SUMMARY
The Dcpromo.exe program promotes and demotes
Windows 2000 domain controllers. You can use Dcpromo.exe to perform the
following tasks:
- Promote Windows 2000 workgroup and member servers to
Windows 2000 domain controllers.
- Upgrade Microsoft Windows NT 4.0 domain controllers to
Windows 2000 domain controllers.
- Demote Windows 2000 domain controllers to Windows 2000
servers.
This article describes the syntax that you can use to
build answer files that perform unattended promotions and demotions of Windows
2000 domain controllers.
For information about the answer file syntax for Microsoft Windows Server 2003, visit the following Microsoft Web site:
MORE INFORMATION
The Dcpromo.exe answer file is an ASCII text file that
provides automated user input for each page of the Dcpromo.exe wizard.
Subtle
differences exist between the Dcpromo.exe answer file syntax in Windows 2000 and in Microsoft Windows Server 2003. Despite these differences, Windows Server 2003
can read the Windows 2000 answer file syntax and interpret equivalent settings.
However, the Windows Server 2003 answer file syntax may not work correctly on a Windows 2000 domain controller. For example, Windows 2000 cannot use the
RemoveApplicationPartitions and
ConfirmGc options.
If you require answer file interoperability between Windows 2000 and Windows Server 2003
domain controllers, use the answer file syntax that is described in
this article.
To start Dcpromo.exe in unattended mode, use the
dcpromo /answer:answer.txt
command, where
answer.txt is path and file name of
the answer file that will be used for demotion or promotion. You can use this command whether you click
Start and then click
Run or use an unattended Setup file.
Each
Dcpromo.exe operation requires answers to specific fields in the [DCInstall]
section of the answer file. The following list provides the required fields for
each operation. The default values are used if the option is not specified. The
default values for these fields are described in the "Dcpromo Field
Definitions" section.
- For new tree in new forest installations, the following
options apply:
[DCINSTALL]
ReplicaOrNewDomain=Domain
TreeOrChild=Tree
CreateOrJoin=Create
NewDomainDNSName=<fully qualified DNS domain name (for example, corp.com) >
DNSOnNetwork=yes
DomainNetbiosName=<NetBIOS domain name>
AutoConfigDNS=yes
SiteName=[active directory site name (optional)];
AllowAnonymousAccess=no
DatabasePath=%systemroot%\ntds
LogPath=%systemroot%\ntds
SYSVOLPath=%systemroot%\sysvol
SafeModeAdminPassword=<admin defined offline admin account password>
CriticalReplicationOnly=No
RebootOnSuccess=yes
- For Windows NT 4.0 Backup domain controller ( BDC) upgrades
or new Windows 2000 replica installations, the following options apply:
[DCINSTALL]
UserName=<domain admin in target domain>
Password=<password>
UserDomain=<domain that holds account that is used for promotion>
DatabasePath=%systemroot%\ntds
LogPath=%systemroot%\ntds
SYSVOLPath=%systemroot%\sysvol
SafeModeAdminPassword=<admin defined offline admin account password>
CriticalReplicationOnly=no
ReplicaOrNewDomain=Replica
ReplicaDomainDNSName=<fully qualified Active Directory domain name>
ReplicationSourceDC=<fully qualified name of existing domain controller to source AD from>
RebootOnSuccess=yes
- For child domain installations, the following options
apply:
[DCINSTALL]
UserName
Password
UserDomain
DatabasePath
LogPath
SYSVOLPath
SYSVOLPath
SafeModeAdminPassword=<admin defined offline admin account password>
CriticalReplicationOnly=no
ReplicaOrNewDomain=Domain
TreeOrChild=Child
ParentDomainDNSName
ChildName
DomainNetbiosName
AutoConfigDNS
AllowAnonymousAccess
RebootOnSuccess=yes
- For new tree in existing forest installations, the
following options apply:
[DCINSTALL]
UserName
Password
UserDomain
DatabasePath
LogPath
SYSVOLPath
SiteName
SafeModeAdminPassword=<admin defined offline admin account password>
CriticalReplicationOnly=no
ReplicaOrNewDomain=Domain
TreeOrChild=Tree
NewDomainDNSName
DomainNetbiosName
AutoConfigDNS
AllowAnonymousAccess
RebootOnSuccess=yes
- For domain controller demotion, the following options
apply:
[DCINSTALL]
UserName
Password
UserDomain
AdministratorPassword
IsLastDCInDomain
RebootOnSuccess=yes
Dcpromo field definitions
This section describes Dcpromo fields and the options that you can use.
