Windows Server Core: Installing ADDS Role

March 2nd, 2010

Windows Server Core is a great option for your domain controllers. Generally speaking domain controllers should not be doing anything else and are rarely logged into interactively anyways. However promoting a machine to a domain controller from the command line is not as intuitive as it could should be.

This article is also very helpful if you want to script the promotion of your domain controllers.

DCPROMO.exe

Just like on a full server install dcpromo.exe is still used to promote a machine to a domain controller. One of the nice features of dcpromo.exe is that if the Active Directory Domain Services (ADDS) role is not installed dcpromo.exe will add that role to your server for you.

However if you would like to install the ADDS and DNS roles before you begin the promotion process the command lines would be:

dism /online /enable-feature /featurename:NetFx2-ServerCore
dism /online /enable-feature /featurename:NetFx3-ServerCore
dism /online /enable-feature /featurename:DirectoryServices-DomainController-ServerFoundation
dism /online /enable-feature /featurename:DNS-Server-Core-Role

The full command argument options of dcpromo.exe can be found at the Microsoft TechNet documentation site.

The common arguments used in either a new domain or existing domain scenario are:

unattend	Specifies that wizard will not be used (required on core). Can also specify a file location with answers required for promotion to domain controller.
replicaOrNewDomain	Specifies whether to add a domain controller to a domain or configure a new domain.Replica – Add to existing domain (used if not specified) ReadOnlyReplica – Add as RODC to existing domain Domain – Create new domain
safeModeAdminPassword	The password for the Directory Services Restore Mode account.

Creating a new Forest

The bare minimum command to create a new forest is:

dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:forest
/newDomainDnsName:serk.local /domainNetbiosName:SERK
/safeModeAdminPassword:

Remember that when you create a new Forest you are really creating a new Root level Domain so a lot of the commands will be referencing domain creation.

The common parameters used when creating a new forest are:

newDomain	Specifies if you are creating a new forest, new child domain, or new tree: Tree – Creates a new tree Child – Creates a new child domain Forest – Creates a new forest
newDomainDnsName	Specifies the DNS name of the new domain.
domainNetbiosName	Specifies the Netbios name of the new domain.
domainLevel (optional)	Specifies the domain level to set this new domain to: 0 – Windows 2000 (used if not specified) 2 – Windows 2003 3 – Windows 2008 4 – Windows 2008 R2
forestLevel (optional)	Specifies the forest level to set this new forest to: 0 – Windows 2000 (used on Windows 2008 if not specified) 2 – Windows 2003 (used on Windows 2008 R2 if not specified) 3 – Windows 2008 4 – Windows 2008 R2

Creating a new Domain in an existing Forest

The bare minimum command to create a new domain in an existing forest is:

dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:child
/newDomainDnsName:child.serk.local /parentDomainDNSName:serk.local
/domainNetbiosName:CHILD-SERK /childName:child
/userDomain:serk.local /username:administrator /password:*
/safeModeAdminPassword:

The bare minimum command to create a new tree in an existing forest is:

dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:tree
/newDomainDnsName:tree.local /parentDomainDNSName:serk.local
/domainNetbiosName:TREE
/userDomain:serk.local /username:administrator /password:*
/safeModeAdminPassword:

The common parameters used when creating a new domain in an existing forest are:

newDomain	Specifies if you are creating a new forest, new child domain, or new tree: Tree – Creates a new tree Child – Creates a new child domain Forest – Creates a new forest
newDomainDnsName	Specifies the DNS name of the new domain.
parentDomainDNSName	Specifies the parent domains DNS name.
domainNetbiosName	Specifies the Netbios name of the new domain.
childName	Specifies the single-label DNS name of this child domain. For example you would specify child if the child domain was child.serk.local.
username	Username of account to create domain in forest with. Must be an enterprise admin account.
userDomain	Domain of account specified in the /username parameter.
password	Password of account specified in the /username parameter. You can either specify the plain text password, or a * which will cause you to be prompted at run-time.
domainLevel (optional)	Specifies the domain level to set this new domain to: 0 – Windows 2000 (used if not specified) 2 – Windows 2003 3 – Windows 2008 4 – Windows 2008 R2

Adding a Domain Controller to an Existing Domain

The bare minimum command to add a domain controller to an existing domain is:

dcpromo.exe /unattend /replicaOrNewDomain:replica /replicaDomainDNSName:serk.local
/userDomain=serk.local /username=administrator /password:*
/safeModeAdminPassword:

The common parameters used adding a domain controller to a domain are:

replicaDomainDNSName	If joining an existing domain then specifies the DNS name of the existing domain.
username	Username of account to join domain with. Must be a domain admin account.
userDomain	Domain of account specified in the /username parameter.
password	Password of account specified in the /username parameter. You can either specify the plain text password, or a * which will cause you to be prompted at run-time.
ConfirmGc (optional)	Specifies whether the new domain controller should be a Global Catalog server: Yes – Sets the new DC to be a GC. No – Does not set the new DC to be a GC. (Used if not specified)
replicationSourceDC (optional)	The FQDN of the domain controller to replicate the domain information from during promotion. If you do not specify a replication source an existing domain controller will be automatically chosen.

Azure Overview for IT Pros