Unattended Installation of Active Directory
How do I automatically upgrade a server to a domain controller during installation?
You can automatically run DCPROMO during an unattended installation. Enter the command
You’ll see a dialog box that says DCPROMO is running in unattended mode. Then, the machine will reboot.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
You can also add DCPROMO to the unattended file that‘s used to install your server.
The Microsoft Windows 2000 Resource Kit details the DCInstall section’s parameters in the file Unattend.doc:
|AdministratorPassword||The new password for the domain Administrator account|
|AutoConfigDNS||Specifies whether the wizard should configure DNS|
|ChildName||Name of the child part of the domain|
|CreateOrJoin||Specifies whether the domain will join an existing forest or create a new one|
|DatabasePath||Location for the Active Directory database|
|DNSOnNetwork||Used when a new forest of domains is installed and no DNS client is configured on the computer|
|DomainNetBiosName||NetBIOS name for the domain|
|IsLastDCInDomain||Only valid when demoting an existing domain controller to a member server|
|LogPath||Path for the Directory Service (DS) logs|
|NewDomainDNSName||Name of the new tree or when a new forest is created|
|ParentDomainDNSName||Specifies the name of the parent domain|
|Password||Password for the username used to promote the server|
|RebootOnSuccess||Specifies whether an automatic reboot should be performed|
|ReplicaDomainDNSName||Name of the domain to be replicated from|
|ReplicaOrMember||Specifies whether a Windows NT 4.0 or 3.51 BDC being upgraded should become a replica domain controller or be demoted to a regular member server|
|ReplicaOrNewDomain||Specifies whether the machine is a new domain controller in a new domain or a replica of an existing domain|
|SiteName||Name of the site (Default-First-Site by default)|
|SysVolPath||Path of SYSVOL|
|TreeOrChild||Specifies whether entry is a new tree or child of existing domain|
|UserDomain||Domain for the user being used in promotion|
|UserName||Name of the user performing the upgrade|
Because the DCPROMO process occurs after setup, the created answer file must be called $winnt$.inf and copied to the ‘system32 folder. You need to add the following text to the GUIRunOnce section of the unattended Setup answer file:
[GUIRunOnce] "DCpromo /answer:%systemroot%\system32\$winnt$.inf"
After the DCPROMO process completes, DCPROMO removes password information from the $winnt$.inf file. To make this process easier because the RunOnce command doesn’t execute until someone logs on to the computer, you can add the following text to the unattended answer file.
[GUIUnattended] Autologon = yes ; automatically logs on the administrator account AutoLogoncount = n ; number of times to perform auto-admin logon
Don‘t use items such as %systemroot% or %windir%, because the unattended installation process doesn’t understand them.
You can just create a DCInstall section directly in your unattend.txt file to avoid having multiple unattended setup files. Enter text such as the following:
[DCInstall] AdministratorPassword = password CreateOrJoin = Create DomainNetBiosName = dpetri NewDomainDNSName = dpetri.net RebootOnSuccess = Yes ReplicaOrNewDomain = Domain SiteName = "Lab" TreeOrChild = Tree
My example script would create a new forest with the domain dpetri.net at the top and the new domain controller in the site Lab. The SYSVOL, logs, and Active Directory (AD) files would be in the default locations. The new domain Administrator account password would be password.