AMSS Windows Server Longhorn Active Directory Installation and Removal

Step-by-Step Guide for Windows Server
"Longhorn" Beta 2 AD DS Installation

and Removal
Microsoft Corporation
Published: June 2006
Program Manager: Mas Libman
User Assistance Writer: Mary Hillman
Editor: Jim Becker
Abstract
Active Directory® Domain Services (AD DS) is a server role of the Microsoft®
Windows Server® Code Name "Longhorn" operating system. AD DS provides a
distributed directory service that you can use for centralized, secure management of your
network. This guide describes the installation and removal processes for the AD DS
server role. You can use the procedures in this guide to install and remove AD DS on
servers that are running Windows Server "Longhorn" in a test lab environment.
This document supports a preliminary release of a software product that may be changed
substantially prior to final commercial release, and is the confidential and proprietary
information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure
agreement between the recipient and Microsoft. This document is provided for
informational purposes only and Microsoft makes no warranties, either express or
implied, in this document. Information in this document, including URL and other Internet
Web site references, is subject to change without notice. The entire risk of the use or the
results from the use of this document remains with the user. Unless otherwise noted, the
example companies, organizations, products, domain names, e-mail addresses, logos,
people, places, and events depicted herein are fictitious, and no association with any real
company, organization, product, domain name, e-mail address, logo, person, place, or
event is intended or should be inferred. Complying with all applicable copyright laws is
the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other

intellectual property rights covering subject matter in this document. Except as expressly
provided in any written license agreement from Microsoft, the furnishing of this document
does not give you any license to these patents, trademarks, copyrights, or other
intellectual property.
© 2006 Microsoft Corporation. All rights reserved.
Active Directory, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT,
Windows Server, and Windows Vista are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.
All other trademarks are property of their respective owners.

Contents
Step-by-Step Guide for Windows Server "Longhorn" Beta 2 AD DS Installation and
Removal..........................................................................................................................1
Abstract.......................................................................................................................1
Contents.............................................................................................................................4
Step-by-Step Guide for Windows Server "Longhorn" Beta 2 AD DS Installation and

Removal .............................................................................................................7
In this guide....................................................................................................................7
What's new in AD DS installation and removal?.............................................................7
New installation options...............................................................................................8
New options in the Active Directory Domain Services Installation Wizard................8
New unattend options..............................................................................................9
RODC option............................................................................................................9
DNS installation options...........................................................................................9
Global catalog installation options............................................................................9
New server operating system installation options......................................................10
Full installation.......................................................................................................10
Server Core installation..........................................................................................10
Known issues for installing and removing AD DS.........................................................11
Scenarios for installing AD DS......................................................................................11
Install a new Windows Server "Longhorn" forest.......................................................12
Install a new Windows Server "Longhorn" domain in an existing
Windows 2000 Server or Windows Server 2003 forest..........................................12
Install a new Windows Server "Longhorn" domain controller in an existing
Windows 2000 Server or Windows Server 2003 domain.......................................13
Install AD DS from restored backup media................................................................14
Verify AD DS installations..........................................................................................15
Scenarios for removing AD DS.....................................................................................15
Remove a domain controller from a domain..............................................................16
Remove the last domain controller in a domain.........................................................16
Remove the last domain controller in a forest...........................................................16
Requirements for AD DS installation.............................................................................16
Steps for installing AD DS.............................................................................................17
Installing a new Windows Server "Longhorn" forest..................................................17
Installing a new forest by using the Windows interface..........................................18
Installing a new forest by using an answer file.......................................................19
Installing a new forest by entering unattended installation parameters at the
command line.....................................................................................................21
Importing localized display specifiers on a Server Core implementation of a new
forest...................................................................................................................22
Installing a new Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest..........................................23
Preparing the forest schema for Windows Server "Longhorn"...............................23
Installing a new Windows Server "Longhorn" domain by using the Windows
interface..............................................................................................................24
Installing a new Windows Server "Longhorn" domain unattended by using an
answer file...........................................................................................................26
Installing a new Windows Server "Longhorn" domain by entering unattended
installation parameters at the command line.......................................................28
Installing a Windows Server "Longhorn" domain controller in an existing
Windows Server 2003 or Windows 2000 Server domain.......................................28
Preparing the domain for Windows Server "Longhorn"..........................................28
Installing a Windows Server "Longhorn" domain controller by using the Windows
interface..............................................................................................................29
Installing a Windows Server "Longhorn" domain controller by using an answer file
............................................................................................................................31
Installing a new Windows Server "Longhorn" domain controller by entering
unattended installation parameters at the command line....................................33
Installing AD DS from restored backup media...........................................................33
Verifying an AD DS installation..................................................................................35
Steps for removing AD DS............................................................................................35
Removing a Windows Server "Longhorn" domain controller from a domain.............36
Removing a Windows Server "Longhorn" domain controller by using the Windows
interface..............................................................................................................36
Removing a Windows Server "Longhorn" domain controller by using an answer file
............................................................................................................................37
Removing a Windows Server "Longhorn" domain controller by entering unattended
installation parameters at the command line.......................................................38
Removing AD DS binaries......................................................................................38
Removing the last Windows Server "Longhorn" domain controller in a domain........39
Removing the last Windows Server "Longhorn" domain controller in a domain by
using the Windows interface...............................................................................39
using an answer file............................................................................................40
entering unattended installation parameters at the command line......................41
Removing the last Windows Server "Longhorn" domain controller in a forest...........41
Removing the last Windows Server "Longhorn" domain controller in a forest by
using the Windows interface...............................................................................42
using an answer file............................................................................................43
entering unattended installation parameters at the command line......................43
Appendix of unattended installation parameters...........................................................43
Unattended general options......................................................................................44
Unattended install options.........................................................................................44
Unattended uninstall options.....................................................................................52
Unattended installation return codes.........................................................................53
Success return codes.............................................................................................53
Failure return codes...............................................................................................54
Logging bugs and feedback..........................................................................................61
7
Step-by-Step Guide for Windows Server

"Longhorn" Beta 2 AD DS Installation
and Removal
Active Directory® Domain Services (AD DS) is a server role of the Microsoft®
Windows Server® Code Name "Longhorn" operating system. AD DS provides a
distributed directory service that you can use for centralized, secure management of your
network.
This guide describes the installation and removal processes for the AD DS server role.
You can use the procedures in this guide to install and remove AD DS on servers that are
running Windows Server "Longhorn" in a test lab environment.
In this guide
• What's new in AD DS installation and removal?
• Known issues for installing and removing AD DS
• Key scenarios for installing AD DS
• Key scenarios for removing AD DS
• Requirements for AD DS installation
• Steps for installing AD DS
• Steps for removing AD DS
• Appendix of unattend parameters
What's new in AD DS installation and

removal?
AD DS has the following new options in Windows Server "Longhorn":
• AD DS installation options
• Server operating system installation options
• Read-only domain controller (RODC) option

8
• Domain Name System (DNS) installation options
• Global catalog installation options
New installation options

When you install AD DS, you have several new options in Windows Server "Longhorn",
both in the Active Directory Domain Services Installation Wizard and when you perform
an unattended installation at the command line.
The new AD DS installation options are as follows:
• You can specify the following domain controller options:
• DNS server: In the Microsoft Windows Server® 2003 operating system, DNS
server installation is offered, if needed. In Windows Server "Longhorn", DNS
installation and configuration is automatic, if needed. When you install DNS on
the first domain controller in a new domain in Windows Server "Longhorn", a
delegation for the new domain is created automatically in DNS.
• Global catalog server: As in Windows Server 2003, installing a domain

controller as a global catalog server is not an installation option in the Windows
interface.
• RODC: This domain controller option is new in Windows Server "Longhorn".

