Professional Documents
Culture Documents
Abstract
Active Directory® Domain Services (AD DS) is a server role of the Microsoft®
Windows Server® Code Name "Longhorn" operating system. AD DS provides a
distributed directory service that you can use for centralized, secure management of your
network. This guide describes the installation and removal processes for the AD DS
server role. You can use the procedures in this guide to install and remove AD DS on
servers that are running Windows Server "Longhorn" in a test lab environment.
This document supports a preliminary release of a software product that may be changed
substantially prior to final commercial release, and is the confidential and proprietary
information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure
agreement between the recipient and Microsoft. This document is provided for
informational purposes only and Microsoft makes no warranties, either express or
implied, in this document. Information in this document, including URL and other Internet
Web site references, is subject to change without notice. The entire risk of the use or the
results from the use of this document remains with the user. Unless otherwise noted, the
example companies, organizations, products, domain names, e-mail addresses, logos,
people, places, and events depicted herein are fictitious, and no association with any real
company, organization, product, domain name, e-mail address, logo, person, place, or
event is intended or should be inferred. Complying with all applicable copyright laws is
the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Active Directory, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT,
Windows Server, and Windows Vista are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.
Contents.............................................................................................................................4
In this guide
• What's new in AD DS installation and removal?
• AD DS installation options
• DNS server: In the Microsoft Windows Server® 2003 operating system, DNS
server installation is offered, if needed. In Windows Server "Longhorn", DNS
installation and configuration is automatic, if needed. When you install DNS on
the first domain controller in a new domain in Windows Server "Longhorn", a
delegation for the new domain is created automatically in DNS.
• You can specify the site of a new domain controller or use the site that
corresponds to the IP address of the computer.
• You can access the Active Directory Domain Services Installation Wizard in new
ways, as follows:
• You can click Add Roles in Initial Configuration Tasks, the application that
appears when you first install the operating system.
• You can click Add Roles in Server Manager, which is always available on the
Administrative Tools menu and through an icon in the notification area.
9
• The option to create a new domain tree is available only in advanced mode.
For a list of all return codes and unattend options for Windows Server "Longhorn",
including allowed values, default values, and descriptions, see the Appendix of
unattended installation parameters.
RODC option
A new type of domain controller can be installed on servers that are running
Windows Server "Longhorn" Beta 2. RODC hosts a read-only replica of the AD DS
database. RODC makes it possible for organizations to deploy a domain controller easily
in remote locations where its physical security cannot be guaranteed.
For information about using RODC, see the Step-by-Step Guide for Planning, Deploying,
and Using a Windows Server "Longhorn" Beta 2 Read-only Domain Controller in this
documentation set.
When you select the DNS option or when DNS is installed automatically, DNS creates a
new delegation, or it updates existing delegations for the server automatically.
catalog server. In Windows Server "Longhorn" Beta 2, the global catalog server option is
not compatible with RODCs. However, RODCs will be capable of hosting the global
catalog in future releases of Windows Server "Longhorn".
Global catalog server is the default domain controller option when you are adding a new
domain controller in an existing domain.
Full installation
For ease of management, you can install AD DS on a server that is running the Full
installation of Windows Server "Longhorn". A Full installation of Windows Server
"Longhorn" supports both interactive (wizard) and unattended domain controller
installation.
• AD DS
• DHCP server
• File server
• DNS server
For more information about Server Core installations, see Microsoft Windows Server
Code Name "Longhorn" Beta 2 Server Core Step-By-Step Guide in this documentation
set.
11
• When you create a new Windows Server "Longhorn" forest on a Server Core
installation, non-English display specifiers are not installed automatically. You must
import display specifiers manually.
• Starting a new domain at, or raising an existing domain to, the Windows Server
"Longhorn" domain level might result in SYSVOL not being replicated. Issues with
migrating from File Replication service (FRS) replication to Distributed File Service
(DFS) Replication will be resolved in subsequent Windows Server "Longhorn"
versions.
• When you remove the AD DS server role, the role binaries are not removed
automatically. After you remove AD DS and restart the server, you must remove
AD DS binaries manually.
• You cannot create a child domain or additional domain controller with a Japanese
domain name.
