Create a new child domain

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To create a new child domain

  1. Click Start, click Run, and then type dcpromo to start the Active Directory Installation Wizard.

  2. On the Operating System Compatibility page, read the information and then click Next.

    If this is the first time you have installed Active Directory on a server running Windows Server 2003, click Compatibility Help for more information.

  3. On the Domain Controller Type page, click Domain controller for a new domain, and then click Next.

  4. On the Create New Domain page, click Child domain in an existing domain tree, and then click Next.

  5. On the Network Credentials page, type the user name, password, and user domain of the user account you want to use for this operation, and then click Next.

    The user account must be a member of the Enterprise Admins group.

  6. On the Child Domain Installation page, verify the parent domain and type the new child domain name, and then click Next.

  7. On the NetBIOS Domain Name page, verify the NetBIOS name, and click Next.

  8. On the Database and Log Folders page, type the location in which you want to install the database and log folders, or click Browse to choose a location, and then click Next.

  9. On the Shared System Volume page, type the location in which you want to install the Sysvol folder, or click Browse to choose a location, and then click Next.

  10. On the DNS Registration Diagnostics page, verify the DNS configuration settings are accurate, and then click Next.

  11. On the Permissions page, select one of the following:

    • Permissions compatible with pre-Windows 2000 server operating systems

    • Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems

  12. On the Directory Services Restore Mode Administrator Password page, type and confirm the password that you want to assign to the Administrator account for this server, and then click Next.

    Use this password when starting the computer in Directory Services Restore Mode.

  13. Review the Summary page, and then click Next to begin the installation.

  14. Restart the computer.


  • To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • The server on which you install Active Directory using this procedure will be the first domain controller in a new child domain.

  • Before installing Active Directory, you will need to consider pre-Windows 2000 compatible security levels and identify the DNS name of the domain. For more information, see the checklist in Related Topics.

  • When a child domain is added to an existing tree domain, a two-way, transitive parent and child trust is established by default.

  • The wizard options on the Permissions page affect application compatibility with computers running pre-Windows 2000 and Windows Server 2003 operating systems and are not related to domain functionality. For more information about permissions, see Related Topics.

  • You can also use a smart card to verify administrative credentials. For more information about smart cards, see Related Topics.

  • The Active Directory Installation Wizard allows Active Directory domain names up to 64 characters or up to 155 bytes. Although the limit of 64 characters is usually reached before the limit of 155 bytes, the opposite could be true if the name contains Unicode characters consuming three bytes. These limits do not apply to computer names.

  • You cannot install Active Directory on a computer running Windows Server 2003, Web Edition, but you can join the computer to an Active Directory domain as a member server. For more information about Windows Server 2003, Web Edition, see Related Topics.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also


Checklist: Creating a new child domain
Domain controllers
Using Smart Cards
Using the Active Directory Installation Wizard
Domain and forest functionality
Overview of Windows Server 2003, Web Edition