It is available when you add a domain controller in an existing domain. The first
domain controller in the forest or domain cannot be an RODC.
• You can specify the site of a new domain controller or use the site that
corresponds to the IP address of the computer.
New options in the Active Directory Domain Services Installation

Wizard
You can use the Active Directory Domain Services Installation Wizard to add the AD DS
server role interactively.
The wizard has the following new options:
• You can access the Active Directory Domain Services Installation Wizard in new
ways, as follows:
• You can click Add Roles in Initial Configuration Tasks, the application that
appears when you first install the operating system.
• You can click Add Roles in Server Manager, which is always available on the
Administrative Tools menu and through an icon in the notification area.
9
• The advanced installation mode is available in the Active Directory Domain

Services Installation Wizard; you do not have to run dcpromo /adv.
• The option to create a new domain tree is available only in advanced mode.
New unattend options

New options for running unattended installation of AD DS are available in
Windows Server "Longhorn". Unlike unattended installation in Windows Server 2003,
unattended installation in Windows Server "Longhorn" does not require a response to any
user interface (UI) prompt, such as to restart the domain controller, which makes the
process truly "unattended."
During an unattended operation, a return code is used to indicate whether or not the
operation was successful.
For a list of all return codes and unattend options for Windows Server "Longhorn",
including allowed values, default values, and descriptions, see the Appendix of
unattended installation parameters.
RODC option
A new type of domain controller can be installed on servers that are running
Windows Server "Longhorn" Beta 2. RODC hosts a read-only replica of the AD DS
database. RODC makes it possible for organizations to deploy a domain controller easily
in remote locations where its physical security cannot be guaranteed.
For information about using RODC, see the Step-by-Step Guide for Planning, Deploying,
and Using a Windows Server "Longhorn" Beta 2 Read-only Domain Controller in this
documentation set.
DNS installation options

The option to install DNS is available, depending on your installation selections and DNS
conditions on the network. In scenarios where DNS is required, the option is not
available, and DNS is installed automatically.
When you select the DNS option or when DNS is installed automatically, DNS creates a
new delegation, or it updates existing delegations for the server automatically.
Global catalog installation options

In Windows Server "Longhorn", the global catalog server option is available for all
installations other than the first domain controller in the forest, which must be a global
10
catalog server. In Windows Server "Longhorn" Beta 2, the global catalog server option is
not compatible with RODCs. However, RODCs will be capable of hosting the global
catalog in future releases of Windows Server "Longhorn".
Global catalog server is the default domain controller option when you are adding a new
domain controller in an existing domain.
New server operating system installation options

Windows Server "Longhorn" provides a new minimal server installation option, called
Server Core installation, in addition to the Full installation option.
Full installation
For ease of management, you can install AD DS on a server that is running the Full
installation of Windows Server "Longhorn". A Full installation of Windows Server
"Longhorn" supports both interactive (wizard) and unattended domain controller
installation.
Server Core installation

A Server Core installation provides a minimal environment for running specific server
roles, which reduces servicing and management requirements and the attack surface for
those server roles. To install AD DS on a Server Core installation of Windows Server
"Longhorn", perform an unattended installation. Server Core installations do not provide
any graphical UI (GUI). They must be managed solely from the command line. A Server
Core installation supports the following server roles:
• AD DS
• DHCP server
• File server
• DNS server
For more information about Server Core installations, see Microsoft Windows Server
Code Name "Longhorn" Beta 2 Server Core Step-By-Step Guide in this documentation
set.
11
Known issues for installing and removing

AD DS
The following issues affect Beta 2 versions of Windows Server "Longhorn":
• When you create a new Windows Server "Longhorn" forest on a Server Core
installation, non-English display specifiers are not installed automatically. You must
import display specifiers manually.
• Starting a new domain at, or raising an existing domain to, the Windows Server
"Longhorn" domain level might result in SYSVOL not being replicated. Issues with
migrating from File Replication service (FRS) replication to Distributed File Service
(DFS) Replication will be resolved in subsequent Windows Server "Longhorn"
versions.
• When you remove the AD DS server role, the role binaries are not removed
automatically. After you remove AD DS and restart the server, you must remove
AD DS binaries manually.
• You cannot create a child domain or additional domain controller with a Japanese
domain name.
• You cannot install DNS during installation of an additional domain controller when
a Unicode DNS name is used.
• When a domain name includes Unicode or double-byte characters, domain

controllers hosting that domain cannot be located by DNS clients.
For known issues that apply when you deploy an RODC, see the Step-by-Step Guide for
Planning, Deploying, and Using a Windows Server "Longhorn" Beta 2 Read-only Domain
Controller in this documentation set.
Scenarios for installing AD DS

The following AD DS installation scenarios are available in Windows Server "Longhorn":
• Install a new Windows Server "Longhorn" forest
• Install a new Windows Server "Longhorn" domain in an existing

Windows 2000 Server or Windows Server 2003 forest
• Install a new Windows Server "Longhorn" domain controller in an existing

Windows 2000 Server or Windows Server 2003 domain
• Install AD DS from restored backup media
• Verify domain controller installations

12
Install a new Windows Server "Longhorn" forest

When you install AD DS to create the first domain controller in a new Windows Server
"Longhorn" forest, be aware of the following considerations:
• You must make forest and domain functional level decisions that determine
whether your forest and domain can contain domain controllers that run Microsoft
Windows® 2000 Server, Windows Server 2003, or both.
Important
Multiple–domain controller domains that are created at, or raised to, the
Windows Server "Longhorn" functional level are not supported in
Windows Server "Longhorn" Beta 2. As a result of issues with migration from
FRS replication to DFS Replication in Windows Server "Longhorn" Beta 2,
SYSVOL might not replicate properly at the Windows Server "Longhorn"
domain functional level. This condition can prevent a new domain controller
that is added subsequently from advertising itself as a domain controller.
• Domain controllers that are running the Microsoft Windows NT® Server 4.0
operating system are not supported with Windows Server "Longhorn".
• Servers running Windows NT Server 4.0 are not supported by domain controllers
that are running Windows Server "Longhorn".
• The first Windows Server "Longhorn" domain controller in a forest cannot be an

RODC.
Install a new Windows Server "Longhorn" domain in an

existing Windows 2000 Server or
Windows Server 2003 forest
When you install AD DS to create the first domain controller in a new Windows Server
"Longhorn" domain, be aware of the following considerations:
• Before you create a new Windows Server "Longhorn" domain in a

Windows 2000 Server or Windows Server 2003 forest, you must prepare the forest
for Windows Server "Longhorn" by extending the schema (that is, by running
adprep /forestprep).
• You must make domain functional level decisions that determine whether your
domain can contain domain controllers that run Windows 2000 Server,
Windows Server 2003, or both.
13
Important
Multiple–domain controller domains that are created at, or raised to, the
Windows Server Longhorn domain functional level are not supported in
Windows Server "Longhorn" Beta 2. As a result of issues with migration from
FRS replication to DFS Replication in Windows Server "Longhorn" Beta 2,
SYSVOL might not replicate properly at the Windows Server "Longhorn"
domain functional level. This condition can prevent a new domain controller
that is added subsequently from advertising itself as a domain controller.
Windows Server "Longhorn" security principals are not created until the primary domain
controller (PDC) operations master in the forest root domain is running Windows Server
"Longhorn". This requirement is similar to the Windows Server 2003 requirement.
For procedures to install a new domain, see Installing a new Windows Server "Longhorn"
domain in an existing Windows Server 2003 or Windows 2000 Server forest.
Install a new Windows Server "Longhorn" domain

controller in an existing Windows 2000 Server or
Windows Server 2003 domain
When you install a new Windows Server "Longhorn" domain controller in an existing
Windows 2000 Server or Windows Server 2003 domain, be aware of the following
considerations:
• If this domain controller is the first Windows Server "Longhorn" domain controller
in the forest, you must prepare the forest for Windows Server "Longhorn" by
extending the schema (that is, by running adprep /forestprep), on the schema
master if this has not already been done.
in a Windows 2000 Server domain, you must prepare the domain by running
adprep /domainprep /gpprep on the infrastructure master.
in a Windows Server 2003 domain, you must prepare the domain by running
adprep /domainprep on the infrastructure master.
Note
If you prepare a Windows Server 2003 domain by running adprep
/domainprep /gpprep, you can safely disregard the error message that
indicates that domain updates were not necessary.
14
• The first Windows Server "Longhorn" domain controller in an existing

Windows 2000 Server or Windows Server 2003 domain cannot be created as an
RODC. After a Windows Server "Longhorn" domain controller exists in the domain,
subsequent Windows Server "Longhorn" domain controllers can be created as
RODCs. The forest and domain functional level of Windows Server 2003 is required
for creating an RODC.
Note
Do not add an additional Windows Server "Longhorn" domain controller if the
forest or domain functional level is Windows Server "Longhorn". For
Windows Server "Longhorn" Beta 2, the Windows Server "Longhorn"
functional level is not supported for a domain that has multiple domain
controllers.
• If you are installing the first RODC in the forest, you must prepare the forest by
running adprep /rodcprep. For more information, see the Step-by-Step Guide for
Planning, Using, and Deploying a Windows Server "Longhorn" Beta 2 Read-Only
Domain Controller in this documentation set.
• For the Windows Server "Longhorn" Beta 2 release, changing the domain
functional level to Windows Server "Longhorn" in a pre-existing
Windows 2000 Server or Windows Server 2003 domain after upgrading all domain
controllers to Windows Server "Longhorn" Beta 2 is not supported.
After you have prepared the forest and the domain, you can install AD DS to create a
new Windows Server "Longhorn" domain controller. Use Server Manager to install the
Active Directory Domain Services server role.
For procedures to install a new domain controller, see Installing a Windows Server
"Longhorn" domain controller in an existing Windows Server 2003 or Windows 2000
Server domain.
Install AD DS from restored backup media