The default value for each option appears in
bold text.
AllowAnonymousAccess
- Yes|No
- Used when pre-Windows 2000 servers will be
authenticating users from this domain or any trusting domain. This option
indicates whether DCPromo should cause the permissions to be set to allow
anonymous access to user and group information. "Yes" allows anonymous access.
"No" uses more restrictive permissions.
AdministratorPassword
- No default
- Used to establish the local administrator password when
demoting a domain controller
AutoConfigDNS
- No|Yes
- Determines whether the wizard should install and configure
DNS for the new domain as it has detected that dynamic updates are not
available.
ChildName
- No default
- Name of subordinate domain that is appended to the
ParentDomainDNSName. If the parent domain is A.COM and the subordinate domain
is "B", the new domain would be B.A.COM and "B" (with no quotation marks) would be entered as
the ChildName.
ConfirmGc
- No|Yes
- Specify whether the replica is also a global catalog. "Yes"
makes the replica a global catalog if the backup was a global catalog. "No"
does not make the replica a global catalog.
Note The ConfirmGc option applies only to Windows Server 2003,
Standard Edition and Windows Server 2003, Enterprise Edition.
CreateOrJoin
- Create|Join
- "Create" creates a new forest. "Join" positions the new domain
as a root of a new domain tree in an existing forest.
CriticalReplicationOnly
- No value
- Optional parameter that specifies that only critical replication is sourced during the replication
phase of DCPROMO. Noncritical replication resumes when the computer restarts as a domain
controller. "Yes" (with no quotation marks) enables only critical replication.
DatabasePath
- %systemroot%\NTDS
- Fully qualified, non-unc directory on a hard disk of the
local computer to host the Active directory database (NTDS.DIT). If the
directory exists, it must be empty. If it does not exist, it will be created.
Free disk space on the logical drive selected must be 200 MB and possibly
larger when rounding errors are encountered and larger to accommodate all
objects in the domain. Locate on a dedicated hard disk for best performance.
DisableCancelForDnsInstall
- Yes|No
- Specify whether to disable the Cancel button during a DNS
installation. "Yes" does not display the Cancel button. During the DNS
installation, the /c switch invokes the Optional Component Manager (OCM). "No"
displays the Cancel button.
Note The DisableCancelForDnsInstall option applies only to Windows
Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.
DomainNetbiosName
- No default
- NetBIOS name that is used by pre-Active Directory clients to access the
domain. The DomainNetbiosName must be unique on the network.
DNSOnNetwork
- No|Yes
- Used in new forest installations when DNS client is not
configured. "No" skips DNS client configuration and DNS auto-configuration for
the new domain. "Yes" enables the DNS client to be configured and allows
auto-configuration to be offered.
IsLastDCInDomain
- Yes|No"
- Indicates that the computer is the last domain in its
domain during demotion.
LogPath
- %systemroot%\NTDS
- Fully qualified, non-UNC directory on a hard disk on the
local computer to host the Active directory log files. If the directory exists
it must be empty. If it does not exist, it will be created.
NewDomain
- Tree | Child | Forest
- Tree means the new domain is the root of a new tree in an
existing forest. Child means the new domain is a child of an existing domain.
Forest means the new domain is the first domain in a new forest of domain
trees.
Note The NewDomain option applies only to Windows Server 2003,
Standard Edition and Windows Server 2003, Enterprise Edition.
NewDomainDNSName
- No Default
- Used in "new tree in existing forest" or "new forest"
installations. Value is the DNS domain name to be created not currently being used.
Password
- No default
- Account credentials that can be used for the promotion operation.
For protection, passwords are removed from the answer file following promotion
and must redefine every time that an answer file is used.
