Установка/удаление роли контроллера домена на Windows2008 Core

Всем доброго времени суток!

С большим опозданием, но выкладываю подсказку как это сделать :).

Как известно после установки Windows2008 Core просто так поднять контроллер домена не получится. Утилита dcpromo не запускается в графическом интерфейсе.

Для установки необходим файл с ответами для dcpromo.

Формируем файлик с любым названием, например в корне диска C и запускаем командой dcpromo /unattend:C:\answer.txt

Содержимое файла формируется в зависимости от задач.

Описание взято прямо с сайта Microsoft

  • For new forest installations, the following options apply:
    [DCINSTALL]

    InstallDNS=yes
    NewDomain=forest
    NewDomainDNSName=<The fully qualified Domain Name System (DNS) name>
    DomainNetBiosName=<By default, the first label of the fully qualified DNS name>
    SiteName=<Default-First-Site-Name>
    ReplicaOrNewDomain=domain
    ForestLevel=<The forest functional level number>
    DomainLevel=<The domain functional level number>
    DatabasePath=”<The path of a folder on a local volume>”
    LogPath=”<The path of a folder on a local volume>”
    RebootOnCompletion=yes
    SYSVOLPath=”<The path of a folder on a local volume>”
    SafeModeAdminPassword=<The password for an offline administrator account>

  • For child domain installations, the following options apply:
    [DCINSTALL]
    ParentDomainDNSName=<Fully qualified DNS name of parent domain>
    UserName=<The administrative account in the parent domain>
    UserDomain=<The name of the domain of the user account>
    Password=<The password for the user account> Specify * to prompt the user for credentials during the installation.
    NewDomain=child

    ChildName=<The single-label DNS name of the new domain>
    SiteName=<The name of the AD DS site in which this domain controller will reside> This site must be created in advance in the Dssites.msc snap-in.
    DomainNetBiosName=<The first label of the fully qualified DNS name>
    ReplicaOrNewDomain=domain
    DomainLevel=<The domain functional level number> This value cannot be less than the current value of the forest functional level.

    DatabasePath=”<The path of a folder on a local volume>”
    LogPath=”<The path of a folder on a local volume>”
    SYSVOLPath=”<The path of a folder on a local volume>”
    InstallDNS=yes

    CreateDNSDelegation=yes
    DNSDelegationUserName= <The account that has permissions to create a DNS delegation> The account that is being used to install AD DS may differ from the account in the parent domain that has the permissions that are required to create a DNS delegation. In this case, specify the account that can create the DNS delegation for this parameter. Specify * to prompt the user for credentials during the installation.
    DNSDelegationPassword= <The password for the account that is specified for DNSDelegationUserName> Specify * to prompt the user for a password during the installation.
    SafeModeAdminPassword=<The password for an offline administrator account>
    RebootOnCompletion=yes

  • For a new tree in existing forest installations, the following options apply:
    [DCINSTALL]
    UserName=<An administrative account in the parent domain>
    UserDomain=<The name of the domain of the user account>
    Password=<The password for the adminstrative account> Specify * to prompt the user for credentials during the installation.
    NewDomain=tree
    NewDomainDNSName=<The fully qualified DNS name of the new domain>
    SiteName=<The name of the AD DS site in which this domain controller will reside> This site must be created in advance in the Dssites.msc snap-in.
    DomainNetBiosName=<The first label of the fully qualified DNS name>
    ReplicaOrNewDomain=domain
    DomainLevel=<The domain functional level number>
    DatabasePath=”<The path of a folder on a local volume>”
    LogPath=”<The path of a folder on a local volume>”
    SYSVOLPath=”<The path of a folder on a local volume>”
    InstallDNS=yes
    CreateDNSDelegation=yes
    DNSDelegationUserName= <The account that has permissions to create a DNS delegation> The account that is being used to install AD DS may differ from the account in the parent domain that has the permissions that are required to create a DNS delegation. In this case, specify the account that can create the DNS delegation for this parameter. Specify * to prompt the user for credentials during the installation.
    DNSDelegationPassword=<The password for the account that is specified for DNSDelegationUserName> Specify * to prompt the user for a password during the installation.
    SafeModeAdminPassword=<The password for an offline administrator account>
    RebootOnCompletion=yes
  • For additional domain controller installations, the following options apply:
    [DCINSTALL]
    UserName=<The administrative account in the domain of the new domain controller>

    UserDomain=<The name of the domain of the new domain controller>

    Password=<The password for the UserName account>

    SiteName=<The name of the AD DS site in which this domain controller will reside> This site must be created in advance in the Dssites.msc snap-in.

