Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

The things that are better left unspoken

a blog by Sander Berkouwer

Related

AD Manager Plus
 

Blog roll

News



Archives

New features in Active Directory Domain Services in Windows Server 2012, Part 2: New Promotion Process

As I’ve mentioned in my overview post, earlier today, one of the new features of Windows Server 2012 is a new Domain Controller Promotion Tool. In this blogpost I’ll dive a little deeper on this statement.

The following topics will be covered:

       

What’s New

Goodbye dcpromo.exe

Anyone who ever promoted a server to a Domain Controller, knows dcpromo.exe. This command line tool could be used to start the Graphical User Interface (GUI) to begin Active Directory Domain Controller promotion. Also, when used on the command line, it could be used with a couple of command line switches:

  • Introduced in Windows Server 2003, the /adv switch provides access to the Advanced Mode installation mode of Active Directory Domain Controller promotion. In Windows Server 2008 and Windows Server 2008 R2, the Advanced Mode was also available from the GUI, eliminating the need for this switch.
  • The /unattend switch could be used to construct dcpromo.exe oneliners to script the complete Active Directory Domain Controller promotion process.
  • The /answer switch instructs dcpromo.exe to look at a Active Directory Domain Controller promotion answer file.

As Windows Server moves to PowerShell, dcpromo.exe bites the dust, along with all its clunky command line switches. Dcpromo.exe isn’t completely gone though. You can still run it, but when you run it without any command line switches it only displays the following error:

InformationalThe Active Directory Domain Services Installation Wizard is relocated in
Server Manager For more information, see
http://go.microsoft.com/fwlink/?LinkId=220921  

Note:
Above, the text is shown, in stead of the error message, for your convenience. This allows you to click the link directly, as this is not possible from the error message…

Hello PowerShell

The new Domain Controller Promotion Tool is, of course, based on PowerShell under the hood. The GUI part of the New Domain Controller Promotion tool is based on MUX and available through the Server Manager after you install the Active Directory Domain Services role.

Note:
In contrast to Windows Server 2008 and Windows Server 2008 R2, where runing DCPromo.exe would check for and install the Active Directory Domain Services role, you need to install it manually from Windows Server 2012 onwards.

   

Installing the Active Directory Domain Services role

The first step to promote a server to a Domain Controller is to install the Active Directory Domain Services Server Role. While this step was already available in Windows Server 2008 and Windows Server 2008 R2, you could skip the step by simply running dcpromo.exe. In Windows Server 2012 you will need to complete this step when you want to promote a server to a Domain Controller in the Graphical User Interface (GUI).

Tip!
Please supply the server with a meaningful NetBIOS hostname, at least one static IP address, configure the time zone and connect at least one network interface, before proceeding to promote a server to a Domain Controller.

The Active Directory Domain Services Server Role can be installed on Windows Server 2012 using the following steps:

  1. Open Server Manager (by clicking its shortcut pinned to the taskbar or running servermanager.exe manually)
  2. In the left pane of Server Manager, navigate to Local Server
  3. On the grey task bar on the top click Manage.
  4. Select Add or remove Server Roles and Features. This will fire up the Add Roles and Features Wizard, which will guide you through the process.
  5. Click Next > in the Before you begin screen.
  6. Select Role based or feature-based installation in the Select installation type screen and click Next >.
  7. Select the server(s) from the server pool list in the Select destination server screen and click Next > when done.
  8. In the list with Server Roles, check the radio button to the right of Active Directory Domain Services.
     
    A pop-up screen will notify you a couple of features will also be installed:
      
    AddADDSRole2  

    Simply click Add Features. Now, back in the Select server roles, click Next >.
  9. Click Next > again underneath the Select Features list.
  10. Click Next > when you’re done reading the introduction to Active Directory Domain Services.
  11. In the Confirm installation selections screen, click Install. Do not bother to check the box next to Restart the server automatically if required, since installing the Active Directory Domain Services role does not require a reboot.

    Note:
    At the bottom of the Confirm installation selections screen, two more options exist:
      
    1. Export configuration settings
      This option allows you to save a DeploymentConfigTemplate.xml in a location of your choice.
    2. Specify an alternate source path
      This option can be used to locate the files necessary for installation on servers that have been stripped from them. The pop-up that appears when you click the option is pretty self-explanatory.
        
  12. Click Install.
  13. When the wizard is done installing, click Close.

The Active Directory Domain Services role and a couple of neat accompanying Features have been installed to your server.

Note:
At this stage, the server is not a Domain Controller. It’s merely a server with the Active Directory Domain Services Role installed.

  

Promoting the stand-alone server to a Domain Controller in the GUI

The Active Directory Domain Services Server Role is not configured at this point. The Role actually needs attention. You can still not run dcpromo.exe at this point, but you can use the Server Manager to configure the role. Perform one of these action to promote your stand-alone server to a Domain Controller in the Graphical User Interface (GUI):

  • In the left pane select the AD DS pane and click the yellow ribbon titled Configuration required for Active Directory Domain Services at server. at the right end where it says more…. In the All Servers Task Details and Notifications, click the link Promote this server to a domain controller.
  • In the grey task pane on the top of Server Manager right click to open the Notification Area (the yellow exclamation sign) and click the Promote this server to a domain controller link.

In the screenshot below, both options are captured in one view:

Starting configuration for Active Directory Domain Services (click for a larger screenshot)

After clicking the link, the Active Directory Domain Services Configuration Wizard starts:

Deployment Configuration screen of the Active Directory Domain Services Cofniguration Wizard (click for a larger screenshot)

In the Deployment Configuration screen the default choice is to Add a domain controller to an existing domain, since this is the most common deployment configuration. Since this is the first Domain Controller for new domain, we choose the Add a new forest option. This automatically triggers a next set of configuration-based fields to come into play.

Tip!
When in doubt on what option to pick here, click the More about deployment configurations link at the bottom of the page. This will open a web page. 

Click Next > when you’ve made you choices.

In all the other screens make the appropriate choices for your environment and skip through the screens using the Next > button.

In the Review Options screen, review your choices:

Review Options screen of the Active Directory Configuration Wizard (click for larger screenshot)

Use the < Previous button to make corrections, use the View Script button to view the corresponding PowerShell script or simply click Next > to advance to the Prerequisites Check:

Prerequisites Check screen for the Active Directory Domain Services Configuration Wizard (click for a larger screenshot)

When all prerequisite checks pass successfully, click the Install button to promote the server to a Domain Controller.

Note:
Using a script is the only way to promote a server to a domain controller without forcing a reboot. This option was removed from the Graphical User Interface.

   

Promoting the stand-alone server to a Domain Controller using PowerShell

If you’d rather use PowerShell to promote the stand-alone server to a Domain Controller, you can use the following command:

Install-ADDSForest -CreateDNSDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainMode "Win2012" -DomainName "domain.local" -DomainNetBIOSName "DOMAIN" -ForestMode "Win2012" -InstallDNS:$true -LogPath "C:\Windows\NTDS" –NoRebootOnCompletion:$false -SYSVOLPath "C:\Windows\SYSVOL" -Force:$true

Note:
The Import-Module command to allow the cmdlets from the ADDSDeployment module to run, is no longer needed in PowerShell 3. Therefore, the command Import-Module ADDSDeployment was not shown above.

Note:
Using a script is the only way to promote a server to a domain controller on Server Core installations of Windows Server 2012.

When you run this command, only one question remains to be answered. You will be prompted for a Directory Services Restore Mode (DSRM) password:

Promoting a server to a Domain Controller using PowerShell (click for larger screenshot)

Alternatively you can use the –SafeModeAdministratorPassword switch to supply it, although it requires some thought when you want to use unicode characters in your password.

Tip!
Don’t be alarmed by the (yellow) warnings in the Prerequisites Check phase of the promotion. As long as they’re not red, you’re fine…

Below is a screenshot of the Install-ADDSForest PowerShell command in action:

  

Concluding

In Windows Server 2012 you will no longer use dcpromo.exe to promote a server to a Domain Controller. The possibility to circumvent the correct installation of the Active Directory Domain Services role has also gone. Server Manager and PowerShell now offer great new ways to promote a server to a Domain Controller with added bonuses, like remote promotion.

Related Posts

DCPROMO Advanced Mode, what does it do?  
Longhorn Server DcPromo Part 1 
DCPROMO Debug 
How to Remotely Promote Server Core to a Read Only Domain Controller (RODC) 
How to install a Server Core R2 Domain Controller 
Creating DC's with Answer Files    

Further reading

Windows Server 2012: Goodbye dcpromo ! 
New in Windows Server 2012 – Part 5: Active Directory 
Promote Windows Server 2012 to Domain Controller, step-by-step     
Windows Server 8 - DCPromo? Install domain Controller using the Command Line. 
Dcpromo on Windows Server 8 beta
Windows Server 8 Beta – Installing the first DC in a Forest on Server Core   
DCPROMO of Windows 8 running on vSphere 5 U1  
Install Active Directory Services in Windows Server 8 Beta 
Windows 8 Server – Remote DCPROMO and Deployment 
Add Windows Server 2012 as a Domain Controller

Posted: Monday, September 03, 2012 8:59 AM by Sander Berkouwer

Comments

The things that are better left unspoken said:

As part of the installation of a Server Role and/or Feature, on the Confirm installation selections screen of the Add Roles and Features Wizard an option is provided to Export configuration settings.

When you click this option, an XML-formatted file is generated, that contains all the choices made in the previous screens of the Add Roles and Features Wizard. This file is presented to you as DeploymentConfigTemplate.xml to save at a convenient file location.

So, what can we do with this file?
Read it in this blogpost.

# September 12, 2012 9:36 PM

The things that are better left unspoken said:

Alongside the Active Directory Domain Services Configuration Wizard, Microsoft introduced three new Active Directory PowerShell Cmdlets to promote Windows Server 2012-based hosts to Domain Controllers:

  • New-ADDSForest
  • New-ADDSDomain
  • New-ADDSDomainController

These PowerShell Cmdlets each cover one of three Promotion scenarios. They offer a couple of options, not available in the Active Directory Domain Services Configuration Wizard. You might want to use these options, though. This blogpost lists them.

# September 28, 2012 9:24 PM

FMustafa said:

Windows Server 2012 can be seen as a major release for Windows Server. Not just in terms of virtualization (Hyper-V 3.0), storage (SMB 3.0 and Storage Spaces) or manageability, but also in terms of Active Directory. There’s a load of new features, improving the lives of many Active Directory admins!
# October 5, 2012 6:20 PM
Anonymous comments are disabled