Perform an Unattended Install of an AD LDS Instance

Applies To: Windows Server 2008

You can use this procedure to perform an unattended install of an Active Directory Lightweight Directory Services (AD LDS) instance without user intervention. An unattended AD LDS installation requires an answer file (Answer.txt) that contains a set of preconfigured installation options.

Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477). By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition.

To perform an unattended install of an AD LDS instance

  1. Create a new text file by using any text editor.

    As an alternative, you can copy and paste the following sample answer file into your answer file.

    [ADAMInstall]
    ; The following line specifies to install a unique ADAM instance.
    InstallType=Unique
    ; The following line specifies the name to be assigned to the new instance.
    InstanceName=MyFirstInstance
    ; The following line specifies the communications port to use for LDAP.
    LocalLDAPPortToListenOn=389
    ; The following line specifies an application partition to create
    NewApplicationPartitionToCreate="o=microsoft,c=us"
    ; The following line specifies the directory to use for ADAM data files.
    DataFilesPath=C:\Program Files\Microsoft ADAM\instance1\data
    ; The following line specifies the directory to use for ADAM log files.
    LogFilesPath=C:\Program Files\Microsoft ADAM\instance1\data
    ; The following line specifies the .ldf files to import into the ADAM schema.
    ImportLDIFFiles="ms-inetorgperson.ldf" "ms-user.ldf"
    
  2. Specify the installation parameters that are described in the table that immediately follows this procedure, and then save your answer file.

  3. At a command prompt (or in a batch or script file), change to the drive and directory that contains the AD LDS setup files.

    To open a command prompt, click Start, click Run, and type cmd.

  4. At the command prompt, type the following command, and then press ENTER:

    %systemroot%\ADAM\adaminstall.exe /answer:drive:\<pathname>\<filename>.txt"
    

    Where drive:\<pathname>\<filename>.txt represents the drive, path, and file name of your answer file. (The command requires the quotation marks.)

The following table shows the parameters that you can use in an AD LDS answer file. These parameters are not case sensitive. In other words, you can specify either InstallType or installtype in your answer file. However, AD LDS preserves the case for the values that you specify for the instancename and servicepassword parameters.

Note

The default behavior occurs if the parameter is not present in the answer file.

Parameter Description

InstallType

Valid for all installations.

Optional.

Possible values

  • Unique: creates a unique instance of AD LDS.

  • Replica: creates an instance of AD LDS by replicating all or part of an existing AD LDS instance, either over the network or from restored backup media.

    When you also specify values in the answer file for the ReplicationDataSourcePath and ReplicationLogSourcePath parameters, and when you set the value for InstallType to Replica, AD LDS setup installs an AD LDS replica instance from restored backup media. If no values for those parameters are present, AD LDS setup installs an AD LDS replica instance over the network.

  • Any other value: AD LDS returns the error message "Invalid installation type specified in InstallType."

Default behavior

  • Same behavior as Unique.

ShowOrHideProgressGUI

Valid for all installations.

Optional.

Possible values

  • Show: AD LDS setup displays progress information during installation.

  • Hide: AD LDS setup does not display progress information during installation.

Default behavior

  • Same behavior as Hide.

InstanceName

Valid for all installations.

Optional.

Possible values

An AD LDS instance name must meet the following requirements:

  • It must be unique with respect to other AD LDS instances that are running on the same computer.

  • It must be no longer than 44 characters.

  • It must use characters only from the ranges of a through z, A through Z, or 0 through 9.

Default behavior

  • The AD LDS instance is named Instancen, where n is the lowest number greater than zero (0) and Instancen is unique on the local computer.

ApplicationPartitionsToReplicate

Valid only for replica installations.

Optional.

Specifies the distinguished names of the application partitions to replicate from the source AD LDS instance.

The following example specifies three application partitions to replicate:

ApplicationPartitionsToReplicate = "CN=my,O=partition" "DC=partition2" "CN=embed qu\"ote in DN"

To replicate all application partitions from the source AD LDS instance, specify a wildcard character (*) as the value. AD LDS ignores any value that you specify for ApplicationPartitionsToReplicate if you do not set the value of InstallType to Replica.

Default behavior

AD LDS does not replicate application partitions.

ReplicationDataSourcePath

Valid only for replica installations.

When a value for this parameter is present, AD LDS setup attempts an installation from media. If the value for this parameter is not valid, AD LDS setup writes an error to the setup log.

Specifies the directory path to a restored instance of AD LDS data. AD LDS ignores any value that you specify for ReplicationDataSourcePath if you do not set InstallType to Replica or if you do not also specify a value for ReplicationLogSourcePath.

Default behavior

AD LDS replicates application data over the network, rather than from a restored backup of an AD LDS instance. If you specify a value for this parameter, but not for ReplicationLogSourcePath, an error occurs.

ReplicationLogSourcePath

Valid only for replica installations.

When a value for this parameter is present, AD LDS setup attempts an installation from media. If the value for this parameter is not valid, AD LDS setup writes an error to the setup log.

Specifies the directory path to the log file for a restored instance of AD LDS. AD LDS ignores any value that you specify for ReplicationLogSourcePath if you do not set the value of InstallType to Replica or if you do not also specify a value for ReplicationDataSourcePath.

Default behavior

AD LDS replicates application data over the network, rather than from a restored backup of an AD LDS instance. If you specify a value for this parameter, but not for ReplicationDataSourcePath, an error occurs.

LocalLDAPPortToListenOn

Required for all installations.

Possible values

  • 389 or any unused port number between 1025 and 65535, inclusive.

  • Any other value: AD LDS returns the error message "Invalid local LDAP port specified."

LocalSSLPortToListenOn

Required for all installations. SourceServer

Required for replica installations.