As with Windows Server 2003, you can use restored backup media to minimize
replication traffic during AD DS installation on a server that is running Windows Server
"Longhorn". You can use this installation method to install a new domain controller in an
existing domain. The installation media that you use must be prepared from the same
type of domain controller that you are installing. The following aspects of the domain
controller source and target must be identical:
• Domain controller option: Writeable or read-only

15
• Operating system: Windows 2000 Server, Windows Server 2003, or

Windows Server "Longhorn"
• Platform: x86, IA64, or x64
A Server Core installation can be the source for installing a new domain controller on a
Full installation of Windows Server "Longhorn".
Note
For Windows Server "Longhorn" Beta 2, you cannot use restored backup media
to install AD DS on a Server Core installation of Windows Server "Longhorn".
For information about creating the backup media, see the Step-by-Step Guide for
Windows Server "Longhorn" Beta 2 Active Directory Domain Services Backup and
Recovery in this documentation set.
For the procedure to install a new domain controller by using backup media, see
Installing AD DS from restored backup media.
Verify AD DS installations
You can perform verification steps after you install a domain controller, including the
following:
• Check the directory service event log for errors.
• Make sure that the SYSVOL folder is accessible to clients.
• Verify DNS functionality.
• Verify replication.
Scenarios for removing AD DS

You can remove the AD DS server role by using the Active Directory Domain Services
Installation Wizard or by performing an unattended removal. Server Core installations are
always removed through an unattended removal.
Unattended options provide the ability to remove AD DS without having to provide any
information other than the information that is contained in the answer file. For information
about unattended AD DS removal return codes, see the Appendix of unattended
installation parameters.
Although processes for removing AD DS are essentially unchanged from

Windows Server 2003, they are included here for completeness. For more information
16
about removing domain controllers, domains, and forests, including forced removal, see
Administering Domain Controllers (http://go.microsoft.com/fwlink/?LinkId=68642).
Remove a domain controller from a domain

For procedures to remove a domain controller from an existing domain, see Removing a
Windows Server "Longhorn" domain controller from a domain.
Remove the last domain controller in a domain

For procedures to remove the last domain controller in a domain, see Removing the last
Windows Server "Longhorn" domain controller in a domain.
Remove the last domain controller in a forest

For procedures to remove the last domain controller in a forest, see Removing the last
Windows Server "Longhorn" domain controller in a forest.
Requirements for AD DS installation

For Windows Server "Longhorn" hardware requirements, see the Windows Server
"Longhorn" Beta 2 release notes.
The following software requirements apply to both Full installations and Server Core
installations:
• Windows Server "Longhorn" Beta 2 operating system
• Appropriate TCP/IP and DNS server addresses configured
• When you use an answer file to perform an unattended installation of AD DS, a

[DCINSTALL] unattend.txt file with appropriate parameters specified. For a list of
entries for the [DCINSTALL] answer file, see Appendix of unattended installation
parameters.
• Schema preparation: Before you can add AD DS to a server that is running

Windows Server "Longhorn" in a Windows Server 2003 or Windows 2000 Server
forest, you must update the schema on the schema operations master in the forest
by running adprep /forestprep.
• Domain preparation: Before you can add AD DS to a server that is running

Windows Server "Longhorn" in a Windows Server 2003 or Windows 2000 Server
17
domain, you must update the infrastructure master in the domain by running
adprep /domainprep /gpprep.
• RODC preparation: Before you can install AD DS to create an RODC, you must
prepare the forest by running adprep /rodcprep.
• DNS infrastructure: Before you add AD DS to create a domain or forest, be sure

that a DNS infrastructure is in place on your network. When you install AD DS, you
can include DNS server installation, if needed. When you create a new domain, a
DNS delegation is created automatically during the installation process.
For information about configuring a Server Core installation, see the Microsoft Windows
Server Code Name "Longhorn" Beta 2 Server Core Step-By-Step Guide in this
documentation set.
Steps for installing AD DS

The following sections provide step-by-step instructions for installing AD DS in all
configurations, including methods for installing it on both Full Windows Server "Longhorn"
installations and Server Core Windows Server "Longhorn" installations. These sections
provide both the Windows interface and command-line methods for performing
installations.
The process for performing an unattended installation of AD DS is the same for a server
that is running a Full installation of Windows Server "Longhorn" and for a Server Core
installation of Windows Server "Longhorn". The unattended method of installation is
required for Server Core operating systems.
Procedures for installing AD DS are provided for the following scenarios:
• Installing a new Windows Server "Longhorn" forest
• Installing a new Windows Server "Longhorn" domain in an existing

Windows Server 2003 or Windows 2000 Server forest
• Installing a Windows Server "Longhorn" domain controller in an existing

Windows Server 2003 or Windows 2000 Server domain
• Installing AD DS from restored backup media
• Verifying AD DS installations
Installing a new Windows Server "Longhorn" forest

You can install a new Windows Server "Longhorn" forest by using the following methods:
18
• Interactively, by using the Windows interface
• Unattended, by using an answer file
• Unattended, by entering unattend parameters at the command line
Important
If you create a new forest by installing AD DS on a Server Core installation of
Windows Server "Longhorn", you must install display specifiers manually after
AD DS installation.
Installing a new forest by using the Windows interface

The Windows interface provides wizards that step you through the AD DS installation
process.
Administrative credentials
You must be logged on as the local administrator for the computer.
To install a new forest by using the Windows interface

1. In Initial Configuration Tasks or Server Manager, click Add roles.
2. In the Add Roles Wizard, on the Before You Begin page, review the
preliminary verification steps. When you complete all the preliminary steps, click
Next.
3. On the Select Server Roles page, select Active Directory Domain

Services, and then click Next.
4. On the Active Directory Domain Services page, review the introductory

notes, and then click Next to confirm your selections, or click Install to proceed
with installation.
5. On the Welcome to the Active Directory Domain Services Installation

Wizard page, click Next.
When you create the first domain controller in a new forest, there are no
additional advanced options.
6. On the Choose a Deployment Configuration page, click New forest, and

then click Next.
7. On the New Domain Name page, type the full DNS name for the forest root
domain, and then click Next.
8. On the Set Forest Functional Level page, select the forest functional level
19
that accommodates the domain controllers that you plan to install anywhere in
the forest, and then click Next.
9. On the Set Domain Functional Level page, select the domain functional
level that accommodates the domain controllers that you plan to install anywhere
in the domain, and then click Next.
10. On the Additional Options page, DNS server is selected by default so that
your forest DNS infrastructure can be created during AD DS installation. If you
plan to use Active Directory–integrated DNS, click Next. If you have an existing
DNS infrastructure and you do not want this domain controller to be a DNS
server, select DNS server to clear the check box, and then click Next.
11. On the Location for Database, Log Files and SYSVOL page, type or
browse to the volume and folder locations for the database file, the directory
service log files, and the system volume (SYSVOL) files, and then click Next.
Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.
12. On the Active Director Domain Services Restore Mode Administrator

Password page, type and confirm the restore mode password, and then click
Next. This password must be used to start AD DS in Directory Service Restore
Mode for tasks that must be performed offline.
13. On the Summary page, review your selections. Click Back to change any
selections, if necessary. When you are sure that your selections are accurate,
click Next to install AD DS.
14. When you are prompted, restart the server to complete the AD DS
installation.
Installing a new forest by using an answer file

You can use the unattended method to install AD DS to create a new forest on a Full
installation of Windows Server "Longhorn" or on a Server Core installation of
Windows Server "Longhorn". To use the unattended method of installation, you must first
prepare an answer file that contains configuration values.
Use the following procedure to create the answer file. This procedure identifies only the
essential answer file entries for creating a new Windows Server "Longhorn" forest. For a
complete list of unattended installation options, including default values, allowed values,
and descriptions, see Unattended install options.
20
To perform this procedure, you can use any account that has Read and Write privileges
for the text editor application.
To create an answer file for installing a new forest

1. Open Notepad or any other text editor.
2. On the first line, type [DCINSTALL], and then press ENTER.
3. Type the following entries, one entry on each line:
AutoConfigDNS=yes
NewDomain=forest
NewDomainDNSName=<fully qualified DNS name>
DomainNetBiosName=<first label of the fully qualified DNS name, by default>
ReplicaOrNewDomain=domain
ForestLevel=<forest functional level number>
DomainLevel=<domain functional level number>
DatabasePath=<path to a folder on a local volume, surrounded by double

quotation marks>
LogPath=<path to a folder on a local volume, surrounded by double quotation

marks>
SYSVOLPath=<path to a folder on a local volume, surrounded by double

quotation marks>
SafeModeAdminPassword=<password>
RebootOnCompletion=yes
4. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network shared folder or removable
media for distribution.
After you create the answer file, use the following procedure to perform the unattended
installation. Use this procedure to install AD DS on either a Full installation of
Windows Server "Longhorn" or a Server Core installation of Windows Server "Longhorn".
Note
If you are performing this procedure on a server that is running a Server Core
installation of Windows Server "Longhorn" Beta 2, you must also perform the
21
procedure in Importing localized display specifiers on a Server Core

implementation of a new forest.
You must be logged on to the server with the local administrator account.
To install a new domain controller by using an answer file

• At the command prompt, type the following, and then press ENTER:
dcpromo /unattend:answerFileLocation
Installing a new forest by entering unattended installation

parameters at the command line
If you have a list of the unattend options and parameter values that you want to use to
create a new forest, you can type the options and values directly into the command line
rather than using an answer file.
Use the following procedure to install a new forest unattended from the command line. If
you are performing this procedure on a server that is running a Server Core installation of
Windows Server "Longhorn" Beta 2, you must also perform the procedure in Importing
localized display specifiers on a Server Core implementation of a new forest.
You must be logged on to the server with the local administrator account.
To install a new domain controller by entering unattended installation

parameters at the command line
1. At a command prompt, type the following, and then press ENTER:
dcpromo /unattend /unattendOption:value /unattendOption:value ...
Where
• unattendOption is an option in the Unattend install options table.

