The DCPROMO console utility is used on Windows Server to install the ADDS (Active Directory Domain Services) role, promoting a member server to the AD domain controller or demoting it.
dcpromo /unattend[:filename] /adv /uninstallBinaries /CreateDCAccount /UseExistingAccount:Attach [:{Promotion | CreateDcAccount | UseExistingAccount | Demotion}] /?:Promotion, /?:CreateDCAccount, /?:UseExistingAccount, and /?:Demotion
Dcpromo Command Line Arguments:
| /unattend[:filename] | Used to specify the unattended AD installation mode and path to the script file. |
| /adv | Enables advanced user options. |
| /uninstallBinaries | Used to uninstall Active Directory Domain Services binaries from current server. |
| /CreateDCAccount | Creates an RODC (Read-only Domain Controller) account. |
| /UseExistingAccount:Attach | Attaches the current server to the RODC account. |
| /forceRemoval | Uninstalls Active Directory Services on this domain controller. The account for the domain controller will not be deleted in the directory, and changes that have occurred on this domain controller since it last replicated with a partner will be lost. |
| [:{Promotion | CreateDcAccount | UseExistingAccount | Demotion}] /?:Promotion, /?:CreateDCAccount, /?:UseExistingAccount, and /?:Demotion | Displays the unattended parameters applicable to the specified task. /CreateDCAccount and /UseExistingAccount:Attach are mutually exclusive. |
You can use the dcpromo tool for unattended installation of the first DC on the non-domain joined Windows Server. Create a new text file c:\dcpromo_unattend.txt with the following text.
[DCInstall] ReplicaOrNewDomain=Domain NewDomain=Forest NewDomainDNSName=theitbros.com ForestLevel=3 DomainNetbiosName= theitbros DomainLevel=3 InstallDNS=Yes ConfirmGc=Yes CreateDNSDelegation=No DatabasePath="C:\Windows\NTDS" LogPath="C:\Windows\NTDS" SYSVOLPath="C:\Windows\SYSVOL" SafeModeAdminPassword=Pa##w0rd11s RebootOnCompletion=Yes
Open the elevated command prompt and run the following command to promote current server to the first domain controller in a new domain forest theitbros.com.
dcpromo.exe /unattend:C:\dcpromo_unattend.txt
After the script finishes, you will get a fully functional domain controller with the ADDS role installed.
With the dcpromo /forceremoval command, you can demote the domain controller to the member server. If one of the FSMO roles is found on the domain controller, you will be asked to transfer it to another DC first. If this server is a Global catalog, a warning will also appeared.
Dcpromo was used to promote member servers to the domain controllers in Windows Server 2000, 2003, 2008, 2008 R2, however, starting with Windows Server 2012 and newer, the Dcpromo command has been deprecated.
When you try to run the dcpromo command on Windows Server 2012 R2, a warning will appear:
The Active Directory Services installation Wizard is relocated in Server Manager.
Thus, in Windows Server 2012 R2, 2016 and 2019, you can promote the Windows Server to the domain controller using the Server Manager or ADDSDeployment PowerShell module (which actually runs in the wizard “Promote this server to a domain controller” during installing the ADDS role when you specify the settings for the new DC.
To install the new DC using the ADDSDeployment module, you can use the following PowerShell script:
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools Import-Module ADDSDeployment Install-ADDSDomainController ` -NoGlobalCatalog:$false ` -CreateDnsDelegation:$false ` -CriticalReplicationOnly:$false ` -DatabasePath “C:\Windows\NTDS” ` -DomainName “theitbros.com” ` -InstallDns:$true ` -LogPath “C:\Windows\NTDS” ` -NoRebootOnCompletion:$false ` -SiteName “Default-First-Site-Name” ` -SysvolPath “C:\Windows\SYSVOL” ` -Force:$true
However, the dcpromo /unattend command can be used in different scripts to automatically configure a new DC on Windows Server Core (it contains no GUI).
- Installing Active Directory Users and Computers (ADUC) Snap-in on Windows 11/10 - October 5, 2022
- How to Enable Root Login on Ubuntu? - October 1, 2022
- Fix: StartTLS is Required to Send Email - October 1, 2022
