Unattended Promotion and Demotion of Windows 2000 Domain Controllers
SUMMARY
Dcpromo.exe is the program that promotes and demotes Windows 2000 domain controllers. You can use Dcpromo.exe to perform the following tasks:- Promote Windows 2000 workgroup and member servers to Windows 2000 domain controllers.
- Upgrade Microsoft Windows NT 4.0 domain controllers to Windows 2000 domain controllers.
- Demote Windows 2000 domain controllers to Windows 2000 servers.
MORE INFORMATION
The Dcpromo.exe answer file is an ASCII text file that provides automated user input for each page of the Dcpromo.exe Wizard. Subtle differences exist between Windows 2000 and Microsoft Windows Server 2003 Dcpromo.exe answer file syntax. Despite these differences, Windows Server 2003 can read the Windows 2000 answer file syntax and interpret equivalent settings. If answer file interoperability between Windows 2000 and Windows Server 2003 domain controllers is required, use the answer file syntax that is described in this article.To start Dcpromo.exe in unattended mode from a command prompt if you either click Start and then click Run or if you use an unattended Setup file, use the dcpromo /answer:answer.txt command, where answer.txt is path and file name of the answer file to be used for demotion or promotion.
Each Dcpromo.exe operation requires answers to specific fields in the [DCInstall] section of the answer file. The following list provides the required fields for each operation. The default values are used if the option is not specified. The default values for these fields are described in the "Dcpromo Field Definitions" section later in this article.
- For new tree in new forest installations, the following options apply:
[DCINSTALL]
ReplicaOrNewDomain=Domain
TreeOrChild=Tree
CreateOrJoin=Create
NewDomainDNSName=<fully qualified DNS domain name (i.e. corp.com) >
DNSOnNetwork=yes
DomainNetbiosName=<Netbios domain name>
AutoConfigDNS=yes
SiteName=[active directory site name (optional)];
AllowAnonymousAccess=no
DatabasePath=%systemroot%\ntds
LogPath=%systemroot%\ntds
SYSVOLPath=%systemroot%\sysvol
SafeModeAdminPassword=<admin defined offline admin account password>
CriticalReplicationOnly=No
RebootOnSuccess=yes - For Windows NT 4.0 Backup domain controller ( BDC) upgrades or new Windows 2000 replica installations, the following options apply:
[DCINSTALL]
UserName=<domain admin in target domain>
Password<password>
UserDomain<domain that holds account used for promotion>
DatabasePath=%systemroot%\ntds
LogPath=%systemroot%\ntds
SYSVOLPath=%systemroot%\sysvol
SafeModeAdminPassword=<admin defined offline admin account password>=
CriticalReplicationOnly=no
ReplicaOrNewDomain=Replica
ReplicaDomainDNSName<fully qualified Active Directory domain name>
ReplicationSourceDC<name of existing domain to source AD from>
RebootOnSuccess=yes - For child domain installations, the following options apply:
[DCINSTALL]
UserName
Password
UserDomain
DatabasePath
LogPath
SYSVOLPath
SYSVOLPath
SafeModeAdminPassword=<admin defined offline admin account password>
CriticalReplicationOnly=no
ReplicaOrNewDomain=Domain
TreeOrChild=Child
ParentDomainDNSName
ChildName
DomainNetbiosName
AutoConfigDNS
AllowAnonymousAccess
RebootOnSuccess=yes - For new tree in existing forest installations, the following options apply:
[DCINSTALL]
UserName
Password
UserDomain
DatabasePath
LogPath
SYSVOLPath
SiteName
SafeModeAdminPassword=<admin defined offline admin account password>
CriticalReplicationOnly=no
ReplicaOrNewDomain=Domain
TreeOrChild=Tree
NewDomainDNSName
DomainNetbiosName
AutoConfigDNS
AllowAnonymousAccess
RebootOnSuccess=yes - For domain controller demotion, the following options apply:
[DCINSTALL]
UserName
Password
UserDomain
AdministratorPassword
IsLastDCInDomain
RebootOnSuccess=yes
Dcpromo Field Definitions
This section describes Dcpromo fields and the options you can use. The default value for each option is displayed in bold text.AllowAnonymousAccess
- Yes|No
- Used when downlevel (pre Windows 2000) serves will be authenticating users from this domain or any trusting domain. This option indicates whether DCPromo should cause the permissions to be set to permit anonymous access to user and group information. "Yes" allows anonymous access. "No" uses more restrictive permissions.
AdministratorPassword
- No default
- Used to establish the local administrator password when demoting a domain controller
AutoConfigDNS
- No|Yes
- Determines whether the wizard should install and configure DNS for the new domain as it has detected that dynamic DNS updates are not available.
