AMSS Windows Server Longhorn Active Directory Installation and Removal
Transcript of AMSS Windows Server Longhorn Active Directory Installation and Removal
Step-by-Step Guide for Windows Server "Longhorn" Beta 2 AD DS Installation and Removal
Microsoft Corporation
Published: June 2006
Program Manager: Mas Libman
User Assistance Writer: Mary Hillman
Editor: Jim Becker
Abstract
Active Directory® Domain Services (AD DS) is a server role of the Microsoft®
Windows Server® Code Name "Longhorn" operating system. AD DS provides a
distributed directory service that you can use for centralized, secure management of your
network. This guide describes the installation and removal processes for the AD DS
server role. You can use the procedures in this guide to install and remove AD DS on
servers that are running Windows Server "Longhorn" in a test lab environment.
This document supports a preliminary release of a software product that may be changed
substantially prior to final commercial release, and is the confidential and proprietary
information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure
agreement between the recipient and Microsoft. This document is provided for
informational purposes only and Microsoft makes no warranties, either express or
implied, in this document. Information in this document, including URL and other Internet
Web site references, is subject to change without notice. The entire risk of the use or the
results from the use of this document remains with the user. Unless otherwise noted, the
example companies, organizations, products, domain names, e-mail addresses, logos,
people, places, and events depicted herein are fictitious, and no association with any real
company, organization, product, domain name, e-mail address, logo, person, place, or
event is intended or should be inferred. Complying with all applicable copyright laws is
the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other
intellectual property rights covering subject matter in this document. Except as expressly
provided in any written license agreement from Microsoft, the furnishing of this document
does not give you any license to these patents, trademarks, copyrights, or other
intellectual property.
© 2006 Microsoft Corporation. All rights reserved.
Active Directory, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT,
Windows Server, and Windows Vista are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.
All other trademarks are property of their respective owners.
Contents
Step-by-Step Guide for Windows Server "Longhorn" Beta 2 AD DS Installation and
Removal......................................................................................................................... 7
In this guide.................................................................................................................... 7
What's new in AD DS installation and removal?.............................................................7
New installation options...............................................................................................8
New options in the Active Directory Domain Services Installation Wizard...............8
New unattend options..............................................................................................9
RODC option............................................................................................................9
DNS installation options...........................................................................................9
Global catalog installation options..........................................................................10
New server operating system installation options......................................................10
Full installation.......................................................................................................10
Server Core installation..........................................................................................10
Known issues for installing and removing AD DS.........................................................11
Scenarios for installing AD DS......................................................................................11
Install a new Windows Server "Longhorn" forest.......................................................12
Install a new Windows Server "Longhorn" domain in an existing
Windows 2000 Server or Windows Server 2003 forest..........................................12
Install a new Windows Server "Longhorn" domain controller in an existing
Windows 2000 Server or Windows Server 2003 domain.......................................13
Install AD DS from restored backup media................................................................14
Verify AD DS installations..........................................................................................15
Scenarios for removing AD DS.....................................................................................15
Remove a domain controller from a domain..............................................................16
Remove the last domain controller in a domain........................................................16
Remove the last domain controller in a forest...........................................................16
Requirements for AD DS installation............................................................................16
Steps for installing AD DS.............................................................................................17
Installing a new Windows Server "Longhorn" forest..................................................18
Installing a new forest by using the Windows interface..........................................18
Installing a new forest by using an answer file.......................................................19
Installing a new forest by entering unattended installation parameters at the
command line.....................................................................................................21
Importing localized display specifiers on a Server Core implementation of a new
forest..................................................................................................................22
Installing a new Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest..........................................23
Preparing the forest schema for Windows Server "Longhorn"...............................23
Installing a new Windows Server "Longhorn" domain by using the Windows
interface..............................................................................................................24
Installing a new Windows Server "Longhorn" domain unattended by using an
answer file..........................................................................................................26
