How to Add a New Forest to Active Directory (Server Manager)

Tutorials

In this guide, I’ll show you how to add a new forest to your existing Active Directory environment. There may be compliance or security requirements dictating you add a new forest.

This article applies to: Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025.

However, just a note, you can add forest trusts, too. If you have an existing forest, contoso.com, you can add another forest, northwindtraders.com, and optionally build a trust between them, all within your LAN environment.

Add the Active Directory Domain Services server role to Windows Server

In our final scenario will be adding a new forest to an environment. There are several logical designs that dictate this option. If you are starting out completely from scratch, this is the only option you will have – adding your first domain controller and creating your very first (forest-root) domain.

Another scenario would be if you need a more defined separation of domains. If you are merging with another corporation, you may want to add a new forest in a test setting – this will allow complete separation between your forest domain structure and your testing.

However, as I stated previously, you’ll be able to create forest trusts that will allow users in one forest to log in (seamlessly) to computers in the other forest.

I have built another Windows Server 2022 Datacenter Hyper-V VM and named it WS22-FOREST-DC1.

Our 3rd and final server, ready for promotion – WS22-FOREST-DC1

Again, I went and added the Active Directory Domain Services role.

Configure the new Active Directory forest

Let’s get the new forest configured.

Start the DC promotion wizard to promote the server to a domain controller.

Choosing to create a whole new, independent forest – reinderscorp.local

I chose the third option – ‘Add a new forest‘ and entered ‘reinderscorp.local’ as the domain name.
I clicked Next.

Choosing our functional levels and entering our DSRM password again — Choosing our functional levels and entering our DSRM password…again… 🙂

Here, you can see you have options with the forest functional level. If you have a requirement to include domain controllers running older versions of Windows Server, you need to make that adjustment now: You can’t go back after the fact and lower the level. You can only raise these levels.

I will keep my forest at the Windows Server 2016 level
Enter your DSRM password and click Next.
On the DNS Options screen, as in previous scenarios, it will give you the common warning about not being able to create a DNS delegation. That’s because there is no parent (DNS) domain name to contact.
The Additional Options screen only shows the NetBIOS domain name for us – ‘REINDERSCORP’. And on the Paths screen, I accepted the defaults and clicked Next.

The Review Options screen shows our new forest in all its glory - including the PowerShell script! — The Review Options screen shows our new forest in all its glory – including the PowerShell script!

On the Review Options screen, we can see all the planned configurations of our new forest. I clicked the View script button again to see the PowerShell script that will run in the background momentarily.
Then I clicked Next.

The Prerequisites Check screen says we're good to go! — The Prerequisites Check screen says we’re good to go!

We can now click the Install button on the Prerequisites Check screen as we are approved to proceed by the trusted Microsoft engineers.

Setup completed successfully - a Reboot is coming right up — Setup completed successfully – Reboot coming right up!

After the server reboots, I log in as the Administrator and confirm all is as expected.

Our new forest is ‘fully operational and all of its circuits are functioning perfectly

Source:
https://petri.com/add-new-forest-to-active-directory/