Promotion Operation
Applies To: Windows Server 2008, Windows Server 2008 R2
The following options are available for the Promotion operation during an unattended installation of Active Directory Domain Services (AD DS) in Windows Server 2008 and Windows Server 2008 R2. Options that were new in Windows Server 2008 appear in bold text.
| Parameter | Possible values | Default value | Description |
|---|---|---|---|
/AllowDomainReinstall |
Yes | No |
No |
Specifies whether an existing domain is re-created. |
/AllowDomainControllerReinstall |
Yes | No |
No |
Specifies whether to continue installing this domain controller despite the fact that an active domain controller account with the same name is detected. Specify Yes only if you are sure that the account is no longer in use. |
/ApplicationPartitionsToReplicate |
"partition_DN_1 partition_DN_2 ...partition_DN_n" |
|
Specifies application partitions to be replicated in the format of "partition1" "partition2". If * is specified, all application partitions will be replicated. Use space-separated (or comma-and-space-separated) distinguished names, with the entire string enclosed in quotation marks. |
/AutoconfigDNS This parameter has been renamed to /InstallDNS. |
Yes | No |
Computed automatically based on the environment. |
Specifies whether Domain Name System (DNS) is configured for a new domain if Dcpromo detects that the DNS dynamic update protocol is not available or if Dcpromo detects an insufficient number of DNS servers for an existing domain. |
/ChildName |
child_domain_name |
|
Specifies the single-label DNS name of the child domain. |
/ConfirmGc |
Yes | No |
Specifies whether the domain controller is a global catalog server. |
|
/CreateDNSDelegation |
Yes | No |
Computed automatically based on the environment. |
Indicates whether to create a DNS delegation that refers to this new DNS server. Valid for Active Directory–integrated DNS only. |
/CriticalReplicationOnly |
Yes | No |
No |
Specifies whether the promotion operation performs only critical replication before reboot and then continues, skipping the noncritical (and potentially lengthy) portion of replication. The noncritical replication happens after the role installation finishes and the computer restarts. |
/DatabasePath |
path_to_database_files |
%systemroot%\NTDS |
Specifies the fully qualified, non–Universal Naming Convention (UNC) path to a directory on a fixed disk of the local computer that contains the domain database, for example, C:\Windows\NTDS. |
/DelegatedAdmin |
User or group |
|
Specifies the name of the user or group who will install and administer the read-only domain controller (RODC). If no value is specified, only members of the Domain Admins group or Enterprise Admins group can install and administer the RODC. |
/DNSDelegationPassword |
Password | * |
|
Specifies the password for the user name (the account credentials) that is used to create or remove the DNS delegation. Specify * to prompt the user to enter credentials. |
/DNSDelegationUserName |
user_name |
|
Specifies the user name to be used when the DNS delegation is created or removed. If you do not specify a value, the account credentials that you specify for the AD DS installation or removal are used for the DNS delegation. |
/DNSOnNetwork |
Yes | No |
Yes |
Specifies whether the DNS Server service is available on the network. This parameter is used only when the network adapter for this computer is not configured with the name of a DNS server for name resolution. Specifying No indicates that the DNS server will be installed on this computer for name resolution. Otherwise, the network adapter must be configured with a DNS server name first. |
/DomainLevel |
0 | 2 | 3 | 4 |
Based on the current forest functional level. |
Specifies the domain functional level when a new domain is created in an existing forest, as follows: 0 = Windows 2000 native 2 = Windows Server 2003 3 = Windows Server 2008 4 = Windows Server 2008 R2 |
/DomainNetBiosName |
domain_NetBIOS_name |
Left-most label of the DNS name. |
Assigns a NetBIOS name to the new domain. |
/ForestLevel |
0 | 2 | 3 | 4 |
0 (for Windows Server 2008) 2 (for Windows Server 2008 R2) |
Specifies the forest functional level when a new domain is created in a new forest, as follows: 0 = Windows 2000 2 = Windows Server 2003 3 = Windows Server 2008 4 = Windows Server 2008 R2 ForestLevel replaces SetForestVersion in Windows Server 2003. Do not use this switch when you are installing a domain controller in an existing forest. |
/InstallDNS This switch replaces /AutoConfigDNS. |
Yes | No |
Computed automatically based on the environment. |
Specifies whether DNS is configured for a new domain if Dcpromo detects that the DNS dynamic update protocol is not available or if Dcpromo detects an insufficient number of DNS servers for an existing domain. |
/LogPath |
Path_to_log_files |
%systemroot%\ NTDS |
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer that contains the domain log files, for example, C:\Windows\NTDS. |