Separate each option:value pair with a space.
• value is the configuration instruction for the option
The following example creates the first domain controller in a new forest where
you expect to install at least some Windows Server 2003 domain controllers:
dcpromo /autoConfigDns:yes /dnsOnNetwork:yes

22
/replicaOrNewDomain:domain /newDomain:forest
/newDomainDnsName:contoso.com /DomainNetbiosName:contoso
/databasePath:"e:\ntds" /logPath:"e:\ntdslogs" /sysvolpath:"g:\sysvol"
/safeModeAdminPassword:FH#3573.cK /forestLevel:2 /domainLevel:2
/rebootOnCompletion:yes
2. When you have typed all the options that are required to create the forest,
press ENTER.
Importing localized display specifiers on a Server Core

implementation of a new forest
For Windows Server "Longhorn" Beta 2 only, if you create a new AD DS on a computer
that is running a Server Core installation of Windows Server "Longhorn", the non-English
display specifiers are not imported automatically as they are for a new forest that is
created on a server that is running a Full installation of Windows Server "Longhorn". As a
result, some areas of the UI might appear in English instead of another language.
To correct this problem, you must manually import the display specifiers from the Server
Core domain controller from which you created the forest.
Administrator account in the forest root domain.
To import localized display specifiers on a Server Core forest root domain

controller
1. Log on to the first domain controller that was created in a forest and that is
installed on a server running a Server Core installation of Windows Server
"Longhorn".
2. Open a command prompt, type the following command, and then press
ENTER:
%windir%\system32\dcphelp.exe
3. Immediately after running dcphelp.exe, verify that the operation was

successful by checking the error level returned by dcphelp.exe. Type the
following command, and then press ENTER:
echo %errorlevel%
4. Check the returned value, and then do one of the following:
• If the returned value equals 0, check %windir%\debug\csv.log to see the

import result.
23
• If a value other than 0 is returned, check %windir

%\debug\dcpromohelp.log for more information to help troubleshoot the
issue.
Installing a new Windows Server "Longhorn" domain in an

existing Windows Server 2003 or Windows 2000
Server forest
Before you install the first Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest, you must do the following:
that you are adding to the forest, prepare the forest by updating the schema.
• If you plan to install an RODC in the forest after you install the initial
Windows Server "Longhorn" domain controller, you must also run the command
adprep /rodcprep. For additional requirements for installing an RODC in a
Windows Server 2003 forest, see the Step-by-Step Guide for Planning, Deploying,
and Using a Windows Server "Longhorn" Beta 2 Read-only Domain Controller in this
documentation set.
You can install a new Windows Server "Longhorn" domain in an existing

Windows Server 2003 or Windows 2000 Server forest by using the following procedures:
• Prepare the forest schema for Windows Server "Longhorn".
• Install a new domain, as follows:
• Interactively, by using the Windows interface
• Unattended, by using an answer file
• Unattended, by entering unattended installation parameters at the command

line
Preparing the forest schema for Windows Server "Longhorn"

Before you can add a domain controller that is running Windows Server "Longhorn" to an
Active Directory environment running Windows 2000 Server or Windows Server 2003,
you must update the schema. You must update the Active Directory schema from the
domain controller that hosts the schema operations master role. If you are performing an
unattended installation of AD DS with Windows Server "Longhorn", you must update the
schema before you install the operating system. For normal installations, you must
update the schema after you run Setup and before you install AD DS. Use the following
24
procedure to update the Windows Server 2003 or Windows 2000 Server Active Directory
schema for Windows Server "Longhorn".
You must use an account that has membership in all of the following groups: Enterprise
Admins, Schema Admins, and Domain Admins. By default, Domain Admins is a member
of Enterprise Admins.
To prepare the forest schema for Windows Server "Longhorn"

1. Log on to the schema master as a member of the Enterprise Admins,
Schema Admins, and Domain Admins groups.
2. Insert the Windows Server "Longhorn" DVD into the CD or DVD drive. Copy
the contents of the \sources\adprep folder to an Adprep folder on the schema
master.
3. Open a command prompt, and then change directories to the Adprep folder.
4. At the command prompt, type the following, and then press ENTER:
adprep /forestprep
5. Allow the operation to complete, and then allow the changes to replicate
before performing the next procedure.
Installing a new Windows Server "Longhorn" domain by using the

Windows interface
The Windows interface provides wizards that step you through the AD DS installation
process.
You must be a member of the Domain Admins group in the parent domain, or you must
be a member of the Enterprise Admins group in the forest.
To install a new domain by using the Windows interface

Next.
3. On the Select Server Roles page, select AD DS, and then click Next.
25

with installation.

Wizard page, click Next, or, to use the advanced option if you want to identify the
source domain controller for AD DS replication, select Use Advanced mode
installation.
6. On the Choose a Deployment Configuration page, click Existing forest

and New domain, and then click Next.
7. On the Network credentials page, provide the user name and password for
an account that has at least Domain Admins privileges in the parent domain, and
then click Next.
8. On the Name the New Domain page, type the parent and child domain
names according to the instructions, and then click Next.
9. On the Domain NetBIOS Name page, change the name, if necessary, and
then click Next.
10. On the Set Domain Functional Level page, select the domain functional
level that accommodates the domain controllers that you plan to install anywhere
in the domain, and then click Next.
11. On the Select Site page, select a site from the list or select the option to
install the domain controller in the site that corresponds to its IP address, and
then click Next.
12. On the Additional Options page, make the following selections, and then
click Next:
• DNS server: This option is selected by default so that your domain

controller can function as a DNS server and a delegation is created in DNS
for this domain.
• Global Catalog: This option adds the global catalog, read-only directory
partitions to the domain controller and enables global catalog search
functionality.
13. If you have selected the advanced installation mode, on the Source Domain
Controller page, specify a domain controller from which to replicate the
configuration and schema directory partitions, and then click Next.
26
15. On the Active Director Domain Services Restore Mode Administrator

selections, if necessary, and when you are sure that your selections are accurate,
installation.
Installing a new Windows Server "Longhorn" domain unattended by

using an answer file
You can use the unattended method to install AD DS to create a new domain on a Full
installation of Windows Server "Longhorn" or on a Server Core installation of
Windows Server "Longhorn". To use the unattended method of installation, you must first
prepare an answer file that contains configuration values.
You can use the following procedure to create the answer file. This procedure identifies
only the essential answer file entries for creating a new Windows Server "Longhorn"
domain. For a complete list of unattended installation options, including default values,
allowed values, and return codes, see Unattended install options.
To create an answer file for installing a new domain

1. Open Notepad or any text editor.
2. On the first line, type [DCINSTALL] and then press ENTER.
3. Create the following entries, one entry on each line. These options are the
minimum options that are required for a new domain installation with DNS
configured automatically. For a complete list of unattended installation options,
including default values, allowed values, and descriptions, see Unattended install
27
options.
ParentDomainDNSName=<fully qualified DNS name of parent domain>
UserName=<administrative account in parent domain>
Password=<password for the account in UserName>
NewDomain=child
ChildName=<fully qualified DNS name of new domain>
NewDomainDNSName=<fully qualified DNS name of new domain>
DomainNetBiosName=<usually, first label of the fully qualified DNS name>

ReplicaOrNewDomain=domain
DomainLevel=<domain functional level number>
DatabasePath=<path to a folder on a local volume, surrounded by double

quotation marks>

marks>

quotation marks>
AutoConfigDNS=yes
DNSDelegation=yes
DNSDelegationUserName=<if different from the account that is being used to

install AD DS, the account in the parent domain that has the privileges that are
required to create a DNS delegation>
DNSDelegationPassword=<if using a different account for

