To improve the installation and management of Active Directory Domain
Services (AD DS), Windows Server 2008 includes some changes in the user
interface of the "Active Directory Domain Services Installation Wizard"
(dcpromo), but also to the Microsoft Management Console (MMC) snap-in
functions that manage AD DS.
Here's an overview:
- Active Directory Installation Wizard (covered in part 1)
- Active Directory Users and Computers (covered in part 2)
- Active Directory Sites & Services
- Active Directory Domains & Trusts
- Active Directory Schema
Active Directory Installation Wizard
The updated "Active Directory Domain Services Installation Wizard" streamlines and simplifies AD DS installation.
The
improvements to the "Active Directory Domain Services Installation
Wizard" (dcpromo) are all available by default. However, some wizard
pages appear only if the check box for "Use advanced mode installation" is selected on the Welcome page of the wizard. This "advanced mode" is an alternative to running dcpromo /adv.
Advanced mode contains additional options that enable more "advanced" configurations and more control over the operation. The additional installation options in "advanced mode" include:
Advanced mode contains additional options that enable more "advanced" configurations and more control over the operation. The additional installation options in "advanced mode" include:
- Creating a new domain tree.
- Using backup media (IFM - Install From Media) from
an existing domain controller in the same domain to reduce network
traffic that is associated with initial replication of additional domain
controllers. More in an upcoming post!
- Selecting the source domain controller
for the installation. This enables you to control which domain
controller is used to initially replicate domain data to the new domain
controller.
- Modifying the NetBIOS name that the wizard generates by default.
- Defining the Password Replication Policy for an RODC (RODC was covered in a previous blog post).
In addition to the changes above, the "Active Directory Domain Services Installation Wizard" also has some new pages:
- Additional Domain Controller Options (specifies addition AD roles: DNS, GC, RODC)
- Select a Domain (specifies the name of the domain)
- Select a Site (specifies in which site the domain controller should be installed)
- Set Functional Levels (set the domain and forest functional level during the installation of a new domain or forest)
More information about what (new) functionality the domain/forest functionality levels bring in an upcoming post.
Keep posted! - Delegation of RODC Installation and Administration (specifies the user/group who can install/administer the RODC)
- Password Replication Policy (specifies which account passwords to allow/deny from being cached on an RODC)
- DNS delegation creation (Provides default option to create a DNS delegation based on the type of domain controller installation)
- Export settings to unattend answer file
On the Summary page of the wizard, you can export the settings that you have selected to an answer file that you can use as a template for subsequent installations (or uninstallations).
An example of an exported unattended answer fileYou can also type the options and values directly into the command line rather than using an answer file.
For example:
dcpromo /unattend /unattendOption:value /unattendOption:value ... where
- unattendOption is an option in the Unattend install reference table (below).
Separate each option:value pair with a space. - value is the configuration instruction/data for the option
dcpromo /autoConfigDns:yes /dnsOnNetwork:yes /replicaOrNewDomain:domain /newDomain:forest /newDomainDnsName:win2008.lab
/DomainNetbiosName:LAB /databasePath:"e:\ntds" /logPath:"e:\ntds\logs" /sysvolpath:"e:\sysvol" /safeModeAdminPassword:FH#+399.cK
/forestLevel:2 /domainLevel:2 /rebootOnCompletion:yes
Many command line parameters (unattendOptions) have been added for the promotion and demotion of domain controllers. A limited overview:
dcpromo /syskey - Indicates that the user must provide the system key
dcpromo /SafeModeAdminPassword - Specifies the administrator password when starting in Safe Mode
dcpromo /DisableCancelForDnsInstall - Specifies whether to disable the Cancel button during a DNS installation.
dcpromo /AllowDomainControllerReinstall - Specifies to overwrite the domain controller data of the existing domain controller, if domain controller already exists
dcpromo /AutoConfigDNS - Specifies whether DNS is configured for a new domain if Dcpromo detects that the DNS dynamic update protocol is not available
dcpromo /ForceDemotion - Indicates that the removal proceeds if the domain controller is offline
dcpromo /DemoteFSMO - Indicates that a forced removal should continue even if an operations master role is held by the domain controller.
dcpromo /IsLastDCInDomain - Indicates whether the computer on which Dcpromo is running is the last domain controller in the domain
For a complete reference about the Unattended Installation Parameters
When the unattended promotion/demotion completes, Dcpromo returns one of the following codes to indicate the status of the operation.
· 1-10 = success return codes (1 - ExitSuccess, 2 - ExitSuccessNeedReboot, 3 - ExitSuccessWithNonCriticalFailure)
· 11-100 = failure return codes
- unattendOption is an option in the Unattend install reference table (below).
- Automated
Reboot after Active Directory Domain Services Installation Wizard
completes or via an answer file unattendOption (RestartOnCompletion=yes)
NOTE:
When adding the Active Directory Domain Services role (via Server
Manager or Initial Configuration Tasks), the Add Roles Wizard only installs the files that are required to install and configure AD DS on a server, but it does not start
the actual AD DS installation. To start the AD DS installation, you
must still run dcpromo.exe or initiate the "Active Directory Domain
Services Installation Wizard" for the Server Manager in the AD DS server
role view.
0 comments
Post a Comment