Friday, February 27, 2009

How to add the second domain controller in Active Directory (Windows 2008 R2) part 2

If you miss part one of this article please click here to review it.

The Answer File:

- The following list includes the installation options (including the new options for R2 versions of Windows 2008) to use with dcpromo and an answer file. For more information about each option click here.

- It’s also important to know the meaning of unattended installation return codes. You can check that clicking here. For return codes keep in mind that:
o 1-10 = refer to success return codes
o 11-100 = refer to failure return codes

- Note: The following options are available for the Promotion operation during an unattended installation of Active Directory Domain Services (AD DS) in Windows Server 2008 and Windows Server 2008 R2. Options that are new appear in bold text.

I would like to comment one of the available options mentioned in the answer file. The option is “/TransferIMRoleIfNeeded”. According with the option description, this option is to be used when we want to transfer the Infrastructure Master Role to the server that we’re setting up. The description warns that we should only do this if the DC that you’re setting up is NOT a GC. This does NOT have to be like that.

In fact we can have the Infrastructure master role in a Global Catalog when:
- Only one domain exists in your Forest.
- If you’ve only one domain controller for a given domain within your forest.
- If all DCs in the domain are also Global Catalogs
In scenarios previously mentioned you can place the IM (Infrastructure Master Role) in DC (Domain Controller) that is also a GC (Global Catalog).

The setting description applies when:
- You’ve multiple domains in your forest, and the Domain where the Infrastructure master role is has a mixture of DCs that are GCs and non-GCs. In this scenario the IM role should NOT be placed in a GC, and the option “/ConfirmGc “ should be set “/ConfirmGc:NO”.

Check the following video to see how everything it’s done. The basic steps are:

· Because we are introducing the new Windows 2008 R2 in a Windows 2008 Domain, we need to prepare the forest and the domain for the new windows 2008 R2. We need to run the adprep /forestprep in the schema master, and the adprep /domainprep in the Infrastructure master. In order to accomplish that we need to insert the Windows 2008 R2 DVD in the Schema master and in the Infrastructure master domain controller. Additionally (NOT MANDATORY) we’ll also raise the Forest Functional Level to Windows 2003 to latter introduce the new domain controller available in windows 2008 called Read-Only Domain Controller.

Note: If the FSMO owner is a Windows 2008 DC 32Bit version, you need to use the adprep 32bit version (adprep32.exe) from Windows 2008 R2 DVD.

· After upgrading the Forest and Domain, we are ready to add the Windows 2008 R2 as additional DC.

· In this demonstration, SWDC01 has the IP address: and this server (SWDC02) has the IP address: Configure the SWDC02 NIC preferred DNS server with the SWDC01 IP address.

· Download and configure the answer file. Click here to access to the answer file. Open your text editor and copy the all the lines between “->Begin” and “->End” to a text file. Save the text file with .txt extension and you’re ready to start the configuration of the existing options in this file. After that configuration, you can use the answer file with dcpromo.exe as follows: dcpromo /unattend: "path to the answer file"

· Run dcpromo with the /unattended option and path to the answer file.

· Reboot.

· After reboot, check that everything is working correctly.

Part 1

Part 2

Have fun :)

You might want to have a look at the next article:
(How to add a RODC in a Windows Core installation with IPSec at DMZ using CLI)

1 comment:

  1. I can't wait for RODC demonstration. Great job.