As I’ve mentioned in my overview post, earlier today, one of the new features of Windows Server 2012 is a new Domain Controller Promotion Tool. In this blogpost I’ll dive a little deeper on this statement.
The following topics will be covered:
- What’s New
- Installing the Active Directory Domain Services role
- Promoting the stand-alone server to a Domain Controller in the GUI
- Promoting the stand-alone server to a Domain Controller using PowerShell
Anyone who ever promoted a server to a Domain Controller, knows dcpromo.exe. This command line tool could be used to start the Graphical User Interface (GUI) to begin Active Directory Domain Controller promotion. Also, when used on the command line, it could be used with a couple of command line switches:
- Introduced in Windows Server 2003, the /adv switch provides access to the Advanced Mode installation mode of Active Directory Domain Controller promotion. In Windows Server 2008 and Windows Server 2008 R2, the Advanced Mode was also available from the GUI, eliminating the need for this switch.
- The /unattend switch could be used to construct dcpromo.exe oneliners to script the complete Active Directory Domain Controller promotion process.
- The /answer switch instructs dcpromo.exe to look at a Active Directory Domain Controller promotion answer file.
As Windows Server moves to PowerShell, dcpromo.exe bites the dust, along with all its clunky command line switches. Dcpromo.exe isn’t completely gone though. You can still run it, but when you run it without any command line switches it only displays the following error:
The Active Directory Domain Services Installation Wizard is relocated in
Server Manager For more information, see
Above, the text is shown, in stead of the error message, for your convenience. This allows you to click the link directly, as this is not possible from the error message…
The new Domain Controller Promotion Tool is, of course, based on PowerShell under the hood. The GUI part of the New Domain Controller Promotion tool is based on MUX and available through the Server Manager after you install the Active Directory Domain Services role.
In contrast to Windows Server 2008 and Windows Server 2008 R2, where runing DCPromo.exe would check for and install the Active Directory Domain Services role, you need to install it manually from Windows Server 2012 onwards.
Installing the Active Directory Domain Services role
The first step to promote a server to a Domain Controller is to install the Active Directory Domain Services Server Role. While this step was already available in Windows Server 2008 and Windows Server 2008 R2, you could skip the step by simply running dcpromo.exe. In Windows Server 2012 you will need to complete this step when you want to promote a server to a Domain Controller in the Graphical User Interface (GUI).
Please supply the server with a meaningful NetBIOS hostname, at least one static IP address, configure the time zone and connect at least one network interface, before proceeding to promote a server to a Domain Controller.
The Active Directory Domain Services Server Role can be installed on Windows Server 2012 using the following steps:
- Open Server Manager (by clicking its shortcut pinned to the taskbar or running servermanager.exe manually)
- In the left pane of Server Manager, navigate to Local Server
- On the grey task bar on the top click Manage.
- Select Add or remove Server Roles and Features. This will fire up the Add Roles and Features Wizard, which will guide you through the process.
- Click Next > in the Before you begin screen.
- Select Role based or feature-based installation in the Select installation type screen and click Next >.
- Select the server(s) from the server pool list in the Select destination server screen and click Next > when done.
- In the list with Server Roles, check the radio button to the right of Active Directory Domain Services.A pop-up screen will notify you a couple of features will also be installed:Simply click Add Features. Now, back in the Select server roles, click Next >.
- Click Next > again underneath the Select Features list.
- Click Next > when you’re done reading the introduction to Active Directory Domain Services.
- In the Confirm installation selections screen, click Install. Do not bother to check the box next to Restart the server automatically if required, since installing the Active Directory Domain Services role does not require a reboot.Note:
At the bottom of the Confirm installation selections screen, two more options exist:
- Export configuration settings
This option allows you to save a DeploymentConfigTemplate.xml in a location of your choice.
- Specify an alternate source path
This option can be used to locate the files necessary for installation on servers that have been stripped from them. The pop-up that appears when you click the option is pretty self-explanatory.
- Export configuration settings
- Click Install.
- When the wizard is done installing, click Close.
