This Domain Controller (or DC for short) can be used as one of the following DC scenarios:
1The first DC in a new Active Directory Domain, inside a new Active Directory Forest
2An additional (replica) DC in an existing Active Directory Domain
3A Read Only DC (RODC) in an existing Active Directory Domain, in case you already have at least one regular DC running Windows Server 2008 in that domain
4The first DC in a new Active Directory Domain (child domain), under an existing Active Directory Tree, inside an existing Active Directory Forest
5The first DC in a new Active Directory Domain, as a new Active Directory Tree, inside an existing Active Directory Forest
Now, one might wonder how would you go about managing that DC if it were to run on a GUI-less server core. Well, the answer for that is based on 3 parts. The first part is to get your server core up and running. In order to do that, read my server core articles under the Related Articles section below. To make life easier on you, I've also written about a GUI tool called CoreConfigurator –
The second part is the management of the specific Active Directory DS role that you're about to install on the core. That can be easily done from one of your regular Windows Server 2008 DCs, or even from a workstation computer running Windows Vista.
The third part is the process of the installation of the Active Directory DS role. It is done through the Active Directory Domain Services Installation Wizard (DCPROMO.exe). It performs the following tasks:
Installs Active Directory Domain Services (AD DS) on Windows Server 2008-based workgroup servers and member servers
Or, if you run it on a server that is already configured as a DC:
Removes AD DS from Windows Server 2008-based domain controllers
As noted above, since server core does not have a GUI, you will need to manually configure the DCPROMO settings and run them as an unattended process.
So, now let's go to the business of actually installing the role. In order to install Active Directory DS on your server core machine you will need to perform the following tasks:
Configure an unattend text file, containing the instructions for the DCPROMO process
Configure the right server core settings + meet the DCPROMO requirements
Copy that file to the server core machine
Run the DCPROMO process with the unattend file
Reboot the computer
Let's begin...
Configure an unattend text file
First, let's create the unattend, or answer, file. The unattend file is an ASCII text file that provides automated user input for each page of the Active Directory Domain Services Installation Wizard.
One method of creating the unattend file is by editing a sample file you've created before or obtained from other sources (like this website). This is an example of such an Unattend file. In this example you will create an additional DC for a domain called petrilab.local:
[DCINSTALL] UserName=administrator UserDomain=petrilab Password=P@ssw0rd1 SiteName=Default-First-Site-Name ReplicaOrNewDomain=replica DatabasePath="%systemroot%'NTDS" LogPath="%systemroot%'NTDS" SYSVOLPath="%systemroot%'SYSVOL" InstallDNS=yes ConfirmGC=yes SafeModeAdminPassword=P@ssw0rd1 RebootOnCompletion=yes
Another method is by creating it through the DCPROMO wizard that you've ran on a different server.
After that you need to make sure the core machine is properly configured.
Perform any configuration setting that you require (tasks such as changing computer name, changing and configure IP address, subnet mask, default gateway, DNS address, firewall settings, configuring remote desktop and so on).
After changing the required server configuration, make sure that for the task of creating it as a DC – you have the following requirements in place:
A partition formatted with NTFS (you should, it's a server…)
A network interface card, configure properly with the right driver
A network cable plugged in
The right IP address, subnet mask, default gateway
And most importantly, do not forget:
The right DNS setting, in most cases, pointing to an existing internal DNS in your corporate network
Copy the unattend file to the server core machine
Now you need to copy the unattend file from wherever you've stored it. You can run it from a network location but I prefer to have it locally on the core machine. You can use the NET USE command on server core to map to a network path and copy the file to the local drive. You can also use a regular server/workstation to graphically access the core's C$ drive (for example) and copy the file to that location.
Run the DCPROMO process
Next you need to manually run DCPROMO. To run the Active Directory Domain Services Installation Wizard in unattended mode, use the following command at a command prompt:dcpromo /unattend:
Reboot the machine
In order to reboot the server core machine type the following text in the command prompt and press Enter.shutdown /r /t 0
After the server comes back online you'll have yourself a new and shining DC running on a server core machine.
Running it all from one command line
Using an unattended file for DCPROMO is fine, and if you've prepared one handy it's quite easy. However, there's another method.
DCPROMO will accept command line switches, and if provided correctly, it will use them to perform the required tasks. For example, running the following command:Dcpromo /unattend /replicaOrnewDomain:replica /replicaDomainDNSName:petrilab.local /ConfirmGC:yes /username:petrilab'administrator /Password:* /safeModeAdminPassword:P@ssw0rd1
will run DCPROMO and add the server as a Global Catalog server to the petrilab.local domain. The Domain restore Mode password will be set to P@ssw0rd1. You will be asked to enter the domain administrator password when the command is run.
The server will reboot itself as part of the install.
BTW, to see the construction of the command we can enter the following command. It will create a text file containing the required information.Dcpromo /?:Promotion > promotion.txt & promotion.txt