If you would like to promote a Windows 2008 server core o/s to a RODC but the server is at a remote location, you can run into multiple road blocks. Firewall ports need to be opened, remote management needs to be enabled plus you need configuration information configured. The following text should help assist you in building this remote installation.
By default Server core has the firewall enabled. To open up the ports on the Firewall requires either setting up group policy if a domain machine or logging locally and configuring. By default, when a server role is installed, the correct ports are automatically configured to allow the role to function as well as to allow remote management, so no additional work is required.
Configuring the firewall:
To open the firewall for remote management, as a local admin from a command prompt on server core, key in the following:
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes
Enabling Remote Management:
To enable remote management via the Remote Shell, as a local admin from a command prompt on server core key in the following:
If you want to run this on a secure channel you can open an HTTPS listener, as a local admin from a command prompt on server core key in the following:
winrm quickconfig -transport:https
Installing the DNS role:
To install DNS, from a command prompt on the remote workstation key in the following (Be sure to replace servercore = Remotely Managed Server):
Winrs -r:servercore start /w ocsetup DNS-Server-Core-Role
Promoting to an RODC: (Performing a Staged RODC Installation)
Start by pre-creating the server account (From Microsoft’s pre-staged deployment):
Save the text below and execute the following command to pre-create the RODC account (Note: Be sure to replace DomainName with your Domain Name)
dcpromo.exe /CreateDCAccount /ReplicaDomainDNSName:DomainName.com /unattend:\\longhorn\netlogon\precreate.txt
The next line is the start of pre-create RODC unattended text file
; DCPROMO unattend file ; Usage: ; dcpromo.exe /CreateDCAccount /ReplicaDomainDNSName:pbbergs.com /unattend:\\longhorn\netlogon\precreate.txt ; [DCInstall] ; Read-Only Replica DC promotion (stage 1) DCAccountName=servercore ; RODC Password Replication Policy PasswordReplicationDenied="BUILTIN\Administrators" PasswordReplicationDenied="BUILTIN\Server Operators" PasswordReplicationDenied="BUILTIN\Backup Operators" PasswordReplicationDenied="BUILTIN\Account Operators" PasswordReplicationDenied="PBBERGS\Denied RODC Password Replication Group" PasswordReplicationAllowed="PBBERGS\Allowed RODC Password Replication Group" SiteName=Default-First-Site-Name InstallDNS=Yes ConfirmGc=Yes ReplicationSourceDC=Longhorn.pbbergs.com
The end of the pre-create RODC unattended file
To install the Domain Services role and promote the server core to a Domain Controller, from a command prompt on the remote workstation key in the following:
Winrs -r:servercore dcpromo /unattend:c:\unattended\promote.txt
The next line is the start of the dcpromo RODC unattended text file
; DCPROMO unattend file (automatically generated by dcpromo) ; Usage: ; dcpromo.exe /unattend: \\longhorn\netlogon\answer.txt ; [DCInstall] ; ReplicaOrNewDomain=Replica ReplicationSourceDC:"pbbergs.com" InstallDNS=Yes ConfirmGc=Yes CriticalReplicationOnly=Yes DatabasePath="C:\Windows\NTDS" LogPath="C:\Windows\NTDS" SYSVOLPath="C:\Windows\SYSVOL" ; Set SafeModeAdminPassword to the correct value prior to using the unattend file SafeModeAdminPassword=pa$$w0rd ; Run-time flags (optional) RebootOnCompletion=Yes
Hopefully this article has helped you to get started, it is not trivial, and it took me multiple attempts on many steps to get it correct and working.
I would love to hear feedback on your success or problems that may have arisen in your attempt to remotely promote a server core to a RODC.