DNSDelegationUserName, the password for the account>
DNSOnNetwork=yes
RebootOnCompletion=yes
to be called by Dcpromo, or save the file to a network share or removable media
for distribution.
5. Use the procedure "To install a new domain controller by using an answer
file" to install the new domain.
28
Installing a new Windows Server "Longhorn" domain by entering

unattended installation parameters at the command line
Use the procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to install the new domain, but use the unattend options
that are appropriate for creating a new domain.
Installing a Windows Server "Longhorn" domain controller

in an existing Windows Server 2003 or Windows 2000
Server domain
Before you install the first Windows Server "Longhorn" domain controller in an existing
Windows Server 2003 or Windows 2000 Server domain, you must do the following:
• Prepare the forest by updating the schema, if necessary. For instructions to

prepare the forest, see "Prepare the forest schema for Windows Server "Longhorn""
in Installing a new Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest.
• Prepare the domain by running adprep /domainprep on the infrastructure

operations master.
• If you are installing an RODC in an existing Windows Server 2003 domain, you
must also run the adprep /rodcprep command. For information about installing an
RODC, see the Step-by-Step Guide for Planning, Deploying, and Using a Windows
Server "Longhorn" Beta 2 Read-only Domain Controller in this documentation set.
You also have the option to use the install from media (IFM) method of installation. For
this option, you must have prepared installation media from a restored backup of a
domain controller in the same domain. For information about using IFM to install a
domain controller in an existing domain, see Installing AD DS from restored backup
media.
Preparing the domain for Windows Server "Longhorn"

Use the following procedure to prepare the domain for Windows Server "Longhorn".
You must be a member of the Domain Admins group to perform this procedure.
To prepare the domain for Windows Server "Longhorn"

1. Identify the domain infrastructure operations master role holder as follows:
29
• In Active Directory Users and Computers, right-click the domain object,

click Operations Masters, and then click Infrastructure.
2. Log on to the infrastructure master as a member of the Domain Admins

group.
3. Insert the Windows Server "Longhorn" DVD into the CD or DVD drive. Copy
the contents of the \sources\adprep folder to an Adprep folder on the
infrastructure master.
4. Open a command prompt, and then change directories to the Adprep folder
5. If this domain controller is the first Windows Server "Longhorn" domain

controller in a Windows 2000 Server domain, type the following, and then press
ENTER:
adprep /domainprep /gpprep
6. If this domain controller is the first Windows Server "Longhorn" domain

controller in a Windows Server 2003 domain, type the following, and then press
ENTER:
adprep /domainprep
If you prepare a Windows Server 2003 domain by running adprep

/domainprep /gpprep, you can safely disregard the error that indicates that
domain updates were not necessary.
7. Allow the operation to complete, and then allow the changes to replicate
before performing the next procedure.
Installing a Windows Server "Longhorn" domain controller by using

the Windows interface
You can use the Active Directory Domain Services Installation Wizard to create a domain
controller in an existing domain. If you use the advanced options in the wizard, you can
control how AD DS is installed on the server, either by IFM or by replication:
• IFM: You can provide a location for installation media that you have restored from
a backup of a similar domain controller in the same domain.
• Replication: You can specify a domain controller in the domain from which to
replicate AD DS.
To perform this procedure, you must be a member of the Domain Admins group in the
domain that is being installed.
30
To install a domain controller in an existing domain by using the Windows

interface
Next.


with installation.

Wizard page, click Next, or, if you want to perform an IFM installation or identify
the source domain controller for AD DS replication, select Use Advanced mode
installation.

and Existing domain, and then click Next.
an account that has at least Domain Admins privileges in the domain to which
you are adding the domain controller, specify the domain name, and then click
Next.
8. On the Select Domain page, select the domain of the new domain controller,
and then click Next.
then click Next.
10. On the Additional Options page, make the following selections, and then
click Next:
• DNS server: This option is selected by default so that your domain

controller can function as a DNS server. If you do not want the domain
controller to be a DNS server, clear this option.
• Global Catalog: This option adds the global catalog, read-only directory
partitions to the domain controller, and it enables global catalog search
functionality.
• Read-only domain controller. This option is not compatible with the

31
global catalog. For information about installing a read-only domain controller,

see the Step-by-Step Guide for Planning, Deploying, and Using a Windows
Server "Longhorn" Beta 2 Read-only Domain Controller in this documentation
set.
11. If you selected the advanced installation mode, you can specify the following
advanced options:
a. On the Install from Media? page, you can provide the location of
installation media to be used to create the domain controller and configure
AD DS, or you can allow replication over the network. For information about
using this method to install the domain controller, see Installing AD DS from
restored backup media.
b. On the Source Domain Controller page, you can specify a domain
controller from which to replicate the configuration and schema directory
partitions. If you select This specific domain controller, you can select the
domain controller that you want to provide source replication to create the
new domain controller, and then click Next.
13. On the Active Directory Domain Services Restore Mode Administrator

installation.
Installing a Windows Server "Longhorn" domain controller by using

an answer file
The answer file that you use to create a new domain controller must have the replica
options specified. Use the following procedure to create the answer file.
32
To create an answer file for installing a new domain controller

3. Create the following entries, one entry on each line. These options are the
minimum options that are required for a new domain controller installation with
DNS configured automatically. For a complete list of unattended installation
options, including default values, allowed values, and descriptions, see
Unattended install options.
UserName=<administrative account in the domain of the new domain controller>
UserDomain=<name of the domain of the new domain controller>
ReplicaOrNewDomain=replica

marks>

quotation marks>
DNSOnNetwork=yes
RestartOnCompletion=yes
for distribution.
5. Use the procedure "To install a new domain controller by using an answer
file" to install the new domain controller.
33
Installing a new Windows Server "Longhorn" domain controller by

entering unattended installation parameters at the command
line
Use the procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to install the new domain controller, but use unattended
options that are appropriate for creating a new domain controller in an existing domain.
Installing AD DS from restored backup media

You can use installation media from a restored backup of an existing domain controller in
the domain to install a new domain controller in the same domain. IFM is an effective
method for minimizing replication of all directory data when you install AD DS, such as on
the first domain controller in a remote site. For information about how to prepare
installation media from a restored AD DS backup, see the Step-by-Step Guide for
Windows Server "Longhorn" Beta 2 Active Directory Domain Services Backup and
Recovery in this documentation set.
Requirements for installing from restored backup media include the following:
• You must have restored backup media that is prepared from a similar domain
controller in the same domain, as follows:
• For Windows Server "Longhorn" Beta 2 only, you can use restored backups
of only Full installation domain controllers to install AD DS on Full installation
servers. You cannot use IFM to install AD DS on a Server Core installation.
• You can use backup media from an RODC to install only other RODCs.
• Backup media must be created from a domain controller that has the same
operating system version and platform as the target server.
• For Windows Server "Longhorn" Beta 2 only, you can install AD DS from backup
media only by using the Windows interface. You cannot use an unattended
installation to install a domain controller from backup media.
Use the following procedure to use the IFM method of installing AD DS on a server in the
same domain.
domain that is being installed.
34
To install a domain controller from backup media by using the Windows

interface
1. Prepare backup media according to instructions in the Step-by-Step Guide
for Windows Server "Longhorn" Beta 2 Active Directory Domain Services Backup
and Recovery in this documentation set.
Next.


with installation.

Wizard page, select Use Advanced mode installation.

and Existing domain, and then click Next.
an account that has at least Domain Admins privileges in the domain to which
you are adding the domain controller, specify the domain name, and then click
Next.
9. On the Select Domain page, select the domain of the new domain controller,
and then click Next.
then click Next.
11. On the Additional Options page, select additional options according to the
configuration of the backup domain controller, and then click Next:
12. On the Install from Media? page, click Install from media at the location
below.
13. In Location, type or browse to the disk drive location of the installation
media.
35
15. On the Active Directory Domain Services Restore Mode Administrator

17. When you are prompted, restart the server to complete AD DS installation.
Additional considerations
• Dcpromo.exe installs AD DS using the data in the restored files, which eliminates
the need to replicate every object from a partner domain controller. However, objects
that were modified, added, or deleted since the backup was taken must be replicated.
If the backup was recent, the amount of replication that is required will be
considerably less than the amount of replication that is required for a regular AD DS
installation.
Verifying an AD DS installation
After you install AD DS, verify key functionality such as DNS resource record registrations
and SYSVOL replication. For verification steps to perform after installing AD DS, see
Verifying Active Directory Installation (http://go.microsoft.com/fwlink/?LinkId=68736).
Steps for removing AD DS

