DCPROMO Advanced Mode, what does it do?

In the past 11 years, Microsoft has released four versions of Windows Server on which you could install Active Directory. On all these platforms, Microsoft offered two ways to promote a server to a Domain Controller.

In this blogpost I’ll reveal the differences between the advanced mode and normal mode for dcpromo.exe for the Windows Server 2003 family and the Windows Server 2008 family. I’ll also cover the differences between using the Configure your Server wizard and dcpromo.exe on Windows 2000 Server.

 

Windows 2000 Server

Active Directory was introduced in Windows 2000 Server. Overshadowing User and Computer management from the Windows NT era, Active Directory introduced totally new concepts. To make the promotion of a Domain Controller not too daunting, Microsoft shipped two ways to accomplish this:

Configure your Server wizard

The Configure Your Server wizard is a special wizard, that you can use to transform a vanilla Windows 2000 Server into a Domain Controller. Since, at installation you already need to provide a keyboard lay-out, computer name and time zone, you can use the wizard to assign a static IPv4 address and install Active Directory Domain Services on it.

One important thing to note is that the Configure Your Server wizard can only be used to create a new Domain Controller for a new domain in a new forest, and many options have gone missing. You will need to provide a DNS domain name and NetBIOS domain name, but you cannot specify the location of Active Directory logs, the Active Directory database or the System Volume (SYSVOL). Also, the wizard assumes you’re OK with a blank Directory Services Restore Mode password.

A blank Directory Services Restore Mode password is a serious security issue, since anyone with physical access to the Domain Controller can boot it into Directory Services Restore Mode and press Enter as the password. It’s better to use dcpromo.exe to promote a server to a Domain Controller.

Dcpromo.exe

Of course, Windows 2000 Server came with dcpromo.exe. An admin could use it to promote a server to a Domain Controller. In Windows 2000 Server, dcpromo.exe is only available in one mode.

 

Windows Server 2003 & 2003 R2

In Windows Server 2003, both normal mode and advanced mode for dcpromo.exe are available, but if you want to access the advanced mode you will need to resort to the commandline. Where firing up dcpromo.exe will present you with the normal mode, you will have to run dcpromo.exe /adv to enter advanced mode.

New Domain Controller for a new forest

Why any Active Directory admin would choose the advanced mode to promote a server to a Domain Controller for a new domain in a new forest is beyond me. There is no difference between these two modes in this scenario.

Also, in both modes you can choose to implement a Domain Controller for a new domain, a new child domain in an existing domain tree or a new domain tree in an existing forest.

New Domain Controller for an existing domain/forest

One difference between advanced mode and normal mode can be found when you add a server as a Domain Controller for an existing domain or as a Domain Controller for a new domain in an existing forest. In this case you’ll be presented with the following screen:

image

In advanced mode you can use the Install from Media (IfM) option. You can create media by making System State Backups for an existing Domain Controller in the same domain as where you want to deploy the additional Domain Controller.

 

Windows Server 2008 & 2008 R2

In Windows Server 2008 R2, after installing the Active Directory Domain Services role, you can run dcpromo.exe. On the Welcome screen you are immediately presented with the option to Use advanced mode installation.

Dcpromo2008R2AdvSelect

New Domain Controller for a new forest

When you promote the server to a new Domain Controller for a new forest, using Advanced mode, only offers you one additional screen, compared to the standard mode. This screen (as depicted below) offers to enter the NetBIOS Name for the domain.

Dcpromo2008R2AdvNetBIOS

By default, the value depicted in the field Domain NetBIOS name would be the part of the DNS domain name that distinguishes the domain from the domain structure. In the screen you have the option to change the NetBIOS name for the domain. One of the reasons why you would want to do that, would be to change the name depicted in the logon screen of Windows clients like Windows 2000 Professional and Windows XP Professional.

New Domain Controller for an existing domain/forest

When you look at the advanced mode options when you add the server as a Domain Controller for an existing forest, a lot more options emerge.

DCpromo2008R2NewDomainInForest

First, in the Choose a Deployment Configuration screen, an extra option emerges, that allows for deployment of a Domain Controller for a new domain tree root instead of a new child domain. This allows you to create a pokkiewokkie.local domain in the same forest as the hakkietakkie.local domain and its child domains, like korea.hakkietakkie.local and china.hakkietakkie.local. (these domain names are purely fictional)

DCpromo2008R2InstallFromMedia

The next difference between normal and advanced mode dcpromo is the ability to Install from Media (IfM) in the advanced mode. When you create an IfM-package on a Domain Controller (of the same type as you’re installing), you can use that package to limit replication of Active Directory data. You can create IfM packages, including the information in the System Volume using ntdsutil.exe,  as described here. Using IfM is useful when you want to deploy a Domain Controller in a remote site with limited (available) bandwidth.

DCpromo2008R2SourceDC

Last, but certainly not least is the ability to specify a Source Domain Controller to use for replication during the promotion of the Domain Controller. While by default dcpromo.exe would find a suitable replication partner using the Active Directory topology, you could use this option if you want to avoid additional load on critical Domain Controllers or to specify a Domain Controller in times when replication is not working adequately.

 

Concluding

This post clearly shows the evolution of the Domain Controller promotion process since Windows 2000 Server. Through the years, Microsoft has laid down the groundwork in terms of knowledge and readiness among admins, and has hidden a lot of new features in a more advanced but more daunting ‘advanced mode’ for Active Directory professionals..

DCPromoOverview

After reading this blogpost, you’ll know whether to use advanced mode to accomplish your goals or just to make yourself feel like a big shot Active Directory administrator.

2 Responses to DCPROMO Advanced Mode, what does it do?

  1.  

    good for learning and very much useful.

  2.  

    Thanks!
    You have helped a lot with your valuable information.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.