/NewDomain |
Forest | Tree | Child |
Forest |
Specifies the type of new domain:
The type of new domain must be specified when AD DS is installed on a Server Core installation. |
/NewDomainDNSName |
DNS_domain_name |
|
Specifies a fully qualified domain name (FQDN) for the new domain. |
/ParentDomainDNSName |
DNS_domain_name |
|
Specifies the FQDN of an existing parent domain when a child domain is installed. |
/Password |
Password | * |
|
Specifies the password that corresponds to the user name (account credentials) that is used to promote the domain controller. Specify * to prompt the user to enter credentials. |
/PasswordReplicationAllowed |
Security_Principal | NONE |
|
Specifies the names of computer and user accounts whose passwords can be replicated to this RODC. Specify "None" if you want to keep the value empty. By default, no user credentials will be cached on this RODC. To specify more than one security principal, add the entry multiple times. |
/PasswordReplicationDenied |
Security_Principal | None |
|
Specifies the names of user, group, and computer accounts whose passwords are not to be replicated to this RODC. Specify None if you do not want to deny the replication of credentials of any users or computers. To specify more than one security principal, add the entry multiple times. |
/RebootOnCompletion |
Yes | No |
Yes |
Specifies whether to restart the computer upon completion, regardless of success. |
/RebootOnSuccess |
Yes | No| NoAndNoPromptEither This command is deprecated but still supported. You should use /RebootOnCompletion instead. |
Yes |
Specifies whether to restart the computer upon successful completion of an operation. |
/ReplicaDomainDNSName |
DNS_domain_name |
|
Specifies the FQDN of the domain in which you want to promote an additional domain controller. |
/ReplicaOrNewDomain |
Replica | ReadOnlyReplica | Domain |
Replica |
Specifies whether to install the domain controller as:
|
/ReplicationSourceDC |
DNS_name_of_source |
|
Indicates the FQDN of the partner domain controller from which Active Directory data is replicated to create the new domain controller. |
/ReplicationSourcePath |
path_to_installation_media |
|
Indicates the location of the installation media that will be used to install a new domain controller. |
/SafeModeAdminPassword |
password | NONE |
|
The password for the administrator account to use when you start the computer in Safe Mode or a variant of Safe Mode, such as Directory Service Restore Mode (DSRM). You cannot specify a blank password. |
/SiteName |
site_name |
See the note below this table. |
The name of an existing site where you can place the new domain controller. |
/SkipAutoConfigDNS |
No value is required. |
|
This switch is for expert users who want to skip automatic configuration of client settings, forwarders, and root hints. The switch is in effect only if the DNS Server service is already installed on the server, in which case you will receive an informational message confirming that the automatic configuration of DNS was skipped. Otherwise, this switch is ignored. If you specify this switch, ensure that zones are created and properly configured before you install AD DS or the domain controller will not operate correctly. This switch does not skip automatic creation of the DNS delegation in the parent DNS zone. To control DNS delegation creation, use the /CreateDNSDelegation switch. |
/Syskey |
NONE | system key |
|
Specifies the system key for the media from which you replicate the data. |
/SysVolPath |
path_to_SYSVOL_folder |
%systemroot%\ sysvol |
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer, for example, C:\Windows\SYSVOL. |
/TransferIMRoleIfNeeded |
Yes | No |
No |
Specifies whether to transfer the infrastructure master role to this domain controller, in case it is currently hosted on a global catalog server and you do not plan to make this domain controller a global catalog server. Choose Yes to transfer the infrastructure master role to this domain controller in case this is needed. If you choose Yes, be sure to specify /ConfirmGC:No. |
/UserDomain |
domain_name |
|
Specifies the domain name for the user name (account credentials) that is used for promoting a domain controller. |
/UserName |
Domain\user_name |
|
Specifies the user name (account credentials) that is used for promoting a domain controller. We recommend that you specify the account credentials in the domain\user_name format. |
Note
The default value for the /SiteName parameter depends on the type of installation. For a new forest, the default is Default-First-Site-Name. For all other writable domain controller installations, the default is the site that is associated with the subnet that includes the IP address of this server. If no such site exists, the default is the site of the replication source domain controller. For an RODC installation, you must specify the site name where the RODC will be installed.