• You cannot install DNS during installation of an additional domain controller when
a Unicode DNS name is used.
For known issues that apply when you deploy an RODC, see the Step-by-Step Guide for
Planning, Deploying, and Using a Windows Server "Longhorn" Beta 2 Read-only Domain
Controller in this documentation set.
• You must make forest and domain functional level decisions that determine
whether your forest and domain can contain domain controllers that run Microsoft
Windows® 2000 Server, Windows Server 2003, or both.
Important
Multiple–domain controller domains that are created at, or raised to, the
Windows Server "Longhorn" functional level are not supported in
Windows Server "Longhorn" Beta 2. As a result of issues with migration from
FRS replication to DFS Replication in Windows Server "Longhorn" Beta 2,
SYSVOL might not replicate properly at the Windows Server "Longhorn"
domain functional level. This condition can prevent a new domain controller
that is added subsequently from advertising itself as a domain controller.
• Domain controllers that are running the Microsoft Windows NT® Server 4.0
operating system are not supported with Windows Server "Longhorn".
• Servers running Windows NT Server 4.0 are not supported by domain controllers
that are running Windows Server "Longhorn".
• You must make domain functional level decisions that determine whether your
domain can contain domain controllers that run Windows 2000 Server,
Windows Server 2003, or both.
13
Important
Multiple–domain controller domains that are created at, or raised to, the
Windows Server Longhorn domain functional level are not supported in
Windows Server "Longhorn" Beta 2. As a result of issues with migration from
FRS replication to DFS Replication in Windows Server "Longhorn" Beta 2,
SYSVOL might not replicate properly at the Windows Server "Longhorn"
domain functional level. This condition can prevent a new domain controller
that is added subsequently from advertising itself as a domain controller.
Windows Server "Longhorn" security principals are not created until the primary domain
controller (PDC) operations master in the forest root domain is running Windows Server
"Longhorn". This requirement is similar to the Windows Server 2003 requirement.
For procedures to install a new domain, see Installing a new Windows Server "Longhorn"
domain in an existing Windows Server 2003 or Windows 2000 Server forest.
• If this domain controller is the first Windows Server "Longhorn" domain controller
in the forest, you must prepare the forest for Windows Server "Longhorn" by
extending the schema (that is, by running adprep /forestprep), on the schema
master if this has not already been done.
• If this domain controller is the first Windows Server "Longhorn" domain controller
in a Windows 2000 Server domain, you must prepare the domain by running
adprep /domainprep /gpprep on the infrastructure master.
• If this domain controller is the first Windows Server "Longhorn" domain controller
in a Windows Server 2003 domain, you must prepare the domain by running
adprep /domainprep on the infrastructure master.
Note
If you prepare a Windows Server 2003 domain by running adprep
/domainprep /gpprep, you can safely disregard the error message that
indicates that domain updates were not necessary.
14
Note
Do not add an additional Windows Server "Longhorn" domain controller if the
forest or domain functional level is Windows Server "Longhorn". For
Windows Server "Longhorn" Beta 2, the Windows Server "Longhorn"
functional level is not supported for a domain that has multiple domain
controllers.
• If you are installing the first RODC in the forest, you must prepare the forest by
running adprep /rodcprep. For more information, see the Step-by-Step Guide for
Planning, Using, and Deploying a Windows Server "Longhorn" Beta 2 Read-Only
Domain Controller in this documentation set.
• For the Windows Server "Longhorn" Beta 2 release, changing the domain
functional level to Windows Server "Longhorn" in a pre-existing
Windows 2000 Server or Windows Server 2003 domain after upgrading all domain
controllers to Windows Server "Longhorn" Beta 2 is not supported.
After you have prepared the forest and the domain, you can install AD DS to create a
new Windows Server "Longhorn" domain controller. Use Server Manager to install the
Active Directory Domain Services server role.
For procedures to install a new domain controller, see Installing a Windows Server
"Longhorn" domain controller in an existing Windows Server 2003 or Windows 2000
Server domain.
A Server Core installation can be the source for installing a new domain controller on a
Full installation of Windows Server "Longhorn".