ChildName
- No default
- Name of subordinate domain that is appended to the ParentDomainDNSName. If the parent domain is A.COM and the subordinate domain is "B", the new domain would be B.A.COM and "B" (no quotes) would be entered as the ChildName.
CreateOrJoin
- Create|Join
- "Create" creates a new forest. "Join" places the new domain as a root of a new domain tree in an existing forest.
CriticalReplicationOnly
- No value
- Optional Parameter. Specifies that during replication phase of DCPROMO that only critical replication be sourced initially. Non critical replication will resume when the computer is rebooted as a domain controller subject to replication schedules."Yes" (no quotes) enabled critical replication only.
DatabasePath
- %systemroot%\NTDS
- Fully qualified, non-unc directory on a fixed disk of the local machine to host the Active directory database (NTDS.DIT). If the directory exists it must be empty. If it does not exist, it will be created. Free disk space on the logical drive selected must be 200 MB and possibly larger when rounding errors are encountered and larger to accommodate all objects in the domain. Place on a dedicated hard drive for best performance
DomainNetbiosName
- No default
- Netbios name used by downlevel clients to access the domain. The DomainNetbiosName must be unique on the network.
DNSOnNetwork
- No|Yes
- Used in new forest installations when DNS client is not configured. "No" skips DNS client configuration and DNS auto-configuration for the new domain. "Yes allows the DNS client to be configured and allows and auto-configuration to be offered.
IsLastDCInDomain
- Yes|No"
- Indicates that that is computer is the last domain in its domain during demotion.
LogPath
- %systemroot%\NTDS
- Fully qualified, non-unc directory on a fixed disk on the local machine to host the Active directory log files. If the directory exists it must be empty. If it does not exist, it will be created.
NewDomainDNSName
- No Default
- Used in "new tree in existing forest" or "new forest" installations. Value is the DNS domain name to be created not currently in use.
Password
- No default
- Account credentials to be used for the promotion operation. For protection, passwords are removed from the answer file following promotion and must redefine each time an answer file is used.
ParentDomainDNSName
- No Default
- Name of (existing) parent DNS domain for child domain installs
- Yes|No
- Determines whether the computer should be rebooted upon successful completion of a promotion or demotion. Reboots are always required to compete a change in Active Directory role.
ReplicaDomainDNSName
- No Default
- For BDC upgrades and replica domain controller installs. Enter the DNS domain name of the existing domain to be replicated from.
ReplicaOrMember
- Replica|Member
- "Replica" used for Windows NT 4.0 BDCs upgraded to Windows 2000 replica domain controllers. "Member" used when demoting the BDC to a member server of its domain.
ReplicaOrNewDomain
- Domain|Replica
- Used only on new installs. "Domain" converts the server into the first domain controller of a new domain. "Replica" converts the server into a replica domain controller.
ReplicationSourceDC=
- None
- Used to indicate the name of the domain controller from which to source the active directory on new replica or BDC upgrade installs. If no value is supplied, the closest domain controller from the domain being replicated will be selected.
SafeModeAdminPassword
- No Default
- Used to supply the password for the offline administrator account used in DS Repair mode. No value = blank password.
SiteName
- "Default-First-Site" (no quotes)
- Value of an existing Active Directory site to place the new domain controller. If not specified, a suitable site will be selected. This option only applies to the new tree in a new forest scenario. For all other scenarios, a site will be selected using the current site and subnet configuration of he forest.
SYSVOLPath
- %systemroot%\SYSVOL
- Fully qualified, non-UNC directory on a fixed disk of the local machine to host the Active directory log files. If the directory exists it must be empty. If it does not exist it will be created. Must be located on an NTFS 5.0 formatted partition. Place on a different physical hard drive than the operating system for best performance.
TreeOrChild
- Tree|Child
- "Tree" indicates new domain in root of new tree. "Child" creates a new child domain.
UserDomain
- See Explanation
- Domain the UserName account should be taken from. If the operation is to create a new forest or to become a member server from a BDC upgrade there is no default. If the operation is to create a new tree, then the default is the DNS name of the forest the computer is presently joined to. If the operation is to create a new child domain or a replica then the default is the DNS name of the domain the computer is joined to. If the operation is to demote the computer and the computer is a domain controller in a child domain, then the default is the DNS name of the parent domains. If the operation is to demote the computer, and the computer is a domain controller of a tree root domain, the default is the DNS name of the forest.
UserName
- No Default
- Account credentials to be used for the promotion operation.
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