The following sections provide step-by-step instructions for removing AD DS in all
configurations, including methods for removing the server role on both Full
Windows Server "Longhorn" installations and Server Core Windows Server "Longhorn"
installations. Methods are described for performing installations by using both the
Windows interface and the command line.
The unattended method of removing AD DS is required for Server Core operating

systems. The process for performing an unattended removal of AD DS is the same for a
server that is running a Full installation of Windows Server "Longhorn" or a Server Core
installation of Windows Server "Longhorn".
36
For Windows Server "Longhorn" Beta 2 installations only, you must uninstall the directory
service binaries manually when you use an unattended method to remove AD DS.
Procedures to remove AD DS are provided for the following scenarios:
• Removing a Windows Server "Longhorn" domain controller from a domain
• Removing the last Windows Server "Longhorn" domain controller in a domain
• Removing the last Windows Server "Longhorn" domain controller in a forest
Removing a Windows Server "Longhorn" domain

controller from a domain
The procedures in this section describe the methods for removing the last domain
controller in the domain.
Removing a Windows Server "Longhorn" domain controller by using

the Windows interface
You can use the Active Directory Domain Services Installation Wizard to remove a
domain controller from an existing domain.
domain.
To remove a domain controller by using the Windows interface

1. On the Start menu, click Administrative Tools, and then click Server
Manager.
2. Under Roles Summary, click Remove roles.
3. In the Remove Roles Wizard, under Roles, select Active Directory

Domain Services, and then click Next.
4. On the Confirm Removal Options page, confirm the removal options, and
then click Remove.
5. In the Welcome to the Active Directory Domain Services Installation

6. On the Delete Domain? page, make no selection, and click Next.
7. If the domain controller has application directory partitions, on the

Application Directory Partitions page, view the application directory partitions
37
in the list, and then remove or retain application directory partitions, as follows:
• If you do not want to retain any application directory partitions that are
stored on the domain controller, click Next.
• If you want to retain any application directory partition that an application

has created on the domain controller, use the application that created the
partition to remove it, and then click Update to update the list.
8. On the Confirm Deletion page, select the option to delete all application
directory partitions on the domain controller, and then click Next.
9. On the Administrator Password page, type and confirm a secure password

for the local Administrator account, and then click Next.
10. On the Summary page, review your selections, and then click Next to
remove AD DS.
11. When you are prompted, restart the server to complete AD DS removal.
Removing a Windows Server "Longhorn" domain controller by using

an answer file
The answer file that you use to remove a domain controller in a domain where other
domain controllers exist requires only Domain Admin credentials. You can also create the
password for the local Administrator account for the member server. If you do not specify
the password in the answer file, the administrator password is blank.
domain.
To create an answer file for removing a domain controller

3. Create the following entries, one entry on each line. For a complete list of
unattended installation options, including default values, allowed values, and
descriptions, see Unattended install options.
username=<administrative account in the domain>
password=<password for the account in UserName>
administratorpassword=<local administrator password for server>

38
removeapplicationpartitions=yes
to be called by Dcpromo, or save the file to a network shared folder or removable
media for distribution.
5. The Dcpromo command to use an answer file is the same for both removing
and installing a domain controller. Use the procedure "To install a new domain
controller by using an answer file" to remove the domain controller.
Removing a Windows Server "Longhorn" domain controller by

entering unattended installation parameters at the command
line
The Dcpromo command that you use to enter unattended installation parameters at the
command line is the same for both removing and installing a domain controller. Use the
procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to remove the domain controller, but use unattend
options that are appropriate for removing a domain controller from an existing domain.
Removing AD DS binaries
After you remove AD DS from a domain controller running Windows Server "Longhorn"
Beta 2, you must manually remove the AD DS binary files. This is a known issue for
Windows Server "Longhorn" Beta 2, but it will not be required in further Windows Server
"Longhorn" Beta releases.
Caution
Do not run this command on an installed domain controller. Be sure to restart the
server after removing AD DS before you run this command. Running this
command on an installed domain controller results in data loss on the domain
controller and requires a reinstallation of the operating system.
To perform this procedure, you must be a member of the local Administrators group on
the member server.
To remove AD DS binaries
1. Remove AD DS from the server, and then restart the server.
2. At a command prompt, type the following, and then press ENTER:

39
start /w pkgmgr /uu:DirectoryServices-DomainController /l:dcuninstall.log
start /w is optional if you want to retain the command prompt until the process
completes.
Removing the last Windows Server "Longhorn" domain

controller in a domain
The procedures in this section describe the methods for removing the last domain
controller in the domain.
Removing the last Windows Server "Longhorn" domain controller in

a domain by using the Windows interface
The Active Directory Domain Services Installation Wizard provides all the steps that you
need to remove the domain. During domain removal, the Active Directory Domain
Services Installation Wizard displays a list of all the application directory partitions that
are stored on the domain controller. If there are application directory partitions that were
created by an application other than AD DS, you can use the appropriate application to
remove these directory partitions, or you can let the Active Directory Domain Services
Installation Wizard remove them.
Application directory partitions that are created by AD DS, such as the DomainDNSZones
and ForestDNSZones application directory partitions, cannot be retained if you remove
AD DS.
To complete this procedure, you must be a member of the Domain Admins group in the
parent domain or a member of the Enterprise Admins group in the forest.
To remove the last domain controller in a domain by using the Windows

interface
Manager.

then click Remove.
40
5. In the Welcome to the Active Directory Domain Services Installation

6. On the Delete Domain? page, select the option to delete the domain. Before
you continue, read the instructions for managing the removal of cryptographic
keys and the decryption of Encrypting File System (EFS)–encrypted files, and
perform these actions, if necessary. When you are sure that you have completed
all security tasks, click Next.

in the list and remove or retain application directory partitions, as follows:


remove AD DS.
For information about cryptographic keys and certificate management, see

Windows Server 2003 PKI Operations Guide (http://go.microsoft.com/fwlink/?
LinkId=68752). For information about EFS, see Encrypting File System Technical
Reference (http://go.microsoft.com/fwlink/?LinkId=68751).

a domain by using an answer file
The answer file that specifies that you are removing the last domain controller in the
domain must include that instruction, and it must specify the parent domain.
parent domain or a member of the Enterprise Admins group in the forest.
41
To create an answer file for removing the last domain controller in a domain
2. Create the following entries, one entry on each line. For a complete list of
unattend installation options, including default values, allowed values, and
descriptions, see Unattended install options.
ParentDomainDNSName=<fully qualified DNS name of parent domain>
UserName=<administrative account in parent domain>
IsLastDCInDomain=yes
AdministratorPassword=<local administrator password for server>
RemoveApplicationPartitions=<yes if you want to remove the partitions. If you

want to retain them, you do not need this entry.>
for distribution.
4. The Dcpromo command to use an answer file is the same for both removing
and installing a domain controller. Use the procedure "To install a new domain
controller by using an answer file" to remove the domain controller.

a domain by entering unattended installation parameters at
the command line
The Dcpromo command that you use to enter unattended installation parameters at the
command line is the same for both removing and installing a domain controller. Use the
procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to remove the domain controller, but use unattend
options that are appropriate for removing the last domain controller in the domain.
Removing the last Windows Server "Longhorn" domain

controller in a forest
The procedures in this section describe the methods that you can use to remove the last
domain controller in an AD DS forest.
42

a forest by using the Windows interface
Use the following procedure to remove the forest.
forest root domain or the Enterprise Admins group in the forest.
To remove the last domain controller in a forest by using the Windows

interface
Manager.

then click Remove.

6. On the Delete Domain? page, select the option to delete the domain and
forest. Before you continue, read the instructions for managing the removal of
cryptographic keys and the decryption of EFS-encrypted files, and perform these
actions, if necessary. When you are sure that you have completed all security
tasks, click Next.

in the list, and then remove or retain application directory partitions, as follows:


43
remove AD DS.

a forest by using an answer file
The Dcpromo unattend options for removing the last domain controller in a forest are the
same as the unattend options for removing the last domain controller in a domain. Use
the procedure "To create an answer file for removing the last domain controller in a
domain" to create the answer file for removing the last domain controller in the forest.
Use the procedure "To install a new domain controller by using an answer file" to remove
the domain controller.

a forest by entering unattended installation parameters at the
command line
The Dcpromo command that you use to enter unattend parameters at the command line
is the same for both removing and installing a domain controller. Use the procedure "To
install a new domain controller by entering unattended installation parameters at the
command line" to remove the domain controller, but use unattend options that are
appropriate for removing the last domain controller in the domain. Because the forest root
domain is the domain that you are removing, the options for removing the domain
effectively remove the forest itself.
Appendix of unattended installation

parameters
The tables in this appendix provide the information that you need to create an answer file
for installing or uninstalling AD DS in unattended mode.
Dcpromo.exe accepts these parameters either directly from the command line or as
entered in a text file that is formatted in standard.INI format. The text file must contain a
section heading [DCINSTALL] followed by AD DS (domain controller) server role
unattended installation parameters.
Create a text file that contains the [DCINSTALL] heading and in which each line in the file
contains an option and its value in the form option=value. To use the options directly from
44
the command line, precede each option:value pair with a forward slash (/) and separate
each /option=value pair with a space. At the command line, you can also use a colon (:)
to separate the option and the value (/option:value).
The following are example lines in an answer text file:
[DCINSTALL]
The following is an example set of the same options as typed in the Dcpromo.exe
command line:
dcpromo /unattend /username:Jsmith /password:SP#f357.2 ...
Unattended general options

