PowerShell, cloning, and installing from media options also set up domain controllers. Learners see when users from other domains or on the internet do not need to translate internet protocol addresses; for computers attached to the domain controller, then a parent or master zone does not need to be created.

Verify the Creation of SRV Records:

In this final exercise, learners check the creation of server records, from the computer hosts. SRV records locate domain controllers, like GC, Kerberos (an authentication protocol between computers over the network), and LDAP (a protocol that describes and defines other computer addresses on the network). Checking for such DNS resource records tests that services are located appropriately for each DNS zone.


Upon completion of this Add and Manage Domain Controllers virtual lab challenge, learners gain hands-on experience. This virtual lab includes adding AD DS compiled code to a server, creating a domain controller to an existing domain, and checking SRV records that the correct hosts service the domain controller services.

Most IT positions with networking and server administration components will benefit from the skills taught in this lab. The learner then can expand capabilities through taking the GUIDED CHALLENGE: Deploy and Configure a Read-Only Domain Controller and the ADVANCED CHALLENGE: Can You Configure an Active Directory Domain Services Infrastructure?