Tip

Dcpromo using an unattended answer file

Not many administrators realize that they can run Dcpromo from an unattended answer file and eliminate all those cute little Wizard prompts. When combined with the Install from Media (IFM) option we discussed in Recovering a DC using 'Install from Media'

    Requires Free Membership to View

last month, using an answer file makes Dcpromo a very easy operation when a domain controller (DC) has to be rebuilt in a remote site.

Consider one customer I worked with in the past. The company had a number of sites, and not all of them had an IT staff on the premises. At one site, the only technical person they had was the receptionist. The company sent her through some training so she had some basic IT skills. Thus, the IT staff members at another site could talk her through anything they needed her to do on site. If the DC had a hardware failure that required a DC to be rebuilt, an IT person could either do a CD install or issue a server image using RIS or other third-party products. Typically, it isn't a good idea to image a DC because there are continual changes, and the image would be out of date pretty quickly. To get it promoted, they could use IFM and ship a DVD or tape with the restored system state of a DC in the domain, but then they'd have to talk the receptionist through the Dcpromo prompts and hope she didn't make any typos. Of course they would also have to trust her with a domain admin account.

A better option for Dcpromo would be to use the unattended answer file option. They could put the answer file on the DVD with the backup state and direct the receptionist to simply enter the following command from the command line or just make a simple .bat file and have her run that from the DVD.

C:> dcpromo /adv /answer:c:scripts\answerfile.txt

The /adv option is required for IFM to let Dcpromo source from the local media. The /answer option points to an answer file that would contain all the answers. In this case, the file is called "answerfile.txt" and is in the c:\scripts directory. Just provide the correct path in the command line, and it can exist in any directory of your choosing.

Example

Microsoft's Knowledge Base article 311078 is an excellent guide that contains samples for various answer files to promote the initial DC in a domain, a replica DC, and so on. The answer file shown here promotes a replica DC since IFM can only be used for replicas. Here is information about the various command lines so you know what is going on:

Steps:

  1. Create a file using the following commands. In our example, we call this file "Dcpromo-unattend.txt". Note that the credentials of an administrator account including the password are entered.
  2. If you run the answer file more than once, you must re-enter the admin account and password each time or the script will terminate at the screen asking for credentials.
Important: Remove all comment lines (lines prefixed with a semicolon) before using this as an answer file.


[Unattended]
Unattendmode=fullunattended

[DCINSTALL]
UserName=JoeB                  ;Enter domain admin acct
Password=MyPwd123              ;Enter pwd for domain admin acct
UserDomain=Corp.com            ;Enter domain of the user acct
DatabasePath=c:windowsntds     ;Enter the path for the NTDS.DIT file 
LogPath=c:windowsntds          ;Enter the path for the NTDS.DIT file 
SYSVOLPath=D:windowssysvol
SafeModeAdminPassword=DSadminPwd7   ;Enter the pwd for the DSRestore
                                    ;mode admin acct.
                                           
CriticalReplicationOnly    
SiteName=Seattle               ;Enter the name of an existing site. If
                               ;the site is not already defined, an error
                               ;will result

ReplicaOrNewDomain=Replica     ;Remember IFM can only work on a replica,
                               ;but you can use "newDomain" if you aren't
                               ;using IFM to create a new domain

ReplicaDomainDNSName=Corp.com  ;This is the FQDNof the domain
ReplicationSourceDC=           ;Don't enter anything here when using IFM
                               ;If not using IFM, this can be used to force
                               ;DCpromo to source from a specific DC.
                       
ReplicateFromMedia=yes         ;This is required for IFM indicating you
                               ;want use a network path for the source
                               ;of the AD

ReplicationSourcePath=c:NTDSrestore ;This is the path where the restored
                                    ;system state files are located.

RebootOnSuccess=yes            ;This will cause an automatic reboot when
                               ;Dcpromo finishes

Note: Before running Dcpromo, you may want to rename the computer to a name reflective of a DC (i.e. Corp-DC2 rather than Corp-SRV1), depending on your naming convention. However, Windows 2003 permits renaming a DC without demoting it.

On the member server, execute the following command from a command prompt:

C:> Dcpromo /adv /answer:C:\dcpromo-unattend.txt

Note: Specify the full path to the answer file.

If successful, the computer will reboot automatically at the end of Dcpromo. You shouldn't have to enter any information manually or interact with any dialogs. If you are prompted for any information, it means information is missing from the answer file.

Edit the Dcpromo-unattend.txt file. Note that the password field has been erased to prevent the admin password from existing in a simple text file.

Note: Using the answer file option in the Dcpromo command line will prevent the new dialog that prompts you for the location of the system state restore files from appearing, just as the answer file will prevent any GUI dialog from appearing for any questions that are correctly defined in the answer file.

Debugging:

  • The normal way to debug an answer file is to simply run the command line above. If there are any errors in the answer file, Dcpromo simply aborts the unattend mode and brings up the Wizard, requiring you to enter the missing information. Once you run Dcpromo and no GUI dialogs appear, you know the answer file is correct -- at least syntactically.
  • Make sure all the domain-specific information is correct.
  • Make sure the path to the answer file in the Dcpromo command line is correct.
  • Remember that the admin account and password are cleared each time you run the answer file, so if you run the command line and it prompts you for a username and password, re-enter them in the answer file. Of course you may want to have it prompt you for security reasons.

Clean up:
After the computer reboots, check to make sure Dcpromo was successful. From a command prompt, enter the command Net Share. You should then see Netlogon and Sysvol shares listed. If they don't show up, then the promotion wasn't successful, which would likely be due to failed replication. Also check the DNS settings.


Gary Olsen is an HP/Compaq consultant on Active Directory design. He authored Wi ndows 2000 Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers.

This was first published in April 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.