The option in the following table is available for unattended installation and removal of
AD DS. This option is new in Windows Server "Longhorn".
General options Parameters Default value Description
/RebootOnCompletion Yes | No Yes Restart the

computer when the
operation is
complete, whether
or not the
operation is
successful.
Unattended install options

The following new options are available for unattended installations of AD DS. Options
that are new in Windows Server "Longhorn" appear in bold text.
Install options Parameters Default value Description
/AdministratorPassword password Specifies a local

Administrator account
password for the
computer after AD DS
is removed.
/AllowDomainReinstall Yes | No No If Dcpromo detects

that the domain
45
already exists,
specifies whether to
recreate the domain.
AllowDomainControllerReinstall Yes | No No When a replica

domain controller is
added, if Dcpromo
detects that the
domain controller
already exists,
overwrite the domain
controller data of the
existing domain
controller.
/ApplicationPartitionsToReplicate "partition_DN_1 Space-separated (or

partition_DN_2 comma-and-space-
...partition_DN_n" separated)
distinguished names,
with the entire string
enclosed in quotation
marks, of application
directory partitions that
you want to include
when you use restored
backup media to install
AD DS (or * to include
all application directory
partitions).
/AutoConfigDNS Yes | No Yes Specifies whether

DNS is configured for
a new domain if
Dcpromo detects that
the DNS dynamic
update protocol is not
available, or if
Dcpromo detects an
insufficient number of
46
DNS servers for an

existing domain.
/ChildName child_domain_name Specifies whether to

append the DNS label
for the new domain at
the beginning of the
name of an existing
directory service
domain when installing
a child domain.
/ConfirmGc Yes | No Yes Specifies whether the

domain controller is a
global catalog server.
/CriticalReplicationOnly Yes | No Yes Specifies whether to

skip noncritical (and
potentially lengthy)
portions of replication
and allow Dcpromo to
complete before
replication is complete.
/DatabasePath path_to_database_files %systemroot%\ Location of the

NTDS Ntds.dit file.
/DisableCancelForDnsInstall Yes | No No Specifies whether to

disable the Cancel
button during a DNS
installation. This option
is retained for
backward compatibility
with
Windows Server 2003
unattend files. It is
ignored if it is used for
Windows Server
"Longhorn".
/DNSDelegation Yes | No Computed Indicates whether to

automatically create a DNS
47
based on the delegation that

environment. references this new
DNS server. Valid for
Active Directory–
integrated DNS only.
/DNSDelegationUserName user_name The user name to be

used when the DNS
delegation is created
in the parent zone and
credentials are
different from the
credentials provided
for AD DS role
installation or removal.
/DNSDelegationPassword Password The password for the

user name that is used
to create the DNS
delegation.
/DNSOnNetwork Yes | No Yes Specifies whether to

set DNS server
addresses
automatically.
/DomainLevel 0|2|3 Based on Specifies the domain

levels existing functional level when a
in the forest new domain is created
in an existing forest,
as follows:
0 = Windows 2000
Server Native
2 = Windows
Server 2003 Native
3 = Windows Server
"Longhorn"
/DomainNetBiosName domain_NetBIOS_name First label of Assigns a network

DNS name basic input/output
48
system (NetBIOS)
name to the new
domain.
/ForestLevel 0|2|3 0 Specifies the forest

functional level when a
new domain is created
in a new forest, as
follows:
0 = Windows 2000
Server Native
2 = Windows
Server 2003 Native
3 = Windows Server
"Longhorn"
ForestLevel replaces
SetForestVersion in
Windows Server 2003.
/LogPath Path_to_log_files %systemroot%\ Specifies the location

NTDS of the database log
files
/NewDomain Forest | Tree | Child Forest Specifies the type of

new domain:
• The root
domain of a new
forest
• The root
domain of a new
tree in an existing
forest
• A child domain
in an existing
forest
The type of new

domain must be
49
specified when AD DS
is installed on a
Windows Server
"Longhorn" Server
Core installation.
/NewDomainDNSName DNS_domain_name The required name of

a new forest or a new
tree in an existing
forest.
/OnDemandAllowed Security_Principal | NONE The name of one or

more security
principals that are
replicated to this
RODC, specified
within quotation
marks. To specify
more than one security
principal, add the entry
multiple times.
In Windows Server
"Longhorn" Beta 2, if
you have no security
principals to add,
leave this entry blank.
Using the value
"NONE" causes the
unattended RODC
installation to fail. This
issue will be resolved
for Windows Server
"Longhorn" Beta 3.
/OnDemandDenied Security_Principal | NONE The name of one or

more security
principals that are not
to be replicated to this
RODC. To specify
more than one security
50
principal, add the entry

multiple times.
/ParentDomainDNSName DNS_domain_name The DNS domain

name of an existing
parent domain when a
child domain is
removed or installed.
/Password password The password for the

account name (the
value in UserName) to
use for installing or
removing AD DS.
Dcpromo deletes this
value after installation.
/ReplicaDomainDNSName DNS_domain_name The DNS domain

name of the domain to
replicate to this new
domain controller
replica.
/ReplicaOrNewDomain Replica | Replica Specifies whether to

Read_only_replica | install the domain
Domain controller as:
• An additional
domain controller
in an existing
domain
• An RODC in
an existing domain
• The first
domain controller
in a new domain
/ReplicationSourceDC DNS_name_of_source Indicates the full DNS

name of the domain
controller from which
AD DS data is
51
replicated to create the

new domain controller.
/ReplicationSourcePath path_to_installation_medi The location of the

a files that are used to
install a new domain
controller by using
restored backup
media.
/SafeModeAdminPassword password | NONE The password for the

administrator account
to use when starting
the computer in Safe
Mode or a variant of
Safe Mode, such as
Directory Service
Restore Mode.
/SiteName site_name The name of an

existing site where you
can place the new
domain controller.
/Syskey NONE | system key Indicates that the user

must provide the
system key.
/SysVolPath path_to_SYSVOL_folder %systemroot%\ The path to the

sysvol SYSVOL folder, which
must be on a fixed
disk on the local
computer.
/UserDomain domain_name The domain name for

the user account that
is used to install
AD DS on a member
server.
/UserName user_name The account name of

the user who is
52
installing AD DS.
Unattended uninstall options

The new options in the following table are available for unattended removal of AD DS.
Options that are new in Windows Server "Longhorn" are shown in bold type.
Uninstall options Parameters Default Description

value
/AdministratorPassword admin_password Sets the local

administrator
password for the
computer during
removal of a
domain controller.
/DemoteFSMO Yes | No No Indicates that a

forced removal
should continue
even if an
operations master
role is held by the
domain controller.
/ForceDemotion Indicates that the

removal proceeds if
the domain
controller is offline.
Caution: The
/ForceDemotion
switch results in
data loss on the
domain controller.
/IgnoreIsLastDcInDomainMismatch Yes | No No If you have set

IsLastDCInDomain
to Yes but there is
actually one or
53
Uninstall options Parameters Default Description

value
more other domain

controllers in the
domain, this option
continue with the
removal as
configured.
/IsLastDCInDomain Yes | No No Indicates whether

the computer on
which Dcpromo is
running is the last
domain controller in
the domain.
/RemoveApplicationPartitions Yes | No No Specifies whether

to remove
application
directory partitions
during removal of a
domain controller.
Unattended installation return codes

When the unattended installation completes, Dcpromo returns one of the following codes
to indicate the status of the operation to the user. Unused numbers are reserved for
future use.
• 1-10 = success return codes
• 11-100 = failure return codes
Success return codes

The codes in the following table indicate successful completion of an AD DS installation
or removal operation.
54
Value Case Description
1 ExitSuccess The operation

succeeded.
2 ExitSuccessNeedReboot The operation

succeeded, and the
server must be restarted
manually.
3 ExitSuccessWithNonCriticalFailure The operation

succeeded, but there has
been a failure, such as a
failure with DNS
installation or delegation
configuration. Check
Dcpromoui log files, and
investigate further.
Failure return codes

The codes in the following table indicate failed completion of an AD DS installation or
removal operation.
11 ExitAlreadyRunning DcPromo is already

running.
12 ExitMustBeAdministrator The user must be an

administrator.
13 ExitCertSvcInstalled Certificate Server is

installed.
14 ExitInSafeBootMode The server is running

in Safe Mode.
15 ExitRoleChangePending A role change is in

progress or requires
that the server be
restarted.
16 ExitIncorrectPlatform The server is running