  • 636 or any unused port number between 1025 and 65535, inclusive.

  • Any other value: AD LDS returns the error message "Invalid local SSL port specified."

Default behavior

  • The value for the port number defaults to 636. If 636 is not available, the value defaults to the first available port number that is equal to or greater than 50000.

SourceServer

Required for replica installations.

Possible values

  • A valid Domain Name System (DNS) name or NetBIOS name.

  • Any other value: if the value of InstallType is Replica, AD LDS returns the error message "Invalid syntax for replication source server."

Default behavior

  • If the value of InstallType is Replica, AD LDS returns the error message "Replication source server not specified.”

SourceLDAPPort

Required for replica installations.

Possible values

  • 389 or a number between 1025 and 65535.

  • Any other value: if the value of InstallType is Replica, any other value for AD LDS returns the error message "Invalid replication source port specified."

Default behavior

  • If the value of InstallType is Replica, AD LDS returns the error message "Replication source port not specified."

NewApplicationPartitionToCreate

Valid for installations of new, unique AD LDS instances.

Optional.

Possible values

  • A valid distinguished name: creates an application partition with the name that you specify.

  • An empty string (""): does not create a new application partition.

  • Any other value: if the installation type is unique, AD LDS returns the error message "Invalid application partition syntax in NewApplicationPartitionToCreate."

Default behavior

  • Same behavior as an empty string ("").

DataFilesPath

Valid for all installations.

Optional.

Possible values

  • A syntactically correct path name, which may include unresolved environment variables that do not contain existing AD LDS files.

  • Any other value: AD LDS returns the error message "Invalid path in DataFilesPath."

Default behavior

  • Store data files in Program Files\Microsoft ADAM\instancename\data.

LogFilesPath

Valid for all installations.

Optional.

Possible values

  • A syntactically correct path name, which may include unresolved environment variables that do not contain existing AD LDS files.

  • Any other value: AD LDS returns the error message "Invalid path in LogFilesPath."

Default behavior

  • Stores log files in Program Files\Microsoft ADAM\instancename\data.

ServiceAccount

Valid for all installations.

Optional.

Possible values

  • A valid DNS domain name, followed by a backslash, and then the account or group name.

  • A valid NetBIOS domain name, followed by a backslash, and then the account name.

  • A valid user principal name (UPN).

  • A valid account name only.

    We recommend that you not use a valid account name, only because resolving an account name that is not accompanied by a domain name requires additional processing.

  • Any other value: AD LDS returns the error message "Invalid user specified in ServiceAccount."

Default behavior

  • This instance of AD LDS runs under the Network Service account.

AddPermissionsToServiceAccount

Valid for all installations.

Optional.

Possible values

  • Yes: AD LDS setup attempts to add the logon as a service right to the account that you specify as the service account.

  • Any other value: AD LDS setup does not attempt to add the logon as a service right to the account that you specify as the service account.

Default behavior

  • AD LDS setup does not attempt to add the logon as a service right to the account that you specify as the service account.

ServicePassword

Valid for all installations.

Required, unless ServiceAccount is the Network Service account.

Possible values

  • Any string of characters, including an empty string ("").

Default behavior

  • If ServiceAccount is the Network Service account, AD LDS does nothing. Otherwise, it returns the error message "No password specified in ServicePassword."

Administrator

Valid for all installations.

Optional.

Possible values

  • A valid DNS domain name, followed by a backslash, and then the account name.

    Do not specify built-in groups or built-in accounts, such as DOMAIN\Administrators. Instead, if you want to specify a group, specify a domain group, such as domainname\Domain Admins, where domainname represents the name of your domain.

  • A valid NetBIOS domain name, followed by a backslash, and then the account name.

  • A valid user principal name (UPN).

  • A valid account name only.

    We recommend that you not use a valid account name, only because resolving an account name that is not accompanied by a domain name requires additional processing.

  • Any other value: AD LDS returns the error message "Invalid user specified in Administrator."

Default behavior

  • The currently logged on user has administrator permissions on this instance of AD LDS.

ShowInAddRemovePrograms

Valid for all installations.

Optional.

Possible values

  • Show: Lists the AD LDS instance in Add or Remove Programs in Control Panel.

  • Hide: Does not list the AD LDS instance in Add or Remove Programs.

Default behavior

  • Add or Remove Programs includes the installed AD LDS instance.

ImportLDIFFiles

Possible values

  • The optional .ldf files that you want to import into the AD LDS schema: ms-User.ldf, ms-InetOrgPerson.ldf, ms-UserProxy.ldf, and ms-azman.ldf.

    The file names must be enclosed in double quotation marks that are separated by a space (" ").

Default behavior

  • AD LDS imports none of the optional .ldf files.

SourceUserName

SourcePassword

Valid for replica installations.

Optional.

Possible values

  • The user name and password of an account that has administrative rights for an existing configuration set.

    Use these parameters when you install a replica that you want to join to the configuration set.

Default behavior

  • AD LDS joins the replica to the configuration set by using the credentials of the logged on user.

AD LDS uses the following registry key to return error codes and messages to the caller when you install or uninstall AD LDS: HKLM\Software\Microsoft\Windows\CurrentVersion\ADAM_Installer_Results

AD LDS setup creates this registry key and associated values only if errors or warnings occur. The following table shows values for this registry key.

Key Contents

ADAMInstallErrorCode

The numeric error code that caused the installer to fail

ADAMInstallErrorMessage

A message that is associated with the install error code

ADAMInstallWarnings

Messages that are associated with the install warnings

ADAMUninstallErrorCode

The numeric error code that caused the uninstall to fail

ADAMUninstallErrorMessage

A message that is associated with the uninstall error code

ADAMUninstallWarnings

Messages that are associated with the uninstall warnings