The Active Directory Domain Services role and a couple of neat accompanying Features have been installed to your server.
At this stage, the server is not a Domain Controller. It’s merely a server with the Active Directory Domain Services Role installed.
Promoting the stand-alone server to a Domain Controller in the GUI
The Active Directory Domain Services Server Role is not configured at this point. The Role actually needs attention. You can still not run dcpromo.exe at this point, but you can use the Server Manager to configure the role. Perform one of these action to promote your stand-alone server to a Domain Controller in the Graphical User Interface (GUI):
- In the left pane select the AD DS pane and click the yellow ribbon titled Configuration required for Active Directory Domain Services at server. at the right end where it says more…. In the All Servers Task Details and Notifications, click the link Promote this server to a domain controller.
- In the grey task pane on the top of Server Manager right click to open the Notification Area (the yellow exclamation sign) and click the Promote this server to a domain controller link.
In the screenshot below, both options are captured in one view:
After clicking the link, the Active Directory Domain Services Configuration Wizard starts:
In the Deployment Configuration screen the default choice is to Add a domain controller to an existing domain, since this is the most common deployment configuration. Since this is the first Domain Controller for new domain, we choose the Add a new forest option. This automatically triggers a next set of configuration-based fields to come into play.
When in doubt on what option to pick here, click the More about deployment configurations link at the bottom of the page. This will open a web page.
Click Next > when you’ve made you choices.
In all the other screens make the appropriate choices for your environment and skip through the screens using the Next > button.
In the Review Options screen, review your choices:
Use the < Previous button to make corrections, use the View Script button to view the corresponding PowerShell script or simply click Next > to advance to the Prerequisites Check:
When all prerequisite checks pass successfully, click the Install button to promote the server to a Domain Controller.
Using a script is the only way to promote a server to a domain controller without forcing a reboot. This option was removed from the Graphical User Interface.
Promoting the stand-alone server to a Domain Controller using PowerShell
If you’d rather use PowerShell to promote the stand-alone server to a Domain Controller, you can use the following command:
Install-ADDSForest -CreateDNSDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainMode "Win2012" -DomainName "domain.local" -DomainNetBIOSName "DOMAIN" -ForestMode "Win2012" -InstallDNS:$true -LogPath "C:\Windows\NTDS" –NoRebootOnCompletion:$false -SYSVOLPath "C:\Windows\SYSVOL" -Force:$true
The Import-Module command to allow the cmdlets from the ADDSDeployment module to run, is no longer needed in PowerShell 3. Therefore, the command Import-Module ADDSDeployment was not shown above.
Using a script is the only way to promote a server to a domain controller on Server Core installations of Windows Server 2012.
When you run this command, only one question remains to be answered. You will be prompted for a Directory Services Restore Mode (DSRM) password:
Alternatively you can use the –SafeModeAdministratorPassword switch to supply it, although it requires some thought when you want to use unicode characters in your password.
Don’t be alarmed by the (yellow) warnings in the Prerequisites Check phase of the promotion. As long as they’re not red, you’re fine…
In Windows Server 2012 you will no longer use dcpromo.exe to promote a server to a Domain Controller. The possibility to circumvent the correct installation of the Active Directory Domain Services role has also gone. Server Manager and PowerShell now offer great new ways to promote a server to a Domain Controller with added bonuses, like remote promotion.
DCPROMO Advanced Mode, what does it do?
How to Remotely Promote Server Core to a Read Only Domain Controller (RODC)
How to install a Server Core R2 Domain Controller
Windows Server 2012: Goodbye dcpromo !
New in Windows Server 2012 – Part 5: Active Directory
Promote Windows Server 2012 to Domain Controller, step-by-step
Windows Server 8 – DCPromo? Install domain Controller using the Command Line.
Dcpromo on Windows Server 8 beta
Windows Server 8 Beta – Installing the first DC in a Forest on Server Core
DCPROMO of Windows 8 running on vSphere 5 U1
Install Active Directory Services in Windows Server 8 Beta
Windows 8 Server – Remote DCPROMO and Deployment
Add Windows Server 2012 as a Domain Controller