55
on wrong platform.
17 ExitNeedNTFS5Drive No drives are

formatted for NTFS 5.
18 ExitInsufficientWinDirSpace %windir% does not

have enough space.
19 ExitNameChangeNeedsReboot A name change is

pending.
20 ExitBadComputerName The computer name

uses invalid syntax.
21 ExitHoldsFSMOs This domain controller

holds an operations
master role, is a global
catalog server, or is a
DNS server.
22 ExitNeedToInstallTcpIp TCP/IP must be

installed or is not
functioning.
23 ExitNeedToConfigDnsFirst The DNS client must

be configured first.
24 ExitBadCredentials The supplied

credentials are not
valid or are missing
required elements.
25 ExitDcNotFound A domain controller for

the specified domain
could not be located.
26 ExitUnableReadDomainList The list of domains

could not be read from
the forest.
27 ExitMustSpecifyDomain A domain name is

missing (parent, child,
tree, or forest).
28 ExitBadDomainName The domain name is

56
not valid.
29 ExitParentDomainNotExists The parent domain

does not exist.
30 ExitDomainNotInForest The specified domain

is not found in the
forest.
31 ExitChildDomainExists The child domain

already exists.
32 ExitBadNetbiosDomainName The NetBIOS name is

not valid.
33 ExitBadIFMPath The path to the IFM

files is not valid.
34 ExitBadIFMDatabase The IFM database is

bad.
35 ExitNoSyskeyForIFM A system key is

required for the IFM
database.
37 ExitBadDBPath The database path or

database log path is
not valid.
38 ExitInsuffSpaceForDB The volume does not

have enough space for
the database or the
database log.
39 ExitBadSysVolPath The SYSVOL path is

not valid.
40 ExitBadSiteName The site name is not

valid.
41 ExitMustSpecifySafeModePwd You must specify a

password for Safe
Mode.
42 ExitBadSafeModePwd The Safe Mode

password does not
57
meet password
criteria.
43 ExitBadAdminPwd The administrator

password does not
meet criteria.
44 ExitBadForestName The specified forest

name is not valid.
45 ExitForestExists A forest with the

specified name
already exists.
46 ExitBadTreeName The specified name for

the tree is not valid.
47 ExitTreeExists A tree with the

specified name
already exists.
48 ExitTreeNotFitInForest The tree name does

not fit into the forest
structure.
49 ExitDomainNotExists The specified domain

does not exist.
50 ExitLastDcMismatch This is not the last

domain controller.
51 ExitUnconfirmedAppPartitions Application partitions

exist on this domain
controller.
52 ExitRequiredParameterMissing An answer file or

command-line
unattend parameters
were not provided.
53 ExitPromoDemotFailedNeedReboot The installation or

removal failed and the
server must be
restarted.
58
54 ExitPromoDemotFailed The installation or

removal failed.
55 ExitPromoDemoteFailedBecauseUserCancelled The installation or

removal failed
because it was
canceled by the user.
56 ExitPromoDemotFailedBecauseUserCancelledNeedReboot The installation or

removal failed
because it was
canceled by the user.
The computer must be
restarted to return to
the previous state.
57 ExitDomainReadOnlyReplicaGroupNotSpecified The operator failed to

specify one of the
required RODC
groups
(allowed/denied).
58 ExitDomainReadOnlyReplicaSiteNotSpecified The operator failed to

specify the site name
for an RODC.
59 ExitLastDnsServer The domain controller

appears to be the last
DNS server for one of
its Active Directory–
integrated zones.
60 ExitDomainReadOnlyReplicaPdcNotLonghorn The Primary Domain

Controller (PDC)
emulator for the
domain is not running
Windows Server
"Longhorn".
61 ExitInstallDNSNotAllowed You cannot install

AD DS with DNS in an
existing domain that
does not already host
59
DNS.
62 ExitAnswerFileMissingSectionName The answer file does

not have a [DCInstall]
section.
63 ExitInsufficientForestFunctionalLevelForRodc The forest functional

level is less than
Windows Server 2003.
64 ExitPromoFailedBecauseComponentBinaryDetectionFailed The installation failed

because the
installation of the
AD DS binaries on the
server could not be
determined.
65 ExitPromoFailedBecauseComponentBinaryInstallationFailed The installation failed

because the AD DS
binaries could not be
installed.
66 ExitPromoFailedBecauseOSDetectionFailed The installation failed

because the operating
system installation
option (whether Server
Core installation or
Full installation) could
not be determined.
67 ExitRodcCannotBeAGC The RODC cannot be

a global catalog server
68 ExitInvalidReplicationPartner The replication partner

is not valid.
69 ExitRequiredPortInUse The required port is

already in use by
some other
application.
70 ExitForestRootDcMustBeGc The first forest root

domain controller must
be a global catalog
60
server.
71 ExitDnsAlreadyInstalled DNS server is already

installed.
72 ExitIsAppServer The installation failed

because the server is
a Terminal Services
application server.
73 ExitInvalidForestFunctionalLevel The specified forest

functional level is not
valid.
74 ExitInvalidDomainFunctionalLevel The specified domain

functional level is not
valid.
75 ExitDefaultPasswordReplicationPolicyCannotBeDetermined Unable to determine

the default password
replication policy.
76 ExitInvalidPasswordReplicationPolicy Specified allowed and

denied security groups
for the password
replication policy are
not valid.
77 ExitInvalidArgument The specified

argument is not valid.
78 ExitForestCheckFailed The installation failed

because the Active
Directory forest could
not be examined.
79 ExitRodcNDNCNotPrepped An RODC cannot be

installed because
adprep /rodcprep has
not been performed.
80 ExitDomainNotPrepped The installation failed

because
adprep/domainprep
61
has not been

performed.
81 ExitForestNotPrepped The installation failed

because
adprep/forestprep
has not been
performed.
82 ExitForestSchemaMismatch The installation failed

because there is a
forest schema
mismatch.
83 ExitUnsupportedSku The installation failed

because the operating
system edition does
not supported AD DS.
Logging bugs and feedback

Your feedback is very important to help us improve this feature in future releases of
Windows Server "Longhorn". Please provide feedback regarding your experience
installing AD DS, problems that you encounter, and whether this document was helpful.
We are also interested in feature requests and general feedback about AD DS installation
and removal.
To provide feedback for this step-by-step guide, follow the instructions on the Microsoft
Web site (http://go.microsoft.com/fwlink/?linkid=55105). Please note that, in the comment
area on the Web site, you will need to provide the name of this step-by-step guide.

AMSS Windows Server Longhorn Active Directory Installation and Removal

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AMSS Windows Server Longhorn Active Directory Installation and Removal

Uploaded by

Copyright:

Available Formats

Step-by-Step Guide for Windows Server

"Longhorn" Beta 2 AD DS Installation

Published: June 2006

Program Manager: Mas Libman

User Assistance Writer: Mary Hillman

Editor: Jim Becker

Microsoft may have patents, patent applications, trademarks, copyrights, or other

© 2006 Microsoft Corporation. All rights reserved.

All other trademarks are property of their respective owners.

Step-by-Step Guide for Windows Server "Longhorn" Beta 2 AD DS Installation and

Step-by-Step Guide for Windows Server

• Known issues for installing and removing AD DS

• Key scenarios for installing AD DS

• Key scenarios for removing AD DS

• Requirements for AD DS installation

• Steps for installing AD DS

• Steps for removing AD DS

• Appendix of unattend parameters

What's new in AD DS installation and

• Server operating system installation options

• Read-only domain controller (RODC) option

• Domain Name System (DNS) installation options

• Global catalog installation options

New installation options

The new AD DS installation options are as follows:

• You can specify the following domain controller options:

• Global catalog server: As in Windows Server 2003, installing a domain

• RODC: This domain controller option is new in Windows Server "Longhorn".

New options in the Active Directory Domain Services Installation

The wizard has the following new options:

• The advanced installation mode is available in the Active Directory Domain

New unattend options

DNS installation options

Global catalog installation options

New server operating system installation options

Server Core installation

Known issues for installing and removing

• When a domain name includes Unicode or double-byte characters, domain

Scenarios for installing AD DS

• Install a new Windows Server "Longhorn" forest

• Install a new Windows Server "Longhorn" domain in an existing

• Install a new Windows Server "Longhorn" domain controller in an existing

• Install AD DS from restored backup media

• Verify domain controller installations

Install a new Windows Server "Longhorn" forest

• The first Windows Server "Longhorn" domain controller in a forest cannot be an

Install a new Windows Server "Longhorn" domain in an

• Before you create a new Windows Server "Longhorn" domain in a

Install a new Windows Server "Longhorn" domain

• The first Windows Server "Longhorn" domain controller in an existing

Install AD DS from restored backup media

• Domain controller option: Writeable or read-only

• Operating system: Windows 2000 Server, Windows Server 2003, or

• Platform: x86, IA64, or x64

• Check the directory service event log for errors.

• Make sure that the SYSVOL folder is accessible to clients.

• Verify DNS functionality.

Scenarios for removing AD DS

Although processes for removing AD DS are essentially unchanged from

Remove a domain controller from a domain

Remove the last domain controller in a domain

Remove the last domain controller in a forest

Requirements for AD DS installation