Installing a new Windows Server "Longhorn" domain by entering unattended
installation parameters at the command line......................................................28
Installing a Windows Server "Longhorn" domain controller in an existing
Windows Server 2003 or Windows 2000 Server domain.......................................28
Preparing the domain for Windows Server "Longhorn"..........................................28
Installing a Windows Server "Longhorn" domain controller by using the Windows
interface..............................................................................................................29
Installing a Windows Server "Longhorn" domain controller by using an answer file
........................................................................................................................... 31
Installing a new Windows Server "Longhorn" domain controller by entering
unattended installation parameters at the command line....................................32
Installing AD DS from restored backup media...........................................................33
Verifying an AD DS installation..................................................................................35
Steps for removing AD DS............................................................................................35
Removing a Windows Server "Longhorn" domain controller from a domain.............36
Removing a Windows Server "Longhorn" domain controller by using the Windows
interface..............................................................................................................36
Removing a Windows Server "Longhorn" domain controller by using an answer file
........................................................................................................................... 37
Removing a Windows Server "Longhorn" domain controller by entering unattended
installation parameters at the command line......................................................38
Removing AD DS binaries.....................................................................................38
Removing the last Windows Server "Longhorn" domain controller in a domain........38
Removing the last Windows Server "Longhorn" domain controller in a domain by
using the Windows interface...............................................................................39
Removing the last Windows Server "Longhorn" domain controller in a domain by
using an answer file............................................................................................40
Removing the last Windows Server "Longhorn" domain controller in a domain by
entering unattended installation parameters at the command line......................41
Removing the last Windows Server "Longhorn" domain controller in a forest...........41
Removing the last Windows Server "Longhorn" domain controller in a forest by
using the Windows interface...............................................................................41
Removing the last Windows Server "Longhorn" domain controller in a forest by
using an answer file............................................................................................43
Removing the last Windows Server "Longhorn" domain controller in a forest by
entering unattended installation parameters at the command line......................43
Appendix of unattended installation parameters...........................................................43
Unattended general options......................................................................................44
Unattended install options.........................................................................................44
Unattended uninstall options.....................................................................................53
Unattended installation return codes.........................................................................54
Success return codes............................................................................................55
Failure return codes...............................................................................................55
Logging bugs and feedback..........................................................................................63
Step-by-Step Guide for Windows Server "Longhorn" Beta 2 AD DS Installation and Removal
Active Directory® Domain Services (AD DS) is a server role of the Microsoft®
Windows Server® Code Name "Longhorn" operating system. AD DS provides a
distributed directory service that you can use for centralized, secure management of your
network.
This guide describes the installation and removal processes for the AD DS server role.
You can use the procedures in this guide to install and remove AD DS on servers that are
running Windows Server "Longhorn" in a test lab environment.
In this guide What's new in AD DS installation and removal?
Known issues for installing and removing AD DS
Key scenarios for installing AD DS
Key scenarios for removing AD DS
Requirements for AD DS installation
Steps for installing AD DS
Steps for removing AD DS
Appendix of unattend parameters
What's new in AD DS installation and removal?AD DS has the following new options in Windows Server "Longhorn":
AD DS installation options
Server operating system installation options
Read-only domain controller (RODC) option
9
Domain Name System (DNS) installation options
Global catalog installation options
New installation options
When you install AD DS, you have several new options in Windows Server "Longhorn",
both in the Active Directory Domain Services Installation Wizard and when you perform
an unattended installation at the command line.
The new AD DS installation options are as follows:
You can specify the following domain controller options:
DNS server: In the Microsoft Windows Server® 2003 operating system, DNS
server installation is offered, if needed. In Windows Server "Longhorn", DNS
installation and configuration is automatic, if needed. When you install DNS on
the first domain controller in a new domain in Windows Server "Longhorn", a
delegation for the new domain is created automatically in DNS.
Global catalog server: As in Windows Server 2003, installing a domain controller
as a global catalog server is not an installation option in the Windows interface.
RODC: This domain controller option is new in Windows Server "Longhorn". It is
available when you add a domain controller in an existing domain. The first
domain controller in the forest or domain cannot be an RODC.
You can specify the site of a new domain controller or use the site that corresponds
to the IP address of the computer.
New options in the Active Directory Domain Services Installation Wizard
You can use the Active Directory Domain Services Installation Wizard to add the AD DS
server role interactively.