Note
For Windows Server "Longhorn" Beta 2, you cannot use restored backup media
to install AD DS on a Server Core installation of Windows Server "Longhorn".
For information about creating the backup media, see the Step-by-Step Guide for
Windows Server "Longhorn" Beta 2 Active Directory Domain Services Backup and
Recovery in this documentation set.
For the procedure to install a new domain controller by using backup media, see
Installing AD DS from restored backup media.
Verify AD DS installations
You can perform verification steps after you install a domain controller, including the
following:
• Verify replication.
Unattended options provide the ability to remove AD DS without having to provide any
information other than the information that is contained in the answer file. For information
about unattended AD DS removal return codes, see the Appendix of unattended
installation parameters.
about removing domain controllers, domains, and forests, including forced removal, see
Administering Domain Controllers (http://go.microsoft.com/fwlink/?LinkId=68642).
The following software requirements apply to both Full installations and Server Core
installations:
domain, you must update the infrastructure master in the domain by running
adprep /domainprep /gpprep.
• RODC preparation: Before you can install AD DS to create an RODC, you must
prepare the forest by running adprep /rodcprep.
For information about configuring a Server Core installation, see the Microsoft Windows
Server Code Name "Longhorn" Beta 2 Server Core Step-By-Step Guide in this
documentation set.
The process for performing an unattended installation of AD DS is the same for a server
that is running a Full installation of Windows Server "Longhorn" and for a Server Core
installation of Windows Server "Longhorn". The unattended method of installation is
required for Server Core operating systems.
• Verifying AD DS installations
Important
If you create a new forest by installing AD DS on a Server Core installation of
Windows Server "Longhorn", you must install display specifiers manually after
AD DS installation.
Administrative credentials
2. In the Add Roles Wizard, on the Before You Begin page, review the
preliminary verification steps. When you complete all the preliminary steps, click
Next.
When you create the first domain controller in a new forest, there are no
additional advanced options.
7. On the New Domain Name page, type the full DNS name for the forest root
domain, and then click Next.
8. On the Set Forest Functional Level page, select the forest functional level
19
that accommodates the domain controllers that you plan to install anywhere in
the forest, and then click Next.
9. On the Set Domain Functional Level page, select the domain functional
level that accommodates the domain controllers that you plan to install anywhere
in the domain, and then click Next.
10. On the Additional Options page, DNS server is selected by default so that
your forest DNS infrastructure can be created during AD DS installation. If you
plan to use Active Directory–integrated DNS, click Next. If you have an existing
DNS infrastructure and you do not want this domain controller to be a DNS
server, select DNS server to clear the check box, and then click Next.
11. On the Location for Database, Log Files and SYSVOL page, type or
browse to the volume and folder locations for the database file, the directory
service log files, and the system volume (SYSVOL) files, and then click Next.
Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.
13. On the Summary page, review your selections. Click Back to change any
selections, if necessary. When you are sure that your selections are accurate,
click Next to install AD DS.
14. When you are prompted, restart the server to complete the AD DS
installation.
Use the following procedure to create the answer file. This procedure identifies only the
essential answer file entries for creating a new Windows Server "Longhorn" forest. For a
complete list of unattended installation options, including default values, allowed values,
and descriptions, see Unattended install options.
Administrative credentials
20
To perform this procedure, you can use any account that has Read and Write privileges
for the text editor application.
AutoConfigDNS=yes
NewDomain=forest
ReplicaOrNewDomain=domain
SafeModeAdminPassword=<password>
RebootOnCompletion=yes
4. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network shared folder or removable
media for distribution.
After you create the answer file, use the following procedure to perform the unattended
installation. Use this procedure to install AD DS on either a Full installation of
Windows Server "Longhorn" or a Server Core installation of Windows Server "Longhorn".
Note
If you are performing this procedure on a server that is running a Server Core
installation of Windows Server "Longhorn" Beta 2, you must also perform the
21
Administrative credentials
You must be logged on to the server with the local administrator account.
dcpromo /unattend:answerFileLocation
Use the following procedure to install a new forest unattended from the command line. If
you are performing this procedure on a server that is running a Server Core installation of
Windows Server "Longhorn" Beta 2, you must also perform the procedure in Importing
localized display specifiers on a Server Core implementation of a new forest.
Administrative credentials
You must be logged on to the server with the local administrator account.
Where
The following example creates the first domain controller in a new forest where
you expect to install at least some Windows Server 2003 domain controllers:
/replicaOrNewDomain:domain /newDomain:forest
/newDomainDnsName:contoso.com /DomainNetbiosName:contoso
/databasePath:"e:\ntds" /logPath:"e:\ntdslogs" /sysvolpath:"g:\sysvol"
/safeModeAdminPassword:FH#3573.cK /forestLevel:2 /domainLevel:2
/rebootOnCompletion:yes
2. When you have typed all the options that are required to create the forest,
press ENTER.
To correct this problem, you must manually import the display specifiers from the Server
Core domain controller from which you created the forest.
Administrative credentials
%windir%\system32\dcphelp.exe
echo %errorlevel%
• If this domain controller is the first Windows Server "Longhorn" domain controller
that you are adding to the forest, prepare the forest by updating the schema.
• If you plan to install an RODC in the forest after you install the initial
Windows Server "Longhorn" domain controller, you must also run the command
adprep /rodcprep. For additional requirements for installing an RODC in a
Windows Server 2003 forest, see the Step-by-Step Guide for Planning, Deploying,
and Using a Windows Server "Longhorn" Beta 2 Read-only Domain Controller in this
documentation set.
procedure to update the Windows Server 2003 or Windows 2000 Server Active Directory
schema for Windows Server "Longhorn".
Administrative credentials
You must use an account that has membership in all of the following groups: Enterprise
Admins, Schema Admins, and Domain Admins. By default, Domain Admins is a member
of Enterprise Admins.
2. Insert the Windows Server "Longhorn" DVD into the CD or DVD drive. Copy
the contents of the \sources\adprep folder to an Adprep folder on the schema
master.
3. Open a command prompt, and then change directories to the Adprep folder.
4. At the command prompt, type the following, and then press ENTER:
adprep /forestprep
5. Allow the operation to complete, and then allow the changes to replicate
before performing the next procedure.
Administrative credentials
You must be a member of the Domain Admins group in the parent domain, or you must
be a member of the Enterprise Admins group in the forest.
2. In the Add Roles Wizard, on the Before You Begin page, review the
preliminary verification steps. When you complete all the preliminary steps, click
Next.
3. On the Select Server Roles page, select AD DS, and then click Next.
25
7. On the Network credentials page, provide the user name and password for
an account that has at least Domain Admins privileges in the parent domain, and
then click Next.
8. On the Name the New Domain page, type the parent and child domain
names according to the instructions, and then click Next.
9. On the Domain NetBIOS Name page, change the name, if necessary, and
then click Next.
10. On the Set Domain Functional Level page, select the domain functional
level that accommodates the domain controllers that you plan to install anywhere
in the domain, and then click Next.
11. On the Select Site page, select a site from the list or select the option to
install the domain controller in the site that corresponds to its IP address, and
then click Next.
12. On the Additional Options page, make the following selections, and then
click Next:
• Global Catalog: This option adds the global catalog, read-only directory
partitions to the domain controller and enables global catalog search
functionality.
13. If you have selected the advanced installation mode, on the Source Domain
Controller page, specify a domain controller from which to replicate the
configuration and schema directory partitions, and then click Next.
14. On the Location for Database, Log Files and SYSVOL page, type or
browse to the volume and folder locations for the database file, the directory
26
service log files, and the system volume (SYSVOL) files, and then click Next.
Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.
16. On the Summary page, review your selections. Click Back to change any
selections, if necessary, and when you are sure that your selections are accurate,
click Next to install AD DS.
17. When you are prompted, restart the server to complete the AD DS
installation.
You can use the following procedure to create the answer file. This procedure identifies
only the essential answer file entries for creating a new Windows Server "Longhorn"
domain. For a complete list of unattended installation options, including default values,
allowed values, and return codes, see Unattended install options.
Administrative credentials
To perform this procedure, you can use any account that has Read and Write privileges
for the text editor application.
3. Create the following entries, one entry on each line. These options are the
minimum options that are required for a new domain installation with DNS
configured automatically. For a complete list of unattended installation options,
including default values, allowed values, and descriptions, see Unattended install
27
options.
NewDomain=child
AutoConfigDNS=yes
DNSDelegation=yes
DNSOnNetwork=yes
SafeModeAdminPassword=<password>
RebootOnCompletion=yes
4. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network share or removable media
for distribution.
5. Use the procedure "To install a new domain controller by using an answer
file" to install the new domain.
28
• If you are installing an RODC in an existing Windows Server 2003 domain, you
must also run the adprep /rodcprep command. For information about installing an
RODC, see the Step-by-Step Guide for Planning, Deploying, and Using a Windows
Server "Longhorn" Beta 2 Read-only Domain Controller in this documentation set.
You also have the option to use the install from media (IFM) method of installation. For
this option, you must have prepared installation media from a restored backup of a
domain controller in the same domain. For information about using IFM to install a
domain controller in an existing domain, see Installing AD DS from restored backup
media.
Administrative credentials
You must be a member of the Domain Admins group to perform this procedure.
3. Insert the Windows Server "Longhorn" DVD into the CD or DVD drive. Copy
the contents of the \sources\adprep folder to an Adprep folder on the
infrastructure master.
4. Open a command prompt, and then change directories to the Adprep folder
adprep /domainprep
7. Allow the operation to complete, and then allow the changes to replicate
before performing the next procedure.
• IFM: You can provide a location for installation media that you have restored from
a backup of a similar domain controller in the same domain.
• Replication: You can specify a domain controller in the domain from which to
replicate AD DS.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the
domain that is being installed.
30
2. In the Add Roles Wizard, on the Before You Begin page, review the
preliminary verification steps. When you complete all the preliminary steps, click
Next.
7. On the Network credentials page, provide the user name and password for
an account that has at least Domain Admins privileges in the domain to which
you are adding the domain controller, specify the domain name, and then click
Next.
8. On the Select Domain page, select the domain of the new domain controller,
and then click Next.
9. On the Select Site page, select a site from the list or select the option to
install the domain controller in the site that corresponds to its IP address, and
then click Next.
10. On the Additional Options page, make the following selections, and then
click Next:
• Global Catalog: This option adds the global catalog, read-only directory
partitions to the domain controller, and it enables global catalog search
functionality.
11. If you selected the advanced installation mode, you can specify the following
advanced options:
a. On the Install from Media? page, you can provide the location of
installation media to be used to create the domain controller and configure
AD DS, or you can allow replication over the network. For information about
using this method to install the domain controller, see Installing AD DS from
restored backup media.
b. On the Source Domain Controller page, you can specify a domain
controller from which to replicate the configuration and schema directory
partitions. If you select This specific domain controller, you can select the
domain controller that you want to provide source replication to create the
new domain controller, and then click Next.
12. On the Location for Database, Log Files and SYSVOL page, type or
browse to the volume and folder locations for the database file, the directory
service log files, and the system volume (SYSVOL) files, and then click Next.
Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.
14. On the Summary page, review your selections. Click Back to change any
selections, if necessary. When you are sure that your selections are accurate,
click Next to install AD DS.
15. When you are prompted, restart the server to complete the AD DS
installation.
Administrative credentials
To perform this procedure, you can use any account that has Read and Write privileges
for the text editor application.
3. Create the following entries, one entry on each line. These options are the
minimum options that are required for a new domain controller installation with
DNS configured automatically. For a complete list of unattended installation
options, including default values, allowed values, and descriptions, see
Unattended install options.
ReplicaOrNewDomain=replica
DNSOnNetwork=yes
SafeModeAdminPassword=<password>
RestartOnCompletion=yes
4. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network share or removable media
for distribution.
5. Use the procedure "To install a new domain controller by using an answer
file" to install the new domain controller.
33
Requirements for installing from restored backup media include the following:
• You must have restored backup media that is prepared from a similar domain
controller in the same domain, as follows:
• For Windows Server "Longhorn" Beta 2 only, you can use restored backups
of only Full installation domain controllers to install AD DS on Full installation
servers. You cannot use IFM to install AD DS on a Server Core installation.
• You can use backup media from an RODC to install only other RODCs.
• Backup media must be created from a domain controller that has the same
operating system version and platform as the target server.
• For Windows Server "Longhorn" Beta 2 only, you can install AD DS from backup
media only by using the Windows interface. You cannot use an unattended
installation to install a domain controller from backup media.
Use the following procedure to use the IFM method of installing AD DS on a server in the
same domain.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the
domain that is being installed.
34
3. In the Add Roles Wizard, on the Before You Begin page, review the
preliminary verification steps. When you complete all the preliminary steps, click
Next.
8. On the Network credentials page, provide the user name and password for
an account that has at least Domain Admins privileges in the domain to which
you are adding the domain controller, specify the domain name, and then click
Next.
9. On the Select Domain page, select the domain of the new domain controller,
and then click Next.
10. On the Select Site page, select a site from the list or select the option to
install the domain controller in the site that corresponds to its IP address, and
then click Next.
11. On the Additional Options page, select additional options according to the
configuration of the backup domain controller, and then click Next:
12. On the Install from Media? page, click Install from media at the location
below.
13. In Location, type or browse to the disk drive location of the installation
media.
14. On the Location for Database, Log Files and SYSVOL page, type or
browse to the volume and folder locations for the database file, the directory
35
service log files, and the system volume (SYSVOL) files, and then click Next.
Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.
16. On the Summary page, review your selections. Click Back to change any
selections, if necessary. When you are sure that your selections are accurate,
click Next to install AD DS.
17. When you are prompted, restart the server to complete AD DS installation.
Additional considerations
• Dcpromo.exe installs AD DS using the data in the restored files, which eliminates
the need to replicate every object from a partner domain controller. However, objects
that were modified, added, or deleted since the backup was taken must be replicated.
If the backup was recent, the amount of replication that is required will be
considerably less than the amount of replication that is required for a regular AD DS
installation.
Verifying an AD DS installation
After you install AD DS, verify key functionality such as DNS resource record registrations
and SYSVOL replication. For verification steps to perform after installing AD DS, see
Verifying Active Directory Installation (http://go.microsoft.com/fwlink/?LinkId=68736).
For Windows Server "Longhorn" Beta 2 installations only, you must uninstall the directory
service binaries manually when you use an unattended method to remove AD DS.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the
domain.
4. On the Confirm Removal Options page, confirm the removal options, and
then click Remove.
in the list, and then remove or retain application directory partitions, as follows:
• If you do not want to retain any application directory partitions that are
stored on the domain controller, click Next.
8. On the Confirm Deletion page, select the option to delete all application
directory partitions on the domain controller, and then click Next.
11. When you are prompted, restart the server to complete AD DS removal.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the
domain.
3. Create the following entries, one entry on each line. For a complete list of
unattended installation options, including default values, allowed values, and
descriptions, see Unattended install options.
removeapplicationpartitions=yes
4. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network shared folder or removable
media for distribution.
5. The Dcpromo command to use an answer file is the same for both removing
and installing a domain controller. Use the procedure "To install a new domain
controller by using an answer file" to remove the domain controller.
Removing AD DS binaries
After you remove AD DS from a domain controller running Windows Server "Longhorn"
Beta 2, you must manually remove the AD DS binary files. This is a known issue for
Windows Server "Longhorn" Beta 2, but it will not be required in further Windows Server
"Longhorn" Beta releases.
Caution
Do not run this command on an installed domain controller. Be sure to restart the
server after removing AD DS before you run this command. Running this
command on an installed domain controller results in data loss on the domain
controller and requires a reinstallation of the operating system.
Administrative credentials
To perform this procedure, you must be a member of the local Administrators group on
the member server.
To remove AD DS binaries
1. Remove AD DS from the server, and then restart the server.
start /w is optional if you want to retain the command prompt until the process
completes.
Application directory partitions that are created by AD DS, such as the DomainDNSZones
and ForestDNSZones application directory partitions, cannot be retained if you remove
AD DS.
Administrative credentials
To complete this procedure, you must be a member of the Domain Admins group in the
parent domain or a member of the Enterprise Admins group in the forest.
4. On the Confirm Removal Options page, confirm the removal options, and
then click Remove.
40
6. On the Delete Domain? page, select the option to delete the domain. Before
you continue, read the instructions for managing the removal of cryptographic
keys and the decryption of Encrypting File System (EFS)–encrypted files, and
perform these actions, if necessary. When you are sure that you have completed
all security tasks, click Next.
8. On the Confirm Deletion page, select the option to delete all application
directory partitions on the domain controller, and then click Next.
10. On the Summary page, review your selections, and then click Next to
remove AD DS.
11. When you are prompted, restart the server to complete AD DS removal.
Administrative credentials
To complete this procedure, you must be a member of the Domain Admins group in the
parent domain or a member of the Enterprise Admins group in the forest.
41
To create an answer file for removing the last domain controller in a domain
1. On the first line, type [DCINSTALL], and then press ENTER.
2. Create the following entries, one entry on each line. For a complete list of
unattend installation options, including default values, allowed values, and
descriptions, see Unattended install options.
IsLastDCInDomain=yes
3. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network share or removable media
for distribution.
4. The Dcpromo command to use an answer file is the same for both removing
and installing a domain controller. Use the procedure "To install a new domain
controller by using an answer file" to remove the domain controller.
Administrative credentials
To complete this procedure, you must be a member of the Domain Admins group in the
forest root domain or the Enterprise Admins group in the forest.
4. On the Confirm Removal Options page, confirm the removal options, and
then click Remove.
6. On the Delete Domain? page, select the option to delete the domain and
forest. Before you continue, read the instructions for managing the removal of
cryptographic keys and the decryption of EFS-encrypted files, and perform these
actions, if necessary. When you are sure that you have completed all security
tasks, click Next.
• If you do not want to retain any application directory partitions that are
stored on the domain controller, click Next.
8. On the Confirm Deletion page, select the option to delete all application
directory partitions on the domain controller, and then click Next.
10. On the Summary page, review your selections, and then click Next to
remove AD DS.
11. When you are prompted, restart the server to complete AD DS removal.
Dcpromo.exe accepts these parameters either directly from the command line or as
entered in a text file that is formatted in standard.INI format. The text file must contain a
section heading [DCINSTALL] followed by AD DS (domain controller) server role
unattended installation parameters.
Create a text file that contains the [DCINSTALL] heading and in which each line in the file
contains an option and its value in the form option=value. To use the options directly from
44
the command line, precede each option:value pair with a forward slash (/) and separate
each /option=value pair with a space. At the command line, you can also use a colon (:)
to separate the option and the value (/option:value).
[DCINSTALL]
The following is an example set of the same options as typed in the Dcpromo.exe
command line:
already exists,
specifies whether to
recreate the domain.
0 = Windows 2000
Server Native
2 = Windows
Server 2003 Native
3 = Windows Server
"Longhorn"
system (NetBIOS)
name to the new
domain.
0 = Windows 2000
Server Native
2 = Windows
Server 2003 Native
3 = Windows Server
"Longhorn"
ForestLevel replaces
SetForestVersion in
Windows Server 2003.
• The root
domain of a new
forest
• The root
domain of a new
tree in an existing
forest
• A child domain
in an existing
forest
specified when AD DS
is installed on a
Windows Server
"Longhorn" Server
Core installation.
In Windows Server
"Longhorn" Beta 2, if
you have no security
principals to add,
leave this entry blank.
Using the value
"NONE" causes the
unattended RODC
installation to fail. This
issue will be resolved
for Windows Server
"Longhorn" Beta 3.
• An additional
domain controller
in an existing
domain
• An RODC in
an existing domain
• The first
domain controller
in a new domain
installing AD DS.
Caution: The
/ForceDemotion
switch results in
data loss on the
domain controller.
on wrong platform.
not valid.
meet password
criteria.
DNS.
server.
To provide feedback for this step-by-step guide, follow the instructions on the Microsoft
Web site (http://go.microsoft.com/fwlink/?linkid=55105). Please note that, in the comment
area on the Web site, you will need to provide the name of this step-by-step guide.