3.4. Automating the Promotion or Demotion of a Domain Controller
Problem
You want to automate the installation or removal of a domain controller. You can make the promotion process part of your standard build process by incorporating the necessary configuration lines in your answer file(s).
Solution
You can automate the promotion of a domain controller by using the
unattended process when building the server or by manually running
dcpromo
after the system has been built. Pass an
answer file containing the necessary lines to promote the server to
dcpromo
by specifying a /answer
switch. Here is an example:
> dcpromo /answer:<path_to_answer_file>
If you want to run dcpromo
as part of an
unattended setup, you need to add a [GUIRunOnce]
section in your unattended setup file that calls the
dcpromo
process
. You can
promote a domain controller only after setup has completed and
someone logs in for the first time. That is why it is necessary to
use a [GUIRunOnce]
section, which sets the
RunOnce
registry key to kick off
dcpromo
after someone logs in. Here is an example:
[GUIRunOnce] "dcpromo /answer:%systemroot%\system32\$winnt$.inf"
The dcpromo
answer section starts with
[DCInstall]
. Here is an example answer file for
adding a domain controller to an existing domain in the rallencorp.com forest:
[DCINSTALL] UserName=administrator Password=RAllencorpAdminPassword UserDomain=rallencorp.com DatabasePath=%systemroot%\ntds LogPath=%systemroot%\ntds SYSVOLPath=%systemroot%\sysvol SafeModeAdminPassword=DSrestoreModePassword ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.