The wizard has the following new options:
You can access the Active Directory Domain Services Installation Wizard in new
ways, as follows:
You can click Add Roles in Initial Configuration Tasks, the application that
appears when you first install the operating system.
You can click Add Roles in Server Manager, which is always available on the
Administrative Tools menu and through an icon in the notification area.
10
The advanced installation mode is available in the Active Directory Domain Services
Installation Wizard; you do not have to run dcpromo /adv.
The option to create a new domain tree is available only in advanced mode.
New unattend options
New options for running unattended installation of AD DS are available in
Windows Server "Longhorn". Unlike unattended installation in Windows Server 2003,
unattended installation in Windows Server "Longhorn" does not require a response to any
user interface (UI) prompt, such as to restart the domain controller, which makes the
process truly "unattended."
During an unattended operation, a return code is used to indicate whether or not the
operation was successful.
For a list of all return codes and unattend options for Windows Server "Longhorn",
including allowed values, default values, and descriptions, see the Appendix of
unattended installation parameters.
RODC option
A new type of domain controller can be installed on servers that are running
Windows Server "Longhorn" Beta 2. RODC hosts a read-only replica of the AD DS
database. RODC makes it possible for organizations to deploy a domain controller easily
in remote locations where its physical security cannot be guaranteed.
For information about using RODC, see the Step-by-Step Guide for Planning, Deploying,
and Using a Windows Server "Longhorn" Beta 2 Read-only Domain Controller in this
documentation set.
DNS installation options
The option to install DNS is available, depending on your installation selections and DNS
conditions on the network. In scenarios where DNS is required, the option is not
available, and DNS is installed automatically.
When you select the DNS option or when DNS is installed automatically, DNS creates a
new delegation, or it updates existing delegations for the server automatically.
11
Global catalog installation options
In Windows Server "Longhorn", the global catalog server option is available for all
installations other than the first domain controller in the forest, which must be a global
catalog server. In Windows Server "Longhorn" Beta 2, the global catalog server option is
not compatible with RODCs. However, RODCs will be capable of hosting the global
catalog in future releases of Windows Server "Longhorn".
Global catalog server is the default domain controller option when you are adding a new
domain controller in an existing domain.
New server operating system installation options
Windows Server "Longhorn" provides a new minimal server installation option, called
Server Core installation, in addition to the Full installation option.
Full installation
For ease of management, you can install AD DS on a server that is running the Full
installation of Windows Server "Longhorn". A Full installation of Windows Server
"Longhorn" supports both interactive (wizard) and unattended domain controller
installation.
Server Core installation
A Server Core installation provides a minimal environment for running specific server
roles, which reduces servicing and management requirements and the attack surface for
those server roles. To install AD DS on a Server Core installation of Windows Server
"Longhorn", perform an unattended installation. Server Core installations do not provide
any graphical UI (GUI). They must be managed solely from the command line. A Server
Core installation supports the following server roles:
AD DS
DHCP server
File server
DNS server
For more information about Server Core installations, see Microsoft Windows Server
Code Name "Longhorn" Beta 2 Server Core Step-By-Step Guide in this documentation
set.
12
Known issues for installing and removing AD DSThe following issues affect Beta 2 versions of Windows Server "Longhorn":
When you create a new Windows Server "Longhorn" forest on a Server Core
installation, non-English display specifiers are not installed automatically. You must
import display specifiers manually.
Starting a new domain at, or raising an existing domain to, the Windows Server
"Longhorn" domain level might result in SYSVOL not being replicated. Issues with
migrating from File Replication service (FRS) replication to Distributed File Service
(DFS) Replication will be resolved in subsequent Windows Server "Longhorn"
versions.
When you remove the AD DS server role, the role binaries are not removed
automatically. After you remove AD DS and restart the server, you must remove
AD DS binaries manually.
You cannot create a child domain or additional domain controller with a Japanese
domain name.
You cannot install DNS during installation of an additional domain controller when a
Unicode DNS name is used.
When a domain name includes Unicode or double-byte characters, domain
controllers hosting that domain cannot be located by DNS clients.
For known issues that apply when you deploy an RODC, see the Step-by-Step Guide for
Planning, Deploying, and Using a Windows Server "Longhorn" Beta 2 Read-only Domain
Controller in this documentation set.
