- Active Directory Administration Cookbook
- Sander Berkouwer
- 258字
- 2021-06-24 14:42:08
Promoting a read-only domain controller using dcpromo.exe
Read-only domain controllers can be promoted using dcpromo.exe with an answer file or with all of the installation arguments specified, just like fully-writable domain controllers. An added benefit is that dcpromo.exe will install the Active Directory Domain Services server role automatically when it's not yet present.
Using dcpromo.exe with an answer file consists of running the following command line:
dcpromo.exe /unattend: C:\install\dcpromo.txt
A prime example of an answer file to add a read-only domain controller would look like the following:
[DCINSTALL]
ReplicaorNewDomain= readonlyreplica
ReplicaDomainDNSName= lucernpub.com
UserDomain= LUCERNPUB
UserName= Administrator
SiteName= "Remote Location"
Password= "P@$$w0rd"
InstallDNS= Yes
ConfirmGC= Yes
CreateDNSDelegation= No
DatabasePath= E:\NTDS
LogPath= E:\Logs
SYSVOLPath= E:\SYSVOL
SafeModeAdminPassword= "P@$$w0rd"
RebootOnSuccess= true
This will add a read-only domain controller to the lucernpub.com Active Directory domain, using the credentials for the administrator account with the password, P@$$w0rd. The read-only domain controller will be installed with a DNS Server and configured as a global catalog server. All the Active Directory-related files are stored in corresponding folders on the E:\ drive, and when successful, the Windows Server installation you intend as the read-only domain controller will be rebooted automatically. Replace the values in the preceding sample file with the values of your choice.
The arguments in the answer file can also be specified as command-line arguments. The arguments can be reused one on one, so the preceding sample answer file would correspond to the following command line:
dcpromo.exe /unattend /replicaornewdomain:ReadOnlyReplica /replicadomaindnsname:lucernpub.com /userdomain:LUCERNPUB /username:administrator /password:"P@$$w0rd" /sitename:RemoteLocation /installdns:yes /confirmgc:yes /databasepath:"E:\NTDS" /logpath:"E:\logs" /sysvolpath:"E:\sysvol" /safemodeadminpassword:"P@$$w0rd"