Unattended promotion and demotion of Windows 2000 and Windows Server 2003 domain controllers (223757)



The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server

This article was previously published under Q223757

SUMMARY

The Dcpromo.exe program promotes and demotes Windows 2000 domain controllers. You can use Dcpromo.exe to perform the following tasks:
  • Promote Windows 2000 workgroup and member servers to Windows 2000 domain controllers.
  • Upgrade Microsoft Windows NT 4.0 domain controllers to Windows 2000 domain controllers.
  • Demote Windows 2000 domain controllers to Windows 2000 servers.
This article describes the syntax that you can use to build answer files that perform unattended promotions and demotions of Windows 2000 domain controllers.

For information about the answer file syntax for Microsoft Windows Server 2003, visit the following Microsoft Web site:

MORE INFORMATION

The Dcpromo.exe answer file is an ASCII text file that provides automated user input for each page of the Dcpromo.exe wizard.

Subtle differences exist between the Dcpromo.exe answer file syntax in Windows 2000 and in Microsoft Windows Server 2003. Despite these differences, Windows Server 2003 can read the Windows 2000 answer file syntax and interpret equivalent settings. However, the Windows Server 2003 answer file syntax may not work correctly on a Windows 2000 domain controller. For example, Windows 2000 cannot use the RemoveApplicationPartitions and ConfirmGc options.

If you require answer file interoperability between Windows 2000 and Windows Server 2003 domain controllers, use the answer file syntax that is described in this article.

To start Dcpromo.exe in unattended mode, use the dcpromo /answer:answer.txt command, where answer.txt is path and file name of the answer file that will be used for demotion or promotion. You can use this command whether you click Start and then click Run or use an unattended Setup file.

Each Dcpromo.exe operation requires answers to specific fields in the [DCInstall] section of the answer file. The following list provides the required fields for each operation. The default values are used if the option is not specified. The default values for these fields are described in the "Dcpromo Field Definitions" section.
  • For new tree in new forest installations, the following options apply:

    [DCINSTALL]
    ReplicaOrNewDomain=Domain
    TreeOrChild=Tree
    CreateOrJoin=Create
    NewDomainDNSName=<fully qualified DNS domain name (for example, corp.com) >
    DNSOnNetwork=yes
    DomainNetbiosName=<NetBIOS domain name>
    AutoConfigDNS=yes
    SiteName=[active directory site name (optional)];
    AllowAnonymousAccess=no
    DatabasePath=%systemroot%\ntds
    LogPath=%systemroot%\ntds
    SYSVOLPath=%systemroot%\sysvol
    SafeModeAdminPassword=<admin defined offline admin account password>
    CriticalReplicationOnly=No
    RebootOnSuccess=yes

  • For Windows NT 4.0 Backup domain controller ( BDC) upgrades or new Windows 2000 replica installations, the following options apply:

    [DCINSTALL]
    UserName=<domain admin in target domain>
    Password=<password>
    UserDomain=<domain that holds account that is used for promotion>
    DatabasePath=%systemroot%\ntds
    LogPath=%systemroot%\ntds
    SYSVOLPath=%systemroot%\sysvol
    SafeModeAdminPassword=<admin defined offline admin account password>
    CriticalReplicationOnly=no
    ReplicaOrNewDomain=Replica
    ReplicaDomainDNSName=<fully qualified Active Directory domain name>
    ReplicationSourceDC=<fully qualified name of existing domain controller to source AD from>
    RebootOnSuccess=yes

  • For child domain installations, the following options apply:

    [DCINSTALL]
    UserName
    Password
    UserDomain
    DatabasePath
    LogPath
    SYSVOLPath
    SYSVOLPath
    SafeModeAdminPassword=<admin defined offline admin account password>
    CriticalReplicationOnly=no
    ReplicaOrNewDomain=Domain
    TreeOrChild=Child
    ParentDomainDNSName
    ChildName
    DomainNetbiosName
    AutoConfigDNS
    AllowAnonymousAccess
    RebootOnSuccess=yes

  • For new tree in existing forest installations, the following options apply:

    [DCINSTALL]
    UserName
    Password
    UserDomain
    DatabasePath
    LogPath
    SYSVOLPath
    SiteName
    SafeModeAdminPassword=<admin defined offline admin account password>
    CriticalReplicationOnly=no
    ReplicaOrNewDomain=Domain
    TreeOrChild=Tree
    NewDomainDNSName
    DomainNetbiosName
    AutoConfigDNS
    AllowAnonymousAccess
    RebootOnSuccess=yes

  • For domain controller demotion, the following options apply:

    [DCINSTALL]
    UserName
    Password
    UserDomain
    AdministratorPassword
    IsLastDCInDomain
    RebootOnSuccess=yes

Dcpromo field definitions

This section describes Dcpromo fields and the options that you can use. The default value for each option appears in bold text.

AllowAnonymousAccess

  • Yes|No
  • Used when pre-Windows 2000 servers will be authenticating users from this domain or any trusting domain. This option indicates whether DCPromo should cause the permissions to be set to allow anonymous access to user and group information. "Yes" allows anonymous access. "No" uses more restrictive permissions.

AdministratorPassword

  • No default
  • Used to establish the local administrator password when demoting a domain controller

AutoConfigDNS

  • No|Yes
  • Determines whether the wizard should install and configure DNS for the new domain as it has detected that dynamic updates are not available.

ChildName

  • No default
  • Name of subordinate domain that is appended to the ParentDomainDNSName. If the parent domain is A.COM and the subordinate domain is "B", the new domain would be B.A.COM and "B" (with no quotation marks) would be entered as the ChildName.

ConfirmGc

  • No|Yes
  • Specify whether the replica is also a global catalog. "Yes" makes the replica a global catalog if the backup was a global catalog. "No" does not make the replica a global catalog.
Note The ConfirmGc option applies only to Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.

CreateOrJoin

  • Create|Join
  • "Create" creates a new forest. "Join" positions the new domain as a root of a new domain tree in an existing forest.

CriticalReplicationOnly

  • No value
  • Optional parameter that specifies that only critical replication is sourced during the replication phase of DCPROMO. Noncritical replication resumes when the computer restarts as a domain controller. "Yes" (with no quotation marks) enables only critical replication.

DatabasePath

  • %systemroot%\NTDS
  • Fully qualified, non-unc directory on a hard disk of the local computer to host the Active directory database (NTDS.DIT). If the directory exists, it must be empty. If it does not exist, it will be created. Free disk space on the logical drive selected must be 200 MB and possibly larger when rounding errors are encountered and larger to accommodate all objects in the domain. Locate on a dedicated hard disk for best performance.

DisableCancelForDnsInstall

  • Yes|No
  • Specify whether to disable the Cancel button during a DNS installation. "Yes" does not display the Cancel button. During the DNS installation, the /c switch invokes the Optional Component Manager (OCM). "No" displays the Cancel button.
Note The DisableCancelForDnsInstall option applies only to Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.

DomainNetbiosName

  • No default
  • NetBIOS name that is used by pre-Active Directory clients to access the domain. The DomainNetbiosName must be unique on the network.

DNSOnNetwork

  • No|Yes
  • Used in new forest installations when DNS client is not configured. "No" skips DNS client configuration and DNS auto-configuration for the new domain. "Yes" enables the DNS client to be configured and allows auto-configuration to be offered.

IsLastDCInDomain

  • Yes|No"
  • Indicates that the computer is the last domain in its domain during demotion.

LogPath

  • %systemroot%\NTDS
  • Fully qualified, non-UNC directory on a hard disk on the local computer to host the Active directory log files. If the directory exists it must be empty. If it does not exist, it will be created.

NewDomain

  • Tree | Child | Forest
  • Tree means the new domain is the root of a new tree in an existing forest. Child means the new domain is a child of an existing domain. Forest means the new domain is the first domain in a new forest of domain trees.
Note The NewDomain option applies only to Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.

NewDomainDNSName

  • No Default
  • Used in "new tree in existing forest" or "new forest" installations. Value is the DNS domain name to be created not currently being used.

Password

  • No default
  • Account credentials that can be used for the promotion operation. For protection, passwords are removed from the answer file following promotion and must redefine every time that an answer file is used.

ParentDomainDNSName

  • No Default
  • Name of (existing) parent DNS domain for child domain installs
RebootOnSuccess
  • Yes|No
  • Determines whether the computer should be rebooted when a promotion or demotion finishes successfully. A restart is always required to compete a change in Active Directory role.

RemoveApplicationPartitions

  • Yes | No
  • Specify whether to remove application partitions during the demotion of a domain controller. "Yes" removes application partitions on the domain controller. "No" does not remove application partitions on the domain controller. If the domain controller hosts the last replica of any application directory partition, you must manually confirm that you must remove these partitions.
Note The RemoveApplicationPartitions option applies only to Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.

ReplicaDomainDNSName

  • No Default
  • For BDC upgrades and replica domain controller installations. Enter the DNS domain name of the existing domain to be replicated from.

ReplicaOrMember

  • Replica|Member
  • "Replica" used for Windows NT 4.0 BDCs upgraded to Windows 2000 replica domain controllers. "Member" used when demoting the BDC to a member server of its domain.

ReplicaOrNewDomain

  • Domain|Replica
  • Used only on new installs. "Domain" converts the server into the first domain controller of a new domain. "Replica" converts the server into a replica domain controller.

ReplicationSourceDC=

  • None
  • Used to indicate the name of the domain controller from which to source the active directory on new replica or BDC upgrade installs. If no value is supplied, the closest domain controller from the domain being replicated will be selected.

ReplicationSourcePath

  • No Default
  • Used to indicate the location of the files that are used to create a new domain controller.
Note The ReplicationSourcePath option applies only to Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.

SafeModeAdminPassword

  • No Default
  • Used to supply the password for the offline administrator account that is used in DS Repair mode. No value = blank password.

SetForestVersion

  • Yes | No
  • Use to indicates the functional level for a new forest. "Yes" sets forest functional level to Windows Server 2003 interim. "No" sets forest functional level to Windows 2000.
Note The SetForestVersion option applies only to Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.

SiteName

  • "Default-First-Site" (with no quotation marks)
  • Value of an existing Active Directory site to locate the new domain controller. If not specified, an appropriate site will be selected. This option only applies to the new tree in a new forest scenario. For all other scenarios, a site will be selected using the current site and subnet configuration of he forest.

Syskey

  • system_key | <none>
  • Use to indicates that the user must supply the system key.
Note The Syskey option applies only to Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.

SYSVOLPath

  • %systemroot%\SYSVOL
  • Fully qualified, non-UNC directory on a hard disk of the local computer to host the Active directory log files. If the directory exists it must be empty. If it does not exist it will be created. Must be located on partition that is formatted with the NTFS 5.0 file system. Locate on a different physical hard disk than the operating system for best performance.

TreeOrChild

  • Tree|Child
  • "Tree" indicates new domain in root of new tree. "Child" creates a new child domain.

UserDomain

  • See Explanation
  • Domain the UserName account should be taken from. If the operation is to create a new forest or to become a member server from a BDC upgrade there is no default. If the operation is to create a new tree, the default is the DNS name of the forest the computer is currently joined to. If the operation is to create a new child domain or a replica then the default is the DNS name of the domain the computer is joined to. If the operation is to demote the computer and the computer is a domain controller in a child domain, the default is the DNS name of the parent domains. If the operation is to demote the computer, and the computer is a domain controller of a tree root domain, the default is the DNS name of the forest.

UserName

  • No Default
  • Account credentials that will be used for the promotion operation.

Dcpromo Return Codes:

  • 0 = The operation failed.
  • 1 = The operation succeeded.
  • 2 = The operation succeeded, and the user opted not to have the wizard restart the computer, either manually or by specifying "RebootOnSuccess=No" in the answer file.
  • 3 = The operation failed, but the computer must be restarted.
For information about the unattended promotion and demotion of Microsoft Windows Server 2003 domain controllers, visit the following Microsoft Web site:

Modification Type:MajorLast Reviewed:6/23/2006
Keywords:kbinfo kbsetup KB223757