Scenarios for installing AD DSThe following AD DS installation scenarios are available in Windows Server "Longhorn":
Install a new Windows Server "Longhorn" forest
Install a new Windows Server "Longhorn" domain in an existing
Windows 2000 Server or Windows Server 2003 forest
Install a new Windows Server "Longhorn" domain controller in an existing
Windows 2000 Server or Windows Server 2003 domain
Install AD DS from restored backup media
13
Verify domain controller installations
Install a new Windows Server "Longhorn" forest
When you install AD DS to create the first domain controller in a new Windows Server
"Longhorn" forest, be aware of the following considerations:
You must make forest and domain functional level decisions that determine whether
your forest and domain can contain domain controllers that run Microsoft
Windows® 2000 Server, Windows Server 2003, or both.
Important
Multiple–domain controller domains that are created at, or raised to, the
Windows Server "Longhorn" functional level are not supported in
Windows Server "Longhorn" Beta 2. As a result of issues with migration from
FRS replication to DFS Replication in Windows Server "Longhorn" Beta 2,
SYSVOL might not replicate properly at the Windows Server "Longhorn"
domain functional level. This condition can prevent a new domain controller
that is added subsequently from advertising itself as a domain controller.
Domain controllers that are running the Microsoft Windows NT® Server 4.0 operating
system are not supported with Windows Server "Longhorn".
Servers running Windows NT Server 4.0 are not supported by domain controllers that
are running Windows Server "Longhorn".
The first Windows Server "Longhorn" domain controller in a forest cannot be an
RODC.
Install a new Windows Server "Longhorn" domain in an existing Windows 2000 Server or Windows Server 2003 forest
When you install AD DS to create the first domain controller in a new Windows Server
"Longhorn" domain, be aware of the following considerations:
Before you create a new Windows Server "Longhorn" domain in a
Windows 2000 Server or Windows Server 2003 forest, you must prepare the forest
for Windows Server "Longhorn" by extending the schema (that is, by running
adprep /forestprep).
14
You must make domain functional level decisions that determine whether your
domain can contain domain controllers that run Windows 2000 Server,
Windows Server 2003, or both.
Important
Multiple–domain controller domains that are created at, or raised to, the
Windows Server Longhorn domain functional level are not supported in
Windows Server "Longhorn" Beta 2. As a result of issues with migration from
FRS replication to DFS Replication in Windows Server "Longhorn" Beta 2,
SYSVOL might not replicate properly at the Windows Server "Longhorn"
domain functional level. This condition can prevent a new domain controller
that is added subsequently from advertising itself as a domain controller.
Windows Server "Longhorn" security principals are not created until the primary domain
controller (PDC) operations master in the forest root domain is running Windows Server
"Longhorn". This requirement is similar to the Windows Server 2003 requirement.
For procedures to install a new domain, see Installing a new Windows Server "Longhorn"
domain in an existing Windows Server 2003 or Windows 2000 Server forest .
Install a new Windows Server "Longhorn" domain controller in an existing Windows 2000 Server or Windows Server 2003 domain
When you install a new Windows Server "Longhorn" domain controller in an existing
Windows 2000 Server or Windows Server 2003 domain, be aware of the following
considerations:
If this domain controller is the first Windows Server "Longhorn" domain controller in
the forest, you must prepare the forest for Windows Server "Longhorn" by extending
the schema (that is, by running adprep /forestprep), on the schema master if this
has not already been done.
If this domain controller is the first Windows Server "Longhorn" domain controller in a
Windows 2000 Server domain, you must prepare the domain by running adprep
/domainprep /gpprep on the infrastructure master.
If this domain controller is the first Windows Server "Longhorn" domain controller in a
Windows Server 2003 domain, you must prepare the domain by running adprep
/domainprep on the infrastructure master.
15
Note
If you prepare a Windows Server 2003 domain by running adprep
/domainprep /gpprep, you can safely disregard the error message that
indicates that domain updates were not necessary.
The first Windows Server "Longhorn" domain controller in an existing
Windows 2000 Server or Windows Server 2003 domain cannot be created as an
RODC. After a Windows Server "Longhorn" domain controller exists in the domain,
subsequent Windows Server "Longhorn" domain controllers can be created as
RODCs. The forest and domain functional level of Windows Server 2003 is required
for creating an RODC.
Note
Do not add an additional Windows Server "Longhorn" domain controller if the
forest or domain functional level is Windows Server "Longhorn". For
Windows Server "Longhorn" Beta 2, the Windows Server "Longhorn"
functional level is not supported for a domain that has multiple domain
controllers.
If you are installing the first RODC in the forest, you must prepare the forest by
running adprep /rodcprep. For more information, see the Step-by-Step Guide for
Planning, Using, and Deploying a Windows Server "Longhorn" Beta 2 Read-Only
Domain Controller in this documentation set.
For the Windows Server "Longhorn" Beta 2 release, changing the domain functional
level to Windows Server "Longhorn" in a pre-existing Windows 2000 Server or
Windows Server 2003 domain after upgrading all domain controllers to
Windows Server "Longhorn" Beta 2 is not supported.
After you have prepared the forest and the domain, you can install AD DS to create a
new Windows Server "Longhorn" domain controller. Use Server Manager to install the
Active Directory Domain Services server role.
For procedures to install a new domain controller, see Installing a Windows Server
"Longhorn" domain controller in an existing Windows Server 2003 or Windows 2000
Server domain.
Install AD DS from restored backup media
As with Windows Server 2003, you can use restored backup media to minimize
replication traffic during AD DS installation on a server that is running Windows Server
"Longhorn". You can use this installation method to install a new domain controller in an
existing domain. The installation media that you use must be prepared from the same
16
type of domain controller that you are installing. The following aspects of the domain
controller source and target must be identical:
Domain controller option: Writeable or read-only
Operating system: Windows 2000 Server, Windows Server 2003, or Windows Server
"Longhorn"
Platform: x86, IA64, or x64
A Server Core installation can be the source for installing a new domain controller on a
Full installation of Windows Server "Longhorn".
Note
For Windows Server "Longhorn" Beta 2, you cannot use restored backup media
to install AD DS on a Server Core installation of Windows Server "Longhorn".
For information about creating the backup media, see the Step-by-Step Guide for
Windows Server "Longhorn" Beta 2 Active Directory Domain Services Backup and
Recovery in this documentation set.
For the procedure to install a new domain controller by using backup media, see
Installing AD DS from restored backup media .
Verify AD DS installations
You can perform verification steps after you install a domain controller, including the
following:
Check the directory service event log for errors.
Make sure that the SYSVOL folder is accessible to clients.
Verify DNS functionality.
Verify replication.
Scenarios for removing AD DSYou can remove the AD DS server role by using the Active Directory Domain Services
Installation Wizard or by performing an unattended removal. Server Core installations are
always removed through an unattended removal.
Unattended options provide the ability to remove AD DS without having to provide any
information other than the information that is contained in the answer file. For information
17
about unattended AD DS removal return codes, see the Appendix of unattended
installation parameters.
Although processes for removing AD DS are essentially unchanged from
Windows Server 2003, they are included here for completeness. For more information
about removing domain controllers, domains, and forests, including forced removal, see
Administering Domain Controllers (http://go.microsoft.com/fwlink/?LinkId=68642).
Remove a domain controller from a domain
For procedures to remove a domain controller from an existing domain, see Removing a
Windows Server "Longhorn" domain controller from a domain.
Remove the last domain controller in a domain
For procedures to remove the last domain controller in a domain, see Removing the last
Windows Server "Longhorn" domain controller in a domain.
Remove the last domain controller in a forest
For procedures to remove the last domain controller in a forest, see Removing the last
Windows Server "Longhorn" domain controller in a forest.
Requirements for AD DS installationFor Windows Server "Longhorn" hardware requirements, see the Windows Server
"Longhorn" Beta 2 release notes.
The following software requirements apply to both Full installations and Server Core
installations:
Windows Server "Longhorn" Beta 2 operating system
Appropriate TCP/IP and DNS server addresses configured
When you use an answer file to perform an unattended installation of AD DS, a
[DCINSTALL] unattend.txt file with appropriate parameters specified. For a list of
entries for the [DCINSTