Windows 2008:Install unattended Active Directory on Windows 2008 Server Core

March 1, 2011 1 Comment

I hope you are familiar with the Server Core and you have the server up and running. If not, you can read about it in the article Windows 2008 Core Edition: Step-By-Step Install and Configure.

OK, let’s get started!

1. First of all we will have to cofigure an unattended text file witch is called “answer file”. The answer file is an ASCII text file that provides automated user input for each page of the Active Directory Domain Services Installation Wizard.

As well know there are different types of Active Directory installations and of course the answer file is slightly different of each one of them. A list of answer files can be found bellow:

Show: For new tree in new forest

[DCINSTALL]
InstallDNS=yes
NewDomain=forest
NewDomainDNSName=<The fully qualified Domain Name System (DNS) name>
DomainNetBiosName=<By default, the first label of the fully qualified DNS name>
SiteName=<Default-First-Site-Name>
ReplicaOrNewDomain=domain
ForestLevel=<The forest functional level number>
DomainLevel=<The domain functional level number>
DatabasePath=”<The path of a folder on a local volume>”
LogPath=”<The path of a folder on a local volume>”
RebootOnCompletion=yes
SYSVOLPath=”<The path of a folder on a local volume>”
SafeModeAdminPassword=<The password for an offline administrator account>

Show: For child domain

[DCINSTALL]
ParentDomainDNSName=<Fully qualified DNS name of parent domain>
UserName=<The administrative account in the parent domain>
UserDomain=<The name of the domain of the user account>
Password=<The password for the user account> Specify * to prompt the user for credentials during the installation.
NewDomain=child
ChildName=<The single-label DNS name of the new domain>
SiteName=<The name of the AD DS site in which this domain controller will reside> This site must be created in advance in the Dssites.msc snap-in.
DomainNetBiosName=<The first label of the fully qualified DNS name>
ReplicaOrNewDomain=domain
DomainLevel=<The domain functional level number> This value cannot be less than the current value of the forest functional level.
DatabasePath=”<The path of a folder on a local volume>”
LogPath=”<The path of a folder on a local volume>”
SYSVOLPath=”<The path of a folder on a local volume>”
InstallDNS=yes
CreateDNSDelegation=yes
DNSDelegationUserName= <The account that has permissions to create a DNS delegation> The account that is being used to install AD DS may differ from the account in the parent domain that has the permissions that are required to create a DNS delegation. In this case, specify the account that can create the DNS delegation for this parameter. Specify * to prompt the user for credentials during the installation.
DNSDelegationPassword= <The password for the account that is specified for DNSDelegationUserName> Specify * to prompt the user for a password during the installation.
SafeModeAdminPassword=<The password for an offline administrator account>
RebootOnCompletion=yes

Show: For a new tree in existing forest

[DCINSTALL]
UserName=<An administrative account in the parent domain>
UserDomain=<The name of the domain of the user account>
Password=<The password for the adminstrative account> Specify * to prompt the user for credentials during the installation.
NewDomain=tree
NewDomainDNSName=<The fully qualified DNS name of the new domain>
SiteName=<The name of the AD DS site in which this domain controller will reside> This site must be created in advance in the Dssites.msc snap-in.
DomainNetBiosName=<The first label of the fully qualified DNS name>
ReplicaOrNewDomain=domain
DomainLevel=<The domain functional level number>
DatabasePath=”<The path of a folder on a local volume>”
LogPath=”<The path of a folder on a local volume>”
SYSVOLPath=”<The path of a folder on a local volume>”
InstallDNS=yes
CreateDNSDelegation=yes
DNSDelegationUserName= <The account that has permissions to create a DNS delegation> The account that is being used to install AD DS may differ from the account in the parent domain that has the permissions that are required to create a DNS delegation. In this case, specify the account that can create the DNS delegation for this parameter. Specify * to prompt the user for credentials during the installation.
DNSDelegationPassword=<The password for the account that is specified for DNSDelegationUserName> Specify * to prompt the user for a password during the installation.
SafeModeAdminPassword=<The password for an offline administrator account>
RebootOnCompletion=yes

Show: For additional domain controller

[DCINSTALL]
UserName=<The administrative account in the domain of the new domain controller>
UserDomain=<The name of the domain of the new domain controller>
Password=<The password for the UserName account>
SiteName=<The name of the AD DS site in which this domain controller will reside> This site must be created in advance in the Dssites.msc snap-in.
ReplicaOrNewDomain=replica
ReplicaDomainDNSName=<The fully qualified domain name (FQDN) of the domain in which you want to add an additional domain controller>
DatabasePath=”<The path of a folder on a local volume>”
LogPath=”<The path of a folder on a local volume>”
SYSVOLPath=”<The path of a folder on a local volume>”
InstallDNS=yes
ConfirmGC=yes
SafeModeAdminPassword=<The password for an offline administrator account>
RebootOnCompletion=yes

