Overview:
This walk through will step you through adding a secondary domain controller to your server infrastructure. At the end, I show steps for moving Master Roles over to this new Domain Controller. It is recommended that you split the roles between two servers. From my research, I like to keep the RID, PDC and Infrastructure Master Roles on the Primary Domain Controller, and move the Domain Naming and Schema Master Roles to the Secondary Domain Controller. The command at the bottom does just that. Feel free to change the roles based on your own research.

Prerequisites:

Existing functional Domain on your Network.
Newly installed Server running Windows Server 2016
Static IP address configured on the server
Join the New Secondary Domain Controller to your existing domain.

Installing the Active Directory Domain Services Role:

1. Launch “Server Manager”.
2. In the top right, click Manage and then select “Add Roles and Features”.
3. Click “Next” on the Before you begin page.
4. Click “Next” on the Select installation type page.
5. Make sure the correct server is selected and click “Next”.
6. Check the box next to “Active Directory Domain Services”.
7. When prompted to add features that are required, click “Add Features”.
8. Click “Next”.
9. Click “Next” on the Select features page.
10. Click “Next” on the Active Directory Domain Services page.
11. Check the box next to “Restart the destination server automatically if required”.
12. Click “Install”.
13. Wait for it to finish the installation.
14. Once Finished, click “Close”.

Promoting the server to a Domain Controller:

1. Back on the Server Manager, click on the notifications icon in the top right.
2. Click on “Promote this server to a domain controller”.
3. Check the bubble next to “Add a domain controller to an existing domain”.
4. Make sure your domain is entered correctly in the Domain field.
5. Change the credentials to a user that is a Domain Administrator.
6. Leave the defaults checked for DNS and GC. If this is going to be a Read Only Domain Controller, check the box next to “Read Only Domain Controller (RODC)”.
7. Enter a password for the Directory Services Restore Mode.
8. Click “Next” to continue.
9. On the DNS options page, you will probably get an error saying “A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found”. This is ok, click “Next” to continue.
10. On the “Additional Options” page, click “Next” to continue.
11. On the “Paths” page, leave defaults and click “Next”.
12. On the “Preparation Options” page, change the user to your Domain Administrator account.
13. Click “Next” to continue.
14. On the “Review Options” page, click “Next”.
15. On the “Prerequisites Check” page, make sure you get a green check that everything is ok. If there are errors preventing you from installing, correct the errors and run the check again.
16. Click “Install”.
17. Wait for the server to finish installing. It should restart when finished.
18. Login to the Domain Administrator Account.
19. Launch the Server Manager and verify that the “AD DS and DNS” Roles are working correctly.

Moving Master Roles to the New Domain Controller:

1. Launch the Server Manager.
2. In the top right, click “Tools” and then select “Active Directory Module for Windows PowerShell”.
3. Enter and run the following command:

Move-ADDirectoryServerOperationMasterRole -Identity “(Server Name)” -OperationMasterRole 3,4

4. Enter “Y” to move the two Roles.
5. Enter and run the following command to verify that the DomainNamingMaster and SchemaMaster Roles were moved successfully:

Get-ADForest