In the past two Inside Out columns, I've discussed how to create simple batch files that let you automatically configure machines to set up domain controllers (DCs)—and in the process, domains, trees, and forests. Such batch files are tremendously useful for several reasons. First, a good disaster-recovery plan will mandate this sort of batch file because it lets you start from a freshly installed copy of Windows Server 2003 or Windows 2000 Server. By typing a few commands, you end up with a fully functional forest, rebuilt from scratch. Second, even if you never need disaster-recovery tools, you can still use the batch file to build small test networks that mimic your enterprise network and let you try things out in a safe environment. Third, this batch file effectively illustrates the power of batch automation: On a fresh system, you can type one command, walk away, then return 15 minutes later to find a perfectly configured IP stack, DNS server network, and Active Directory (AD) domain.
So far, I've shown you how to create a batch file that configures an IP stack and a DNS server network. This time, I show you how to use a batch file to create AD domains.
The Answer File
To create a domain, tree, or forest, you simply need to create the first DC in that domain, tree, or forest—and to create a DC, all you need to do is run Dcpromo (aka the Active Directory Installation Wizard). Like all wizards, Dcpromo demands attention, if only to repeatedly click Next. But a script can provide that attention. Microsoft has quietly furnished Dcpromo with full-featured scriptability. You can script Dcpromo in both Windows 2003 and Win2K, although the script commands are a bit different between the two OSs. (I use the Windows 2003 command set for this article's examples.)
To run Dcpromo with a script, you use the /answer option, as follows:
dcpromo /answer:<nameofanswerfile>
The answer file is simply an ASCII text file that contains answers to a few basic but essential questions. In general, answer files are case insensitive, except for any passwords that you might need to include. (You can build an answer file in Notepad quite easily.) The questions that a Dcpromo answer file needs answers to are
Will this DC be the first DC in a domain (thereby creating a domain), or will it simply help out in an existing domain (i.e., will it serve as a replica DC)?
If Dcpromo is creating a domain, what will that domain be called, and how will it fit in the existing forest? Should Dcpromo create not only a new domain but also a new forest?
If Dcpromo isn't creating a domain, do you have the proper credentials to create new DCs in an existing domain or to create a new domain in an existing forest?
In what location should Dcpromo place the AD database file ntds.dit, the transaction log files, and Sysvol?
How should Dcpromo handle DNS errors? If the existing DNS infrastructure is invalid for AD, should Dcpromo create a new DNS structure or simply fail with an error condition?
New Domain
To create a brand-new forest, you can use the answer file that Listing 1 shows. This answer file creates the first DC in the first domain in a forest. Following the example of the past two columns, we'll call that first domain bigfirm.biz.
In just 13 lines, the answer file provides much functionality. It starts with the [DCINSTALL] statement, which starts all Dcpromo answer files. Next is the ReplicaOrNewDomain statement, which specifies whether you're creating a new domain or adding a DC to an existing domain. The acceptable answers are Domain, which creates a new domain, and Replica, which adds a DC to an existing domain. We're creating a new domain rather than a replica DC, so that domain needs a DNS name (e.g., bigfirm.biz), a NetBIOS name (e.g., bigfirm), and a Directory Services Restore Mode (DSRM) password. The NewDomainDNSName, DomainNetBIOSName, and SafeModeAdminPassword statements specify those values.
But where does the new domain fit in a forest? The NewDomain statement has three possible values. Forest tells Dcpromo to create the first domain in a forest, Tree tells Dcpromo to create the first domain in a new tree that's part of an existing forest, and Child tells Dcpromo to create a new child domain in an existing tree (which implies that the tree is a member of an existing forest). In this example, I'm creating the first domain in a forest, so Forest is the correct value.
The next three statements—DatabasePath, LogPath, and SysvolPath—appear in every Dcpromo answer file, no matter what the DC's role, because every DC needs a copy of the AD database (and therefore must know in what location to put the database and log files) and a Sysvol. In this simple example, I've used %systemroot% as the path for each. You almost certainly wouldn't use the same path on a real-world DC; you can dramatically improve a DC's performance by putting the database and log files on separate physical drives. The %systemroot% environment variable simply refers to the drive and directory (e.g., C:\winnt, D:\windows) on which you've installed the OS.
During his first-ever Consumer Electronics Show (CES) 2009 keynote address last night in Las Vegas, Microsoft CEO Steve Ballmer announced the pending public availability of a feature-complete Windows 7, the final version of Windows Live Essentials, and ...
The decision to upgrade your XP systems to Vista is simple when you consider features such as easier backup, a great desktop search, and vastly improved security options. ...
The decision to upgrade to Vista has to make business sense, but many companies find the costs in training and application compatibility problems outweigh any benefits Vista brings. ...
Microsoft Learning Snack - Green IT Through Virtualization Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.
Order Your Fundamentals CD Today! Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Microsoft Learning Snack - Virtualization Basics With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.
Microsoft Learning Snack - Virtualization Basics With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.
Empower Your Processes with PowerShell 201 Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!
Microsoft Learning Snack - Green IT Through Virtualization Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.
New Release: Windows IT Pro Master CD 13 years of content archives, fast answers with advanced search tools, and full access to WindowsITPro.com—order today!
Previous
Register
