Share via

Can't add new domain controllers to an existing domain

Franz Schenk 341 Reputation points
2025-08-28T15:47:05.05+00:00

After adding a DC (have tried to add a Server 2025 DC, and then to add a Server 2019 DC), the new domain controller refuses to work. dcdiag /test:advertisement /v gives the following error: Server is not responding or is not considered suitable.

What I have verified/tried so far:

  • Network Adapter IP- and DNS configuration: Have tried 127.0.0.1 as first DNS Server, IP of the only working DC as second DNS Server, and also the opposite way: IP of the working DC as first DNS Server.
  • Temporarly disabled IPv6 on the new, designated DC
  • Disabled the Windows firewall on the working and the new, designated DC
  • Correct time on all DCs
  • Examine DNS entries of the existing and new DCs, also in the _msdsc zone. All DCs are registered. The service records for the working and the not working DC are identical.
  • repadmin /syncall /e works without any error.
  • ipconfig /registerdns, restarting netlogon service, dcdiag /fix

What I can see is that the Sysvol Share does not exist on the new DCs. But I suppose that the working DC does not replicate Sysvol because the new DC don't advertise correctly. Is this assumption correct?

Any advice? How is it possible to get more detailed information why the DC advertisement fails? Thank you in advance for any help.

Franz

Windows for business | Windows Server | Directory services | Active Directory
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Domic Vo 1,015 Reputation points Independent Advisor
    2025-08-28T18:26:00.34+00:00

    Dear Franz,

    Based on the dcdiag /test:advertisement results and the missing SYSVOL share, it appears the new domain controller has not completed its promotion successfully, which prevents it from advertising as suitable. Your assumption is correct—SYSVOL replication typically does not initiate until the DC is fully functional and properly advertised.

    We recommend checking the DFS Replication logs in Event Viewer to confirm whether SYSVOL initialization has occurred. If not, you may need to perform a non-authoritative SYSVOL restore (D2) to trigger replication. Additionally, ensure that the new DC uses the IP of the existing DC as its primary DNS during promotion, and avoid using 127.0.0.1 at that stage.

    If the issue persists, running dcdiag /test:sysvolcheck and reviewing net share output can provide further insight.

    I hope this helps. Just kindly tick Accept Answer that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    Best regards,

    Domic Vo

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.