1. Installing a Domain Controller with the Windows
Interface
Using the Windows interface to install a domain controller
requires two major steps. First, you must install the AD DS role,
which, can be accomplished
by using the Add Roles Wizard in Server Manager. After the AD DS role
installation has copied the binaries required for the role to the
server, you must install and configure AD DS by launching the Active
Directory Domain Services Installation Wizard, using one of these
methods:
-
Click Start and, in the Start Search box, type dcpromo and click OK.
-
When you complete the Add Roles Wizard, click the link to
launch the Active Directory Domain Services Installation
Wizard.
-
After adding the AD DS role, links appear in Server Manager
that remind you to run the Active Directory Domain Services
Installation Wizard. Click any of those links.
The Active Directory Domain Services Installation Wizard is
shown in Figure 1.
Note
ALL-IN-ONE WIZARD
Microsoft documentation for Windows Server 2008 R2 emphasizes the role-based
model, so it recommends that you add the AD DS role and then run Dcpromo.exe (the
Active Directory Domain Services Installation Wizard). However, you can
simply run Dcpromo.exe and, as a first step, the wizard detects that
the AD DS binaries are not installed and adds the AD DS role
automatically.
2. Unattended Installation Options and Answer Files
You can also add or remove a domain controller in Command Prompt, using unattended installation supported by the Windows Server
2008 R2 version of Dcpromo.exe. Unattended installation options
provide values to the Active Directory Domain Services Installation
Wizard. For example, the NewDomainDNSName option specifies a fully
qualified domain name (FQDN) for a new domain.
These options can be provided at the command line using dcpromo
/unattendOption:value; for example, type dcpromo /newdomaindnsname:contoso.com.
Alternately, you can provide the options in an unattended installation
answer file. The answer file is a text file that contains a section
heading, [DCINSTALL], followed by options and their values in the
option=value form. For example, the following
file provides the NewDomainDNSName option:
[DCINSTALL]
NewDomainDNSName=contoso.com
The answer file is called by adding its path to the
/unattend parameter. For example:
dcpromo /unattend:"path to answer file"
The options in the answer file can be overridden by parameters
on the command line. For example, if the NewDomainDNSName option is
specified in the answer file and the
/NewDomainDNSName parameter is used on the
command line, the value on the command line takes precedence.
If any required values are neither in the answer file nor on the
command line, the Active Directory Domain Services Installation Wizard prompts for the
answers, so you can use the answer file to partially automate an
installation, providing a subset of configuration values for use
during an interactive installation. The wizard is not available when
running Dcpromo.exe from the command line in Server Core. In that
case, the Dcpromo.exe command returns with an error code.
For a complete list of parameters that you can specify as part
of an unattended installation of AD DS, open an elevated
command prompt and type the following command:
dcpromo /?[:operation]
where operation is one of the
following:
-
Promotion
Returns all parameters you can use when creating a domain controller.
-
CreateDCAccount
Returns all parameters you can use when creating a
prestaged account for a read-only domain controller (RODC).
-
UseExistingAccount
Returns all parameters you can use to attach a new
DC to a prestaged RODC account.
-
Demotion
Returns all parameters you can use when removing a
domain controller.
Note
GENERATE AN ANSWER
FILE
When you use the Windows interface to create a domain
controller, the Active Directory Domain Services Installation Wizard
gives you the option, on the Summary page, to export your settings
to an answer file. If you need to create an answer file for use from
the command line, such as on a Server Core installation, you can use
this shortcut to create an answer file with the correct options and
values.
3. Installing a New Windows Server 2008 R2 Forest
When creating a new
forest root domain, you must specify the forest root domain name
system (DNS) name, its NetBIOS name, and the forest and domain functional
levels. The first domain controller cannot be a read-only domain
controller and must be a global catalog (GC) server. If the Active
Directory Domain Services Installation Wizard detects that it is
necessary to install or configure DNS, it does it
automatically.
You can also use an answer file by typing dcpromo
/unattend: “path to answer
file”, where the answer file contains unattended installation
options and values. The following example contains the minimum
parameters for an unattended installation of a new Windows Server 2008
R2 domain controller in a new forest:
[DCINSTALL] ReplicaOrNewDomain=domain
NewDomain=forest
NewDomainDNSName=fully qualified DNS name
DomainNetBiosName=domain NetBIOS name
ForestLevel={0=Windows 2000 Server Native;
2=Windows Server 2003 Native;
3=Windows Server 2008;
4=Windows Server 2008 R2}
DomainLevel={0=Windows Server 2000 Native;
2=Windows Server 2003 Native;
3=Windows Server 2008;
4=Windows Server 2008 R2}
InstallDNS=yes
DatabasePath="path to folder on a local volume"
LogPath="path to folder on a local volume"
SYSVOLPath="path to folder on a local volume"
SafeModeAdminPassword=password
RebootOnCompletion=yes
You can also specify one or more unattended installation
parameters and values at the command line. For example, if you don’t
want the Directory Services Restore Mode password in the answer file,
leave the entry blank and specify the
/SafeModeAdminPassword:password parameter when
you run Dcpromo.exe.
You can also include all options on the command line itself. The
following example creates the first domain controller in a new forest
in which you don’t expect to install any Windows Server 2003
domain controllers:
dcpromo /unattend /installDNS:yes /dnsOnNetwork:yes
/replicaOrNewDomain:domain /newDomain:forest
/newDomainDnsName:contoso.com /DomainNetbiosName:contoso
/databasePath:"e:\ntds" /logPath:"f:\ntdslogs" /sysvolpath:"g:\sysvol"
/safeModeAdminPassword:password /forestLevel:3 /domainLevel:3
/rebootOnCompletion:yes
