Not many administrators realize that they can run Dcpromo from an unattended answer file and eliminate all those...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
cute little Wizard prompts. When combined with the Install from Media (IFM) option we discussed in Recovering a DC using 'Install from Media' last month, using an answer file makes Dcpromo a very easy operation when a domain controller (DC) has to be rebuilt in a remote site.
Consider one customer I worked with in the past. The company had a number of sites, and not all of them had an IT staff on the premises. At one site, the only technical person they had was the receptionist. The company sent her through some training so she had some basic IT skills. Thus, the IT staff members at another site could talk her through anything they needed her to do on site. If the DC had a hardware failure that required a DC to be rebuilt, an IT person could either do a CD install or issue a server image using RIS or other third-party products. Typically, it isn't a good idea to image a DC because there are continual changes, and the image would be out of date pretty quickly. To get it promoted, they could use IFM and ship a DVD or tape with the restored system state of a DC in the domain, but then they'd have to talk the receptionist through the Dcpromo prompts and hope she didn't make any typos. Of course they would also have to trust her with a domain admin account.
A better option for Dcpromo would be to use the unattended answer file option. They could put the answer file on the DVD with the backup state and direct the receptionist to simply enter the following command from the command line or just make a simple .bat file and have her run that from the DVD.
C:> dcpromo /adv /answer:c:scripts\answerfile.txtThe /adv option is required for IFM to let Dcpromo source from the local media. The /answer option points to an answer file that would contain all the answers. In this case, the file is called "answerfile.txt" and is in the c:\scripts directory. Just provide the correct path in the command line, and it can exist in any directory of your choosing.
Microsoft's Knowledge Base article 311078 is an excellent guide that contains samples for various answer files to promote the initial DC in a domain, a replica DC, and so on. The answer file shown here promotes a replica DC since IFM can only be used for replicas. Here is information about the various command lines so you know what is going on:
- Create a file using the following commands. In our example, we call this file "Dcpromo-unattend.txt". Note that the credentials of an administrator account including the password are entered.
- If you run the answer file more than once, you must re-enter the admin account and password each time or the script will terminate at the screen asking for credentials.
[Unattended] Unattendmode=fullunattended [DCINSTALL] UserName=JoeB ;Enter domain admin acct Password=MyPwd123 ;Enter pwd for domain admin acct UserDomain=Corp.com ;Enter domain of the user acct DatabasePath=c:windowsntds ;Enter the path for the NTDS.DIT file LogPath=c:windowsntds ;Enter the path for the NTDS.DIT file SYSVOLPath=D:windowssysvol SafeModeAdminPassword=DSadminPwd7 ;Enter the pwd for the DSRestore ;mode admin acct. CriticalReplicationOnly SiteName=Seattle ;Enter the name of an existing site. If ;the site is not already defined, an error ;will result ReplicaOrNewDomain=Replica ;Remember IFM can only work on a replica, ;but you can use "newDomain" if you aren't ;using IFM to create a new domain ReplicaDomainDNSName=Corp.com ;This is the FQDNof the domain ReplicationSourceDC= ;Don't enter anything here when using IFM ;If not using IFM, this can be used to force ;DCpromo to source from a specific DC. ReplicateFromMedia=yes ;This is required for IFM indicating you ;want use a network path for the source ;of the AD ReplicationSourcePath=c:NTDSrestore ;This is the path where the restored ;system state files are located. RebootOnSuccess=yes ;This will cause an automatic reboot when ;Dcpromo finishes
Note: Before running Dcpromo, you may want to rename the computer to a name reflective of a DC (i.e. Corp-DC2 rather than Corp-SRV1), depending on your naming convention. However, Windows 2003 permits renaming a DC without demoting it.
On the member server, execute the following command from a command prompt:
C:> Dcpromo /adv /answer:C:\dcpromo-unattend.txtNote: Specify the full path to the answer file.
If successful, the computer will reboot automatically at the end of Dcpromo. You shouldn't have to enter any information manually or interact with any dialogs. If you are prompted for any information, it means information is missing from the answer file.
Edit the Dcpromo-unattend.txt file. Note that the password field has been erased to prevent the admin password from existing in a simple text file.
Note: Using the answer file option in the Dcpromo command line will prevent the new dialog that prompts you for the location of the system state restore files from appearing, just as the answer file will prevent any GUI dialog from appearing for any questions that are correctly defined in the answer file.
- The normal way to debug an answer file is to simply run the command line above. If there are any errors in the answer file, Dcpromo simply aborts the unattend mode and brings up the Wizard, requiring you to enter the missing information. Once you run Dcpromo and no GUI dialogs appear, you know the answer file is correct -- at least syntactically.
- Make sure all the domain-specific information is correct.
- Make sure the path to the answer file in the Dcpromo command line is correct.
- Remember that the admin account and password are cleared each time you run the answer file, so if you run the command line and it prompts you for a username and password, re-enter them in the answer file. Of course you may want to have it prompt you for security reasons.
After the computer reboots, check to make sure Dcpromo was successful. From a command prompt, enter the command Net Share. You should then see Netlogon and Sysvol shares listed. If they don't show up, then the promotion wasn't successful, which would likely be due to failed replication. Also check the DNS settings.
Gary Olsen is an HP/Compaq consultant on Active Directory design. He authored Wi ndows 2000 Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers.