Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Active Directory

Unattended Installation of Active Directory

How do I automatically upgrade a server to a domain controller during installation?

You can automatically run DCPROMO during an unattended installation. Enter the command

​dcpromo /answer:%path_to_answer_file%

You’ll see a dialog box that says DCPROMO is running in unattended mode. Then, the machine will reboot.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

You can also add DCPROMO to the unattended file thats used to install your server.

The Microsoft Windows 2000 Resource Kit details the DCInstall section’s parameters in the file Unattend.doc:

Value Explanation
AdministratorPassword The new password for the domain Administrator account
AutoConfigDNS Specifies whether the wizard should configure DNS
ChildName Name of the child part of the domain
CreateOrJoin Specifies whether the domain will join an existing forest or create a new one
DatabasePath Location for the Active Directory database
DNSOnNetwork Used when a new forest of domains is installed and no DNS client is configured on the computer
DomainNetBiosName NetBIOS name for the domain
IsLastDCInDomain Only valid when demoting an existing domain controller to a member server
LogPath Path for the Directory Service (DS) logs
NewDomainDNSName Name of the new tree or when a new forest is created
ParentDomainDNSName Specifies the name of the parent domain
Password Password for the username used to promote the server
RebootOnSuccess Specifies whether an automatic reboot should be performed
ReplicaDomainDNSName Name of the domain to be replicated from
ReplicaOrMember Specifies whether a Windows NT 4.0 or 3.51 BDC being upgraded should become a replica domain controller or be demoted to a regular member server
ReplicaOrNewDomain Specifies whether the machine is a new domain controller in a new domain or a replica of an existing domain
SiteName Name of the site (Default-First-Site by default)
SysVolPath Path of SYSVOL
TreeOrChild Specifies whether entry is a new tree or child of existing domain
UserDomain Domain for the user being used in promotion
UserName Name of the user performing the upgrade

Because the DCPROMO process occurs after setup, the created answer file must be called $winnt$.inf and copied to the system32 folder. You need to add the following text to the GUIRunOnce section of the unattended Setup answer file:

"DCpromo /answer:%systemroot%\system32\$winnt$.inf"

After the DCPROMO process completes, DCPROMO removes password information from the $winnt$.inf file. To make this process easier because the RunOnce command doesn’t execute until someone logs on to the computer, you can add the following text to the unattended answer file.

[GUIUnattended] Autologon = yes ; automatically logs on the administrator account AutoLogoncount = n ; number of times to perform auto-admin logon

Dont use items such as %systemroot% or %windir%, because the unattended installation process doesn’t understand them.

You can just create a DCInstall section directly in your unattend.txt file to avoid having multiple unattended setup files. Enter text such as the following:

AdministratorPassword = password
CreateOrJoin = Create
DomainNetBiosName = dpetri
NewDomainDNSName =
RebootOnSuccess = Yes
ReplicaOrNewDomain = Domain
SiteName = "Lab"
TreeOrChild = Tree

My example script would create a new forest with the domain at the top and the new domain controller in the site Lab. The SYSVOL, logs, and Active Directory (AD) files would be in the default locations. The new domain Administrator account password would be password.

Related Topics:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: