Unattended Installation of Active Directory-Using Windows 2012 DCPromo.Exe
Unattended Installation of Active Directory-Using Windows 2012 DCPromo.Exe
Unattended installation means no user interaction, and this is exactly what we are going to do in this article, we are going to setup our first domain controller without going through the Server Manager, or going through the Active Directory Domain Services Installation Wizard the follows executing the dcpromo command.
Pre-requisite task
When you get the new member server from server build team for DCpromo, before you start your work, these are the pre-task need to action before you can DCpromo.
Logon to member server which you want to promote as domain controller
via domain credentials.
Search the computer management console
Computer management console
Expend local users and groups
Select Groups and click on Administrators group as below highlighted.
Add DS-A account to administrators group and check name.
Put the domain credentials.
Click on OK
Click on Apply.
DS-A account showing in administrators group in member server and
Click on OK .
Restart the server
Post restart the server, Logon to server via your DS-A credentials.
Click on OK and now you are logged into server via your DS-A account.Now you are administrator on this member server.
Open my Computer and go to C drive
Open the C drive.
Open the Temp Folder
Open DCPromote-W2K12AnswerFile which we will use in unattended promotion process.
Please make the changes in this file as per your domain environments.
We made the changes as per windows techno domain.Open the DcpromotionW2k12 batch file to see the parameters of script.
Kindly run the DcpromotionW2k12 batch file Run as administrator as per below snapshot.
Click on yes
Now DC promotion wizard open and follow the instructions.
Once DC promotion wizard started, it will ask you to proceed installation further.Kindly type Y to proceed next.
Now you are in DC promotion wizard and it is checking whether active directory domain services binaries or not. Active directory domain services binaries should be installed on server before going with promotion of domain controller.
Validating environments and parameters.
Once validation of environments and parameters it will check for
DCPromote-W2K12AnswerFile file as well group policy management console status.
after GPMC feature installation, next step is to create the object in naming and configuration partitions but we received “The operation failed and access is denied” error as per below snapshot.These errors are coming due to insufficient rights on active directory.
You can also see the errors details in log file.
You get the exact root cause why installation is got failed.
because Mark-DS-A account don’t have rights to promote the server as a domain controller.Domain admin access should be required to promotion and demotion. As we all know, you can not promote the server without domain admin rights.
If we ask, is it possible to promote domain controller without domain admin rights?? Everyone will say NOT possible But we can say its possible and we do without domain admin rights. it can be achieved via delegation.To delegate the ability to add a DC to an existing domain, several permissions are required on several different containers. You can check this in next article.
Now we have to add Mark-DS-A account to domain admin group in windowstechno.local domain.
Logon to domain controller and open the Active directory users and computers console(dsa.msc). Find the Mark-DS-A user in active directory.
Open the Mark-DS-A user properties.
Click on membership tab.
Click on Add and put the domain admin group as per below snapshot.
Click on OK.Now Domain Admin group is showing in member of Mark-DS-A account.
Click on apply and OK.
Now Mark-DS-A user have domain admin access. Now Mark-DS-A capable to promote and demote the domain controllers.
Logon to member server which you want to promote as domain controller
via domain credentials. I am login to Mark-DS-A account to promote the server to domain controller.
Go to C drive and open the Temp folder as per snapshot.
Verify DCPromote-W2K12AnswerFile which we will use in unattended promotion process.
Once all details verified, Kindly run the DcpromotionW2k12 batch file Run as administrator as per below snapshot.
Click on Yes to proceed next.
Now DC promotion wizard is open and follow the instructions.
Once DC promotion wizard started, it will ask you to proceed installation further.Kindly type Y to proceed next.
Now you are in DC promotion wizard and it is checking whether active directory domain services binaries or not. Active directory domain services binaries should be installed on server before going with promotion of domain controller.
Once validation of environments and parameters it will check for
DCPromote-W2K12AnswerFile file as well group policy management console status.
Configuring the Local Computer to host Active Directory Domain Services.
Replicating the configuration directory partition.
Replicating the Critical Domain information.
Now Active Directory domain services is installed on this computer for the domain “WindowsTchno.Local“.Press any key to display the DC promotion log.
DC Promotion log-
Restart the computer and logon to domain controller by domain credentials Mark-DS-A.
Open the Active directory users and computers console and Click on domain controllers OU. You will see the DC03 Domain controller here.
Click on DC03 properties.
You can also verify DC03 status in Active directory Site and Services console.
Next article is “How to promote domain controller without domain admin rights“.
We live in such a special time when literally anything we can think of is possible.”
So, that’s all in this blog. I will meet you soon with some other stuff. Have a nice day !!!
Recommended content
RODC Installation Guide- Step by step guide to install read only domain controller
RODC Filtered Attribute Set
Installing and configuring a RODC in Windows Server-2012
How to find the GUID of Domain Controller
Group Policy Understanding Group Policy Preferences
Group Policy Verification Tool GPOTool Exe
Group Policy Health Check on Specific Domain Controller
What is Netlogon Folder in Active Directory
How to Create Custom Attributes in Active Directory
How Can I Check the Tombstone Lifetime of My Active Directory Forest
How to Determine a Computers AD Site From the Command Line
How to Check the Active Directory Database Integrity
How to Check the Active Directory Database Integrity
Disabling and Enabling the Outbound Replication
DFS Replication Service Stopped Replication
What is Strict Replication Consistency
The replication operation failed because of a schema mismatch between the servers involved
Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers
How to export replication information in txt file
Repadmin Replsummary
Enabling the outbound replication
Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.
If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.