ParentDomainDNSName
- No Default
- Name of (existing) parent DNS domain for child domain
installs
RebootOnSuccess - Yes|No
- Determines whether the computer should be rebooted when a promotion or demotion finishes successfully. A restart is always required
to compete a change in Active Directory role.
RemoveApplicationPartitions
- Yes | No
- Specify whether to remove application partitions during the
demotion of a domain controller. "Yes" removes application partitions on the
domain controller. "No" does not remove application partitions on the domain
controller. If the domain controller hosts the last replica of any application
directory partition, you must manually confirm that you must remove these
partitions.
Note The RemoveApplicationPartitions option applies only to Windows
Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.
ReplicaDomainDNSName
- No Default
- For BDC upgrades and replica domain controller installations.
Enter the DNS domain name of the existing domain to be replicated from.
ReplicaOrMember
- Replica|Member
- "Replica" used for Windows NT 4.0 BDCs upgraded to Windows
2000 replica domain controllers. "Member" used when demoting the BDC to a
member server of its domain.
ReplicaOrNewDomain
- Domain|Replica
- Used only on new installs. "Domain" converts the server
into the first domain controller of a new domain. "Replica" converts the server
into a replica domain controller.
ReplicationSourceDC=
- None
- Used to indicate the name of the domain controller from
which to source the active directory on new replica or BDC upgrade installs. If
no value is supplied, the closest domain controller from the domain being
replicated will be selected.
ReplicationSourcePath
- No Default
- Used to indicate the location of the files that are used to create a
new domain controller.
Note The ReplicationSourcePath option applies only to Windows Server
2003, Standard Edition and Windows Server 2003, Enterprise Edition.
SafeModeAdminPassword
- No Default
- Used to supply the password for the offline administrator
account that is used in DS Repair mode. No value = blank password.
SetForestVersion
- Yes | No
- Use to indicates the functional level for a new forest.
"Yes" sets forest functional level to Windows Server 2003 interim. "No" sets
forest functional level to Windows 2000.
Note The SetForestVersion option applies only to Windows Server 2003,
Standard Edition and Windows Server 2003, Enterprise Edition.
SiteName
- "Default-First-Site" (with no quotation marks)
- Value of an existing Active Directory site to locate the new
domain controller. If not specified, an appropriate site will be selected. This
option only applies to the new tree in a new forest scenario. For all other
scenarios, a site will be selected using the current site and subnet
configuration of he forest.
Syskey
- system_key | <none>
- Use to indicates that the user must supply the system key.
Note The Syskey option applies only to Windows Server 2003, Standard
Edition and Windows Server 2003, Enterprise Edition.
SYSVOLPath
- %systemroot%\SYSVOL
- Fully qualified, non-UNC directory on a hard disk of the
local computer to host the Active directory log files. If the directory exists
it must be empty. If it does not exist it will be created. Must be located on
partition that is formatted with the NTFS 5.0 file system. Locate on a different physical hard disk than
the operating system for best performance.
TreeOrChild
- Tree|Child
- "Tree" indicates new domain in root of new tree. "Child"
creates a new child domain.
UserDomain
- See Explanation
- Domain the UserName account should be taken from. If the
operation is to create a new forest or to become a member server from a BDC
upgrade there is no default. If the operation is to create a new tree, the
default is the DNS name of the forest the computer is currently joined to. If
the operation is to create a new child domain or a replica then the default is
the DNS name of the domain the computer is joined to. If the operation is to
demote the computer and the computer is a domain controller in a child domain,
the default is the DNS name of the parent domains. If the operation is to
demote the computer, and the computer is a domain controller of a tree root
domain, the default is the DNS name of the forest.
UserName
- No Default
- Account credentials that will be used for the promotion
operation.
Dcpromo Return Codes:
- 0 = The operation failed.
- 1 = The operation succeeded.
- 2 = The operation succeeded, and the user opted not to have
the wizard restart the computer, either manually or by specifying
"RebootOnSuccess=No" in the answer file.
- 3 = The operation failed, but the computer must be
restarted.
For information about the unattended promotion and demotion of
Microsoft Windows Server 2003 domain controllers, visit the following Microsoft
Web site: