(Unattended Installation)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The [DCInstall] section contains entries for installing a domain controller after the initial setup of the Microsoft Windows operating system finishes. The entries in this section apply only to Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.
You can create an answer file that contains only this section, and run it after Setup completes and a user logs on to the system. The command for this is dcpromo /answer:answer_file
.
Answer File Entries for the [DCInstall] Section
Entry | Description |
---|---|
AdministratorPassword |
Sets the local administrator password for the computer during the demotion of a domain controller to a member server. |
AllowAnonymousAccess |
Specifies whether any pre-Windows 2000 server authenticates users from this domain or any trusted domain. |
AutoConfigDNS |
Specifies whether the Active Directory Installation Wizard configures DNS for the new domain if it detects that the DNS dynamic update protocol is not available. |
ChildName |
Specifies whether to append the DNS label at the beginning of the name of an existing directory service domain when installing a child domain. |
ConfirmGc |
Specifies whether the replica is also a global catalog. |
CreateOrJoin |
Specifies whether the new tree domain is part of an existing forest of domains. |
CriticalReplicationOnly |
Specifies whether the promotion operation performs only critical replication and then continues, skipping the noncritical (and potentially lengthy) portion of replication. |
DatabasePath |
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer that contains the domain database. |
DisableCancelForDnsInstall |
Specifies whether to disable the Cancel button during a DNS installation. |
DNSOnNetwork |
Specifies whether to set DNS server addresses automatically. |
DomainNetBiosName |
Assigns a network BIOS (NetBIOS) name to the new domain. |
IsLastDCInDomain |
Specifies whether the computer on which the Active Directory Installation Wizard is running is the last domain controller in the domain. |
LogPath |
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer that contains the domain log files. |
NewDomain |
Indicates the type of a new domain: whether a new domain in a new forest, the root of a new tree in an existing forest, or a child of an existing domain. |
NewDomainDNSName |
Specifies the required name of a new tree in an existing domain or when Setup installs a new forest of domains. |
ParentDomainDNSName |
Specifies the DNS domain name of an existing directory service domain when installing a child domain. |
Password |
Specifies the password for the user name (account credentials) to use for promoting the member server to a domain controller. |
RebootOnSuccess |
Specifies whether to restart the computer upon successful completion. |
RemoveApplicationPartitions |
Specifies whether to remove application partitions during the demotion of a domain controller. |
ReplicaDomainDNSName |
Specifies the DNS domain name of the domain to replicate. |
ReplicaOrMember |
Specifies whether to convert an upgraded Windows NT 3.51 or Windows NT 4.0-based backup domain controller (BDC) to a domain controller or demote it to a regular member server in the domain. |
ReplicaOrNewDomain |
Specifies whether to install a new domain controller as the first domain controller in a new directory service domain or to install it as a replica directory service domain controller. |
ReplicationSourceDC |
Indicates the full DNS name of the domain controller from which you replicate the domain information. |
ReplicationSourcePath |
Indicates the location of the files used to create a new domain controller. |
SafeModeAdminPassword |
Supplies the password for the administrator account when starting the computer in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode. |
SetForestVersion |
Indicates the functional level for a new forest. |
SiteName |
Specifies the name of an existing site where you can place the new domain controller. |
Syskey |
Indicates that the user must supply the system key. |
SysVolPath |
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer. |
TreeOrChild |
Specifies that the new domain is the root of a new tree or a child of an existing domain. |
UserDomain |
Specifies the domain name for the user name (account credentials) used for promoting the member server to a domain controller. |
UserName |
Specifies the user name (account credentials) used for promoting the member server to a domain controller. |
Sets the local administrator password for the computer during the demotion of a domain controller to a member server.
AdministratorPassword = admin_password
Value | Description |
---|---|
Admin_password |
The local administrator password. |
[DCInstall]
AdministratorPassword = YHR&#@FHD
The default is no password (blank).
This entry is valid only during a demotion. If you do not specify a value, Setup uses a blank administrator password.
Setup deletes the value from the answer file after the demotion operation finishes.
Note
- If you create a password that starts with an asterisk (*), Windows sets the password to Null. A null password could be a security risk and is not recommended.
Specifies whether any pre-Windows 2000 server authenticates users from this domain or any trusted domain.
AllowAnonymousAccess = Yes | No
Value | Description |
---|---|
Yes |
Enables anonymous access to user and group information. Used with pre-Windows 2000 servers. |
No |
Makes the default permissions more restrictive. Used with Windows 2000 servers. |
[DCInstall]
AllowAnonymousAccess = Yes
The default value is Yes.
Specifies whether the Active Directory Installation Wizard configures DNS for the new domain if it detects that the DNS dynamic update protocol is not available.
AutoConfigDNS = Yes | No
Value | Description |
---|---|
Yes |
Configures DNS for the new domain if the DNS dynamic update protocol is not available. |
No |
Does not configure DNS for the domain. |
[DCInstall]
AutoConfigDNS = Yes
The default value is Yes.
Specifies whether to append the DNS label at the beginning of the name of an existing Active Directory domain when installing a child domain.
ChildName = child_domain_name
[DCInstall]
ChildName = childdom.parentdom.fabrikam.com
For example, if the parent name is “parentdom.fabrikam.com” and the ChildName is “childdom,” then the name of the new domain is “childdom.parentdom.fabrikam.com.”
This new domain name must not already be in use and you must properly configure DNS services on the computer. This entry is required.
For more information, see the TreeOrChild entry later in the section “[DCInstall].”
Specifies whether the replica is also a global catalog.
ConfirmGc = Yes | No
Value | Description |
---|---|
Yes |
Makes the replica a global catalog if the backup was a global catalog. |
No |
Does not make the replica a global catalog. |
[DCInstall]
ConfirmGc = Yes
The default value is Yes.
This entry applies only if you specify ReplicationSourcePath. If you create the restored files from a backup of a global catalog, then the replica can also be a global catalog of those files.
Specifies whether the new tree domain is part of an existing forest of domains.
CreateOrJoin = Create | Join
Value | Description |
---|---|
Create |
Creates a new forest of domains. |
Join |
Places the new domain at the root of a new domain tree in an existing forest of domains. |
[DCInstall]
CreateOrJoin = Create
The default value is Join.
Setup supports the CreateOrJoin entry for backward compatibility with Windows 2000 unattended installation. For unattended installation of Windows Server 2003, use the NewDomain entry instead.
Specifies whether the promotion operation performs only critical replication and then continues, skipping the noncritical (and potentially lengthy) portion of replication.
CriticalReplicationOnly = Yes | No
Value | Description |
---|---|
Yes |
Skips noncritical replication. |
No |
Does not skip noncritical replication. |
[DCInstall]
CriticalReplicationOnly = Yes
There is no default value.
If Setup skips noncritical replication, replication automatically and silently resumes when you restart the computer. The computer assumes its new role as a domain controller.
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer that contains the domain database.
DatabasePath = path_to_database_files
[DCInstall]
DatabasePath = %systemroot%\Data
The default is systemroot\NTDS.
Enclose path_to_database_files in quotation marks if it is a long file name.
If the directory exists, it must be empty. If the directory does not exist, Setup creates it.
The disk must have enough free disk space available (new domains require at least 20 MB) and must have room to grow if you plan to add numerous objects to the domain. For replica domains, you must specify the space required in the domain size.
For optimal performance, place the domain database on a different volume than the domain log files.
Specifies whether to disable the Cancel button during a DNS installation.
DisableCancelForDnsInstall = Yes | No
Value | Description |
---|---|
Yes |
Does not display the Cancel button. During the DNS installation, the /c switch invokes the Optional Component Manager (OCM). |
No |
Displays the Cancel button. |
[DCInstall]
DisableCancelForDnsInstall = Yes
The default value is No.
This entry applies only if the answer file indicates that the wizard installs DNS on the computer if it has not already installed it.
Specifies whether to set DNS server addresses automatically.
DNSOnNetwork = Yes | No
Value | Description |
---|---|
Yes |
Sets the DNS server addresses manually for the computer. |
No |
Installs the DNS service, creates a valid DNS configuration, and creates a zone for the new domain with that service. |
[DCInstall]
DNSOnNetwork = No
The default value is Yes.
This entry is used when installing the first domain in a new forest and the TCP/IP configuration has missing or incorrect DNS server addresses. Before the computer can become a domain controller, its TCP/IP stack must have a valid DNS configuration.
Note
- If
DNSOnNetwork = Yes
, the Active Directory Installation Wizard does not test the client configuration. As a result, the user will have to manually set the server addresses later and might have to configure DNS manually for the new domain.
Assigns a network BIOS (NetBIOS) name to the new domain.
DomainNetBiosName = domain_NetBIOS_name
[DCInstall]
DomainNetBiosName = MY_DOMAIN
This entry is required, and the name specified must not already be in use as a domain or computer name. Setup ignores this entry when upgrading pre-Windows 2000 primary domain controllers.
Specifies whether the computer on which the Active Directory Installation Wizard runs is the last domain controller in the domain.
IsLastDCInDomain = Yes | No
Value | Description |
---|---|
Yes |
Indicates that this computer is the last domain controller in the domain. |
No |
Indicates that this computer is not the last domain controller in the domain. |
[DCInstall]
IsLastDCInDomain = Yes
The default value is No.
This entry is valid only when demoting an existing domain controller to a member server.
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer that contains the domain log files.
LogPath = path_to_log_files
[DCInstall]
LogPath = %systemroot%\Logs
Enclose path_to_log_files in quotation marks if it is a long file name.
If the directory exists, it must be empty. If the directory does not exist, Setup creates it.
The disk must have enough free disk space available (new domains require at least 10 MB) and must have room to expand if you plan to add numerous objects to the domain. For replica domains, you must specify the space required in the domain size.
For optimal performance, place the log files on a different volume than the database files.
Indicates the type of a new domain: whether a new domain in a new forest, the root of a new tree in an existing forest, or a child of an existing domain.
NewDomain = Tree | Child | Forest
Value | Description |
---|---|
Tree |
The new domain is the root of a new tree in an existing forest. |
Child |
The new domain is a child of an existing domain. |
Forest |
The new domain is the first domain in a new forest of domain trees. |
[DCInstall]
NewDomain = Tree
The default value is Forest.
Specifies the required name of a new tree in an existing domain or when Setup installs a new forest of domains.
NewDomainDNSName = DNS_name_of_domain
[DCInstall]
NewDomainDNSName = newdom.fabrikam.com.
For example, this DNS name could be “newdom.fabrikam.com.”
Specifies the DNS domain name of an existing directory service domain when installing a child domain.
ParentDomainDNSName = DNS_name_of_domain
[DCInstall]
ParentDomainDNSName = newdom.fabrikam.com
When specifying this entry, make sure that the current user has administrative credentials to the specified domain, and that you properly configure the DNS services. The domain name must refer to an existing directory service domain.
For more information, see TreeOrChild entry later in the section “[DCInstall].”
Specifies the password for the user name (account credentials) to use for promoting the member server to a domain controller.
Password = password
[DCInstall]
Password = YH3$GJ
The answer file deletes the value after the promotion operation finishes.
Note
- If you create a password that starts with an asterisk (*), Windows sets the password to Null. A null password could be a security risk and is not recommended.
Specifies whether to restart the computer upon successful completion.
RebootOnSuccess = Yes | No | NoAndNoPromptEither
Value | Description |
---|---|
No |
Does not restart, but prompts the user to restart. |
Yes |
Restarts upon successful completion. |
NoAndNoPromptEither |
Does not restart and does not prompt the user to restart. |
[DCInstall]
RebootOnSuccess = No
You must restart the server to start the directory services.
Specifies whether to remove application partitions during the demotion of a domain controller.
RemoveApplicationPartitions = Yes | No
Value | Description |
---|---|
Yes |
Removes application partitions on the domain controller. |
No |
Does not remove application partitions on the domain controller. If the domain controller hosts the last replica of any application directory partition, you must manually confirm that you must remove these partitions. |
[DCInstall]
RemoveApplicationPartitions = Yes
The default value is No.
Note
- If you remove the last replica of any application directory partition, Setup destroys the partition and all data it contains.
Specifies the DNS domain name of the domain to replicate.
ReplicaDomainDNSName = DNS_name_of_domain
[DCInstall]
ReplicaDomainDNSName = fabrikam.com
This entry is valid only for backup domain controller (BDC) upgrades and domain controller installations. In such situations, you must specify a value or the installation fails.
Normally, the user who is currently logged on has administrative credentials to the specified domain, and Setup properly configures DNS services. The domain name must refer to an existing directory service domain.
Specifies whether to convert an upgraded Windows NT 3.51 or Windows NT 4.0-based backup domain controller (BDC) to a domain controller or demote it to a regular member server in the domain.
ReplicaOrMember = Replica | Member
Value | Description |
---|---|
Replica |
Installs the server as a domain controller. |
Member |
Installs the new domain controller as a member server in a domain. |
[DCInstall]
ReplicaOrMember = Replica
The default value is Member.
This entry is valid only when upgrading a BDC.
Specifies whether to install a new domain controller as the first domain controller in a new directory service domain or to install it as a replica directory service domain controller.
ReplicaOrNewDomain = Replica | Domain
Value | Description |
---|---|
Replica |
Installs the new domain controller as a replica directory service domain controller. |
Domain |
Installs the new domain controller as the first domain controller in a new directory service domain. You must specify the TreeOrChild entry with a valid value. |
[DCInstall]
ReplicaOrNewDomain = Domain
The default value is Replica.
Indicates the full DNS name of the domain controller from which you replicate the domain information.
ReplicationSourceDC = DNS_name_of_DC
[DCInstall]
ReplicationSourceDC = dc01.fabrikam.com
There is no default value.
Indicates the location of the files used to create a new domain controller.
ReplicationSourcePath = replication_source_path
[DCInstall]
ReplicationSourcePath = %systemdrive%\Source
There is no default value.
The value must be the fully qualified path to a folder on the local computer where you copied the files.
This entry is used to indicate that the bulk of the directory data replication came from backup files that you restored to a volume on the server, rather than from another domain controller.
However, you cannot perform complete replication entirely from copied files. You need to access another domain controller (for more information, see the ReplicationSourceDC entry earlier in the section “[DCInstall].”)
If this value is present and non-empty, then you can perform data replication by using the restored files. If this value is not present or is empty, then perform replication from another domain controller on the network.
If the value refers to a valid set of restored backup files, Setup ignores any value for the ReplicaDomainDNSName entry. The domain name to which the restored files belong takes precedence.
Supplies the password for the administrator account when starting the computer in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode.
SafeModeAdminPassword = password | None
Value | Description |
---|---|
password |
Specifies the password for the administrator account that you use when the computer is in Safe Mode. |
None |
Does not supply a password for the administrator account. |
[DCInstall]
SafeModeAdminPassword = XHJ3$G
The default value is None.
Note
- If you create a password that starts with an asterisk (*), Windows sets the password to Null. A null password could be a security risk and is not recommended.
Indicates the functional level for a new forest.
SetForestVersion = Yes | No
Value | Description |
---|---|
Yes |
Sets forest functional level to Windows Server 2003 interim. |
No |
Sets forest functional level to Windows 2000. |
[DCInstall]
SetForestVersion = Yes
The default value is No.
Use the entry SetForestVersion = Yes
if:
You want more efficient replication of large group memberships. This functional level includes improvements to the group membership replication feature in Active Directory and is useful if you have groups with many members.
You want to support Windows NT 4.0 and Windows Server 2003 domain controllers.
You will not have Windows 2000 domain controllers in your forest.
You must set the value of SetForestVersion to No if you plan to have Windows NT 4.0, Windows 2000 Server, and Windows Server 2003 domain controllers in your forest. This functional level does not support the large group membership replication feature.
Use this entry only when the destination computer is a domain controller upgraded from Windows NT 4.0 to Windows Server 2003, and is the first domain controller in a new forest. For more information about creating and typing new domains, see the NewDomain entry earlier in the section “[DCInstall].”
Note
- If you set the functional level to Windows Server 2003 interim, you cannot change the functional level to enable Windows 2000 domain controllers later.
Specifies the name of an existing site where you can place the new domain controller.
SiteName = site_name
[DCInstall]
SiteName = FirstSite
The default is the name of your first site.
If you do not specify a site, Setup selects a suitable site using the current site and subnet configuration of the forest.
Indicates that the user must supply the system key.
Syskey = <none> | system_key
[DCInstall]
Syskey = 12345
The default is to not specify a system key.
This entry applies only if you specify ReplicationSourcePath. Setup uses this value if the restored files that are used to install a replica indicate that the user must supply the system key.
If the restored files indicate that the user must supply the system key on a floppy disk, then the system looks for the key on drive A.
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer.
SysVolPath = path_to_database_file
[DCInstall]
SysVolPath = %systemroot%\Sysvol
Enclose path_to_database_file in quotation marks if it is a long file name.
If the directory exists, it must be empty. If the directory does not exist, Setup creates it.
You must format the disk with NTFS version 5.0 before or during the unattended installation for this entry to be valid.
Specifies that the new domain is the root of a new tree or a child of an existing domain.
TreeOrChild = Tree | Child
Value | Description |
---|---|
Tree |
Specifies that the new domain is the root of a new tree. You must specify the CreateOrJoin or NewDomain entries with a valid value. |
Child |
Specifies that the new domain is a child of an existing domain. |
[DCInstall]
TreeOrChild = Tree
The default value is Child.
Setup supports TreeOrChild for backward compatibility with Windows 2000 unattended installation. For unattended installation of Windows Server 2003, use NewDomain instead.
Specifies the domain name for the user name (account credentials) used for promoting the member server to a domain controller.
UserDomain = domain_name
[DCInstall]
UserDomain = fabrikam.com
Specifies the user name (account credentials) used for promoting the member server to a domain controller.
UserName = user_name
[DCInstall]
UserName = ChrisGray