Windows Server Core is a great option for your domain controllers. Generally speaking domain controllers should not be doing anything else and are rarely logged into interactively anyways. However promoting a machine to a domain controller from the command line is not as intuitive as it could should be.
This article is also very helpful if you want to script the promotion of your domain controllers.
Just like on a full server install dcpromo.exe is still used to promote a machine to a domain controller. One of the nice features of dcpromo.exe is that if the Active Directory Domain Services (ADDS) role is not installed dcpromo.exe will add that role to your server for you.
However if you would like to install the ADDS and DNS roles before you begin the promotion process the command lines would be:
dism /online /enable-feature /featurename:NetFx2-ServerCore
dism /online /enable-feature /featurename:NetFx3-ServerCore
dism /online /enable-feature /featurename:DirectoryServices-DomainController-ServerFoundation
dism /online /enable-feature /featurename:DNS-Server-Core-Role
The full command argument options of dcpromo.exe can be found at the Microsoft TechNet documentation site.
The common arguments used in either a new domain or existing domain scenario are:
| unattend | Specifies that wizard will not be used (required on core). Can also specify a file location with answers required for promotion to domain controller. |
| replicaOrNewDomain | Specifies whether to add a domain controller to a domain or configure a new domain.Replica – Add to existing domain (used if not specified) ReadOnlyReplica – Add as RODC to existing domain Domain – Create new domain |
| safeModeAdminPassword | The password for the Directory Services Restore Mode account. |
The bare minimum command to create a new forest is:
dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:forest
/newDomainDnsName:serk.local /domainNetbiosName:SERK
/safeModeAdminPassword:
Remember that when you create a new Forest you are really creating a new Root level Domain so a lot of the commands will be referencing domain creation.
The common parameters used when creating a new forest are:
| newDomain | Specifies if you are creating a new forest, new child domain, or new tree: Tree – Creates a new tree Child – Creates a new child domain Forest – Creates a new forest |
| newDomainDnsName | Specifies the DNS name of the new domain. |
| domainNetbiosName | Specifies the Netbios name of the new domain. |
| domainLevel (optional) | Specifies the domain level to set this new domain to: 0 – Windows 2000 (used if not specified) 2 – Windows 2003 3 – Windows 2008 4 – Windows 2008 R2 |
| forestLevel (optional) | Specifies the forest level to set this new forest to: 0 – Windows 2000 (used on Windows 2008 if not specified) 2 – Windows 2003 (used on Windows 2008 R2 if not specified) 3 – Windows 2008 4 – Windows 2008 R2 |
The bare minimum command to create a new domain in an existing forest is:
dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:child
/newDomainDnsName:child.serk.local /parentDomainDNSName:serk.local
/domainNetbiosName:CHILD-SERK /childName:child
/userDomain:serk.local /username:administrator /password:*
/safeModeAdminPassword:
The bare minimum command to create a new tree in an existing forest is:
dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:tree
/newDomainDnsName:tree.local /parentDomainDNSName:serk.local
/domainNetbiosName:TREE
/userDomain:serk.local /username:administrator /password:*
/safeModeAdminPassword:
The common parameters used when creating a new domain in an existing forest are:
| newDomain | Specifies if you are creating a new forest, new child domain, or new tree: Tree – Creates a new tree Child – Creates a new child domain Forest – Creates a new forest |
| newDomainDnsName | Specifies the DNS name of the new domain. |
| parentDomainDNSName | Specifies the parent domains DNS name. |
| domainNetbiosName | Specifies the Netbios name of the new domain. |
| childName | Specifies the single-label DNS name of this child domain. For example you would specify child if the child domain was child.serk.local. |
| username | Username of account to create domain in forest with. Must be an enterprise admin account. |
| userDomain | Domain of account specified in the /username parameter. |
| password | Password of account specified in the /username parameter. You can either specify the plain text password, or a * which will cause you to be prompted at run-time. |
| domainLevel (optional) | Specifies the domain level to set this new domain to: 0 – Windows 2000 (used if not specified) 2 – Windows 2003 3 – Windows 2008 4 – Windows 2008 R2 |
The bare minimum command to add a domain controller to an existing domain is:
dcpromo.exe /unattend /replicaOrNewDomain:replica /replicaDomainDNSName:serk.local
/userDomain=serk.local /username=administrator /password:*
/safeModeAdminPassword:
The common parameters used adding a domain controller to a domain are:
| replicaDomainDNSName | If joining an existing domain then specifies the DNS name of the existing domain. |
| username | Username of account to join domain with. Must be a domain admin account. |
| userDomain | Domain of account specified in the /username parameter. |
| password | Password of account specified in the /username parameter. You can either specify the plain text password, or a * which will cause you to be prompted at run-time. |
| ConfirmGc (optional) | Specifies whether the new domain controller should be a Global Catalog server: Yes – Sets the new DC to be a GC. No – Does not set the new DC to be a GC. (Used if not specified) |
| replicationSourceDC (optional) | The FQDN of the domain controller to replicate the domain information from during promotion. If you do not specify a replication source an existing domain controller will be automatically chosen. |
Related posts
HashSet.IntersectWith() in C# April 2nd, 2009 I realize that real developers have been aware of this for years. However...
Mách tân binh cách chơi Natalya siêu đỉnh như game thủ
Cách chơi Natalya như thế nào? Kinh nghiệm lên đồ và chiến thuật đánh chặn trong từng giai đoạn...
LA C# and SoCalDotNet Presentations
LA C# and SoCalDotNet Presentations February 5th, 2009 I just got back last night from my trip to the...
