Promoting a domain controller using dcpromo.exe

Despite many news outlets reporting that dcpromo is dead, the popular option to promote a Windows Server installation to a domain controller is alive and well, even in the latest Windows Server versions. One change to the functionality of dcpromo.exe, when compared to previous version of Windows Server, is that you can no longer use dcpromo.exe to launch the Active Directory Domain Services Configuration Wizard. You'll need to use dcpromo.exe with an answer file or with all of the installation arguments specified.

Benefits of using dcpromo.exe include the use of a slew of options that are not available when using the Active Directory Domain Services Configuration Wizard, but also a wide array of sample answer files and scripts, because the type of answer files used when using dcpromo.exe, and the arguments to use on the command line, have been available since the early days of Windows Server. Many people have used them and many people have written them.

Using dcpromo.exe with an answer file consists of running the following Command Prompt line:

dcpromo.exe /unattend: C:\install\dcpromo.txt

Simply replace the text file location with the file of your choice. 

You can also use network paths such as \\server\promotiontext$\dcpromo.txt to supply an answer file to  dcpromo.txt. This makes for an ideal scenario where files don't remain lingering on domain controllers promoted this way.

The answer file consists of several arguments. Typical arguments found in the answer file include the ReplicaOrNewDomain, InstallDNS, and ConfirmGC arguments. A prime example of an answer file to add an additional domain controller to an existing domain would look like the following:

[DCINSTALL]
ReplicaorNewDomain= replica
ReplicaDomainDNSName= lucernpub.com
UserDomain= LUCERNPUB
UserName= Administrator
SiteName= RemoteLocation
Password= "P@$$w0rd"
InstallDNS= Yes
ConfirmGC= Yes
CreateDNSDelegation= No
DatabasePath= E:\NTDS
LogPath= E:\Logs
SYSVOLPath= E:\SYSVOL
SafeModeAdminPassword= "P@$$w0rd"
RebootOnSuccess= true

This will add a domain controller to the lucernpub.com Active Directory domain, using the credentials for the administrator account with the password, P@$$w0rd. The domain controller will be installed with a DNS Server and configured as a global catalog server. All of the Active Directory-related files are stored in corresponding folders on the E:\ drive, and when successful, the Windows Server installation you intend as domain controller will be rebooted automatically.

Replace the values in the preceding sample file with the values of your choice.

When promotion is successful, the passwords specified as the values for the Password and SafeModeAdminPassword arguments are cleared from the answer file. However, when promotion is unsuccessful, these values remain and may cause harm when falling into the wrong hands.

The arguments in the answer file can also be specified as command line arguments. The arguments can be reused one-on-one, so the preceding sample answer file would correspond to the following command line:

dcpromo.exe /unattend /replicaornewdomain:Replica /replicadomaindnsname:lucernpub.com /userdomain:LUCERNPUB /username:administrator /password:"P@$$w0rd" /sitename:RemoteLocation /installdns:yes /confirmgc:yes /databasepath:"E:\NTDS" /logpath:"E:\logs" /sysvolpath:"E:\sysvol" /safemodeadminpassword:"P@$$w0rd"
上一章目录下一章