Installing Active Directory on Windows 2008 Server Core
In my previous articles (see list below) I have written about how, in Windows Server 2008, Server Core installation does not include the traditional full graphical user interface (GUI). Therefore, once you have configured the server, you can only manage it locally at a command prompt, or remotely using a Terminal Server connection. Read more about Server Core on my “Understanding Windows Server 2008 Server Core” article.
Server Core can host a few roles. See my “Managing Windows 2008 Server Core Server Roles” article for more info. One of these roles can be the Active Directory Directory Services (AD DS) role, where the server will act as a Domain Controller for an Active Directory domain. This Domain Controller (or DC for short) can be used as one of the following DC scenarios:
- The first DC in a new Active Directory Domain, inside a new Active Directory Forest
- An additional (replica) DC in an existing Active Directory Domain
- A Read Only DC (RODC) in an existing Active Directory Domain, in case you already have at least one regular DC running Windows Server 2008 in that domain
- The first DC in a new Active Directory Domain (child domain), under an existing Active Directory Tree, inside an existing Active Directory Forest
- The first DC in a new Active Directory Domain, as a new Active Directory Tree, inside an existing Active Directory Forest
Now, one might wonder how would you go about managing that DC if it were to run on a GUI-less server core. Well, the answer for that is based on 3 parts. The first part is to get your server core up and running. In order to do that, read my server core articles under the Related Articles section below. To make life easier on you, I’ve also written about a GUI tool called CoreConfigurator – read more about it on my “Easily Manage Windows Server 2008 Server Core Settings with CoreConfigurator" article.
The second part is the management of the specific Active Directory DS role that you’re about to install on the core. That can be easily done from one of your regular Windows Server 2008 DCs, or even from a workstation computer running Windows Vista. Read more about it on my “Installing Remote Server Administrative Tools on Windows Vista” article.
The third part is the process of the installation of the Active Directory DS role. It is done through the Active Directory Domain Services Installation Wizard (DCPROMO.exe). It performs the following tasks:
- Installs Active Directory Domain Services (AD DS) on Windows Server 2008-based workgroup servers and member servers
Or, if you run it on a server that is already configured as a DC:
- Removes AD DS from Windows Server 2008-based domain controllers
As noted above, since server core does not have a GUI, you will need to manually configure the DCPROMO settings and run them as an unattended process.
So, now let’s go to the business of actually installing the role. In order to install Active Directory DS on your server core machine you will need to perform the following tasks:
- Configure an unattend text file, containing the instructions for the DCPROMO process
- Configure the right server core settings + meet the DCPROMO requirements
- Copy that file to the server core machine
- Run the DCPROMO process with the unattend file
- Reboot the computer
Configure an unattend text file
First, let’s create the unattend, or answer, file. The unattend file is an ASCII text file that provides automated user input for each page of the Active Directory Domain Services Installation Wizard.
One method of creating the unattend file is by editing a sample file you’ve created before or obtained from other sources (like this website). This is an example of such an Unattend file. In this example you will create an additional DC for a domain called petrilab.local:
[DCINSTALL] UserName=administrator UserDomain=petrilab [email protected] SiteName=Default-First-Site-Name ReplicaOrNewDomain=replica DatabasePath="%systemroot%'NTDS" LogPath="%systemroot%'NTDS" SYSVOLPath="%systemroot%'SYSVOL" InstallDNS=yes ConfirmGC=yes [email protected] RebootOnCompletion=yes
Another method is by creating it through the DCPROMO wizard that you’ve ran on a different server. Read “Creating an Unattend Installation File for DCPROMO in Windows Server 2008" for more information.
Configure the right server core settings
After that you need to make sure the core machine is properly configured.
- Perform any configuration setting that you require (tasks such as changing computer name, changing and configure IP address, subnet mask, default gateway, DNS address, firewall settings, configuring remote desktop and so on).
- After changing the required server configuration, make sure that for the task of creating it as a DC – you have the following requirements in place:
- A partition formatted with NTFS (you should, it’s a server…)
- A network interface card, configure properly with the right driver
- A network cable plugged in
- The right IP address, subnet mask, default gateway
And most importantly, do not forget:
- The right DNS setting, in most cases, pointing to an existing internal DNS in your corporate network
Copy the unattend file to the server core machine
Now you need to copy the unattend file from wherever you’ve stored it. You can run it from a network location but I prefer to have it locally on the core machine. You can use the NET USE command on server core to map to a network path and copy the file to the local drive. You can also use a regular server/workstation to graphically access the core’s C$ drive (for example) and copy the file to that location.
Run the DCPROMO process
Next you need to manually run DCPROMO. To run the Active Directory Domain Services Installation Wizard in unattended mode, use the following command at a command prompt:
Reboot the machine
In order to reboot the server core machine type the following text in the command prompt and press Enter.
shutdown /r /t 0
After the server comes back online you’ll have yourself a new and shining DC running on a server core machine.
Running it all from one command line
Using an unattended file for DCPROMO is fine, and if you’ve prepared one handy it’s quite easy. However, there’s another method.
DCPROMO will accept command line switches, and if provided correctly, it will use them to perform the required tasks. For example, running the following command:
Dcpromo /unattend /replicaOrnewDomain:replica /replicaDomainDNSName:petrilab.local /ConfirmGC:yes /username:petrilab'administrator /Password:* /safeModeAdminPassword:[email protected]
will run DCPROMO and add the server as a Global Catalog server to the petrilab.local domain. The Domain restore Mode password will be set to [email protected] You will be asked to enter the domain administrator password when the command is run.
The server will reboot itself as part of the install.
BTW, to see the construction of the command we can enter the following command. It will create a text file containing the required information.
Dcpromo /?:Promotion > promotion.txt & promotion.txt
More in Windows Server 2008
Microsoft Acknowledges New Netlogon Issues On Windows Server Machines
Feb 25, 2022 | Rabia Noureen
How to Fully Patch the PrintNightmare Vulnerability
Jul 9, 2021 | Brad Sams
Everything You Need to Know About Windows – January 2020
Feb 3, 2020 | Russell Smith
Paul Thurrott's Short Takes: Microsoft Earnings Special Edition
Jan 31, 2020 | Paul Thurrott
SCARY: “Atom Bomb” Windows Security Hole said to be Unfixable
Oct 31, 2016 | Richi Jennings
Microsoft’s New Patching Philosophy Sacrifices A Few For The Many
Aug 19, 2016 | Brad Sams
Most popular on petri