    ReplicaOrNewDomain=replica

    ReplicaDomainDNSName=<The fully qualified domain name (FQDN) of the domain in which you want to add an additional domain controller>

    DatabasePath=”<The path of a folder on a local volume>”

    LogPath=”<The path of a folder on a local volume>”

    SYSVOLPath=”<The path of a folder on a local volume>”

    InstallDNS=yes

    ConfirmGC=yes

    SafeModeAdminPassword=<The password for an offline administrator account>

    RebootOnCompletion=yes

  • For additional domain controller installations that use the Install From Media (IFM) method, the following options apply:
    [DCINSTALL]
    UserName=<The administrative account in the domain of the new domain controller>
    Password=<The password for the UserName account>
    UserDomain=<The name of the domain of the UserName account>
    DatabasePath=”<The path of a folder on a local volume>”
    LogPath=”<The path of a folder on a local volume>”
    SYSVOLPath=”<The path of a folder on a local volume>”
    SafeModeAdminPassword=<The password of an offline administrator account>

    CriticalReplicationOnly=no
    SiteName=<The name of the AD DS site in which this domain controller will reside>
    This site must be created in advance in the Dssites.msc snap-in.

    ReplicaOrNewDomain=replica
    ReplicaDomainDNSName=<The fully qualified domain name (FQDN) of the domain in which you want to add an additional domain controller>
    ReplicationSourceDC=<An existing domain controller in the domain>

    ReplicationSourcePath=<The local drive and the path of the backup>

    RebootOnCompletion=yes

  • For read-only domain controller (RODC) installations, the following options apply:
    [DCINSTALL]
    UserName=<The administrative account in the domain of the new domain controller>
    UserDomain=<The name of the domain of the user account>
    PasswordReplicationDenied=<The names of the user, group, and computer accounts whose passwords are not to be replicated to this RODC>
    PasswordReplicationAllowed =<The names of the user, group, and computer accounts whose passwords can be replicated to this RODC>
    DelegatedAdmin=<The user or group account name that will install and administer the RODC>
    SiteName=Default-First-Site-Name
    CreateDNSDelegation=no
    CriticalReplicationOnly=yes

    Password=<The password for the UserName account>
    ReplicaOrNewDomain=ReadOnlyReplica
    ReplicaDomainDNSName=<The FQDN of the domain in which you want to add an additional domain controller>
    DatabasePath= “<The path of a folder on a local volume>”
    LogPath=”<The path of a folder on a local volume>”
    SYSVOLPath=”<The path of a folder on a local volume>”
    InstallDNS=yes
    ConfirmGC=yes
    SafeModeAdminPassword=<The password for an offline administrator account>
    RebootOnCompletion=yes

  • For removal of AD DS, the following options apply:
    [DCINSTALL]
    UserName=<An administrative account in the domain>
    UserDomain=<The domain name of the administrative account>
    Password=<The password for the UserName account>
    AdministratorPassword=<The local administrator password for the server>
    RemoveApplicationPartitions=yes
    RemoveDNSDelegation=yes
    DNSDelegationUserName=<The DNS server administrative account for the DNS zone that contains the DNS delegation>
    DNSDelegationPassword=<The password for the DNSDelegationUserName account>
    RebootOnCompletion=yes
  • For removal of AD DS from the last domain controller in a domain, the following options apply:
    [DCINSTALL]
    UserName=<An administrative account in the parent domain>
    UserDomain=<The domain name of the UserName account>
    Password=<The password for the UserName account> Specify * to prompt the user for credentials during the installation.
    IsLastDCInDomain=yes
    AdministratorPassword=<The local administrator password for the server>
    RemoveApplicationPartitions=If you want to remove the partitions, specify “yes” (no quotation marks) for this entry. If you want to keep the partitions, this entry is optional.
    RemoveDNSDelegation=yes
    DNSDelegationUserName=<The DNS server administrative account for the DNS zone that contains the DNS delegation>
    DNSDelegationPassword=<The password for the DNS server administrative account>
    RebootOnCompletion=yes
  • For removal of the last domain controller in a forest, the following options apply:
    [DCINSTALL]
    UserName=<An administrative account in the parent domain>
    UserDomain=<The domain name of the UserName account>
    Password=<The password for the UserName account> Specify * to prompt the user for credentials during the installation.
    IsLastDCInDomain=yes
    AdministratorPassword=<The local administrator password for the server>
    RemoveApplicationPartitions=If you want to remove the partitions, specify “yes” (no quotation marks) for this entry. If you want to keep the partitions, this entry is optional.
    RemoveDNSDelegation=yes
    DNSDelegationUserName=<The DNS server administrative account for the DNS zone that contains the DNS delegation>
    DNSDelegationPassword=<The password for the DNS server administrative account>
    RebootOnCompletion=yes

Добавить комментарий