Show: For read-only domain controller (RODC)

[DCINSTALL]
UserName=<The administrative account in the domain of the new domain controller>
UserDomain=<The name of the domain of the user account>
PasswordReplicationDenied=<The names of the user, group, and computer accounts whose passwords are not to be replicated to this RODC>
PasswordReplicationAllowed =<The names of the user, group, and computer accounts whose passwords can be replicated to this RODC>
DelegatedAdmin=<The user or group account name that will install and administer the RODC>
SiteName=Default-First-Site-Name
CreateDNSDelegation=no
CriticalReplicationOnly=yes
Password=<The password for the UserName account>
ReplicaOrNewDomain=ReadOnlyReplica
ReplicaDomainDNSName=<The FQDN of the domain in which you want to add an additional domain controller>
DatabasePath= “<The path of a folder on a local volume>”
LogPath=”<The path of a folder on a local volume>”
SYSVOLPath=”<The path of a folder on a local volume>”
InstallDNS=yes
ConfirmGC=yes
SafeModeAdminPassword=<The password for an offline administrator account>
RebootOnCompletion=yes

2. After modifying all the parameters to reflect your environment you have to copy this file to the new core server.

Show: RODC Example

[DCINSTALL]
UserName=Administrator
UserDomain=itbasement
PasswordReplicationAllowed =razvo
DelegatedAdmin=Administrator
SiteName=Default-First-Site-Name
CreateDNSDelegation=no
CriticalReplicationOnly=yes
Password=*
ReplicaOrNewDomain=ReadOnlyReplica
ReplicaDomainDNSName=itbasement.net
DatabasePath= “C:\Windows\NTDS”
LogPath=”C:\Windows\NTDS”
SYSVOLPath=”C:\Windows\SYSVOL”
InstallDNS=yes
ConfirmGC=yes
SafeModeAdminPassword=Pa$$w@rd
RebootOnCompletion=yes

Show: Additional DC Example

[DCINSTALL]
UserName=Administrator
UserDomain=itbasement
Password=*
SiteName=Default-First-Site-Name
ReplicaOrNewDomain=replica
ReplicaDomainDNSName=itbasement.net
DatabasePath=”C:\Windows\NTDS”
LogPath=”C:\Windows\NTDS”
SYSVOLPath=”C:\Windows\SYSVOL”
InstallDNS=yes
ConfirmGC=yes
SafeModeAdminPassword=Pa$$w@rd
RebootOnCompletion=yes

3. Now, to run the Active Directory Domain Services Installation Wizard in unattended mode, we have to use the following command at a command prompt:

dcpromo /unattend:<path of the answer file>:

Note: The <path of the answer file> placeholder represents the path of the answer file that will be used to install or remove AD DS. You must be logged on as a local administrator for the computer to run this command.

4. After the AD installation ends reboot the computer

shutdown /r /t /0

Or you can choose to install a replica from one command-line:

Show: Example of creating an AD replica without answerfile

dcpromo /unattend /username:itbasement\administrator /password:* /installDNS:yes /DNSonNetwork:yes /replicaORNewDomain:replica /replicaDomainDNSName:itbasement.net /DomainNetBiosName:itbasement /databasePath:”c:\NTDS” /logPath:”c:\NTDS” /sysvolpath:”c:\sysvol” /safemodeAdminPassword:VMware2010 /rebootoncompletion:yes

To remove a Domain Controller from Active Directory use the following answer files:

Show: For removal of AD DS

[DCINSTALL]
UserName=<An administrative account in the domain>
UserDomain=<The domain name of the administrative account>
Password=<The password for the UserName account>
AdministratorPassword=<The local administrator password for the server>
RemoveApplicationPartitions=yes
RemoveDNSDelegation=yes
DNSDelegationUserName=<The DNS server administrative account for the DNS zone that contains the DNS delegation>
DNSDelegationPassword=<The password for the DNSDelegationUserName account>
RebootOnCompletion=yes

Show: For removal of AD DS from the DC in a domain

[DCINSTALL]
UserName=<An administrative account in the parent domain>
UserDomain=<The domain name of the UserName account>
Password=<The password for the UserName account> Specify * to prompt the user for credentials during the installation.
IsLastDCInDomain=yes
AdministratorPassword=<The local administrator password for the server>
RemoveApplicationPartitions=If you want to remove the partitions, specify “yes” (no quotation marks) for this entry. If you want to keep the partitions, this entry is optional.
RemoveDNSDelegation=yes
DNSDelegationUserName=<The DNS server administrative account for the DNS zone that contains the DNS delegation>
DNSDelegationPassword=<The password for the DNS server administrative account>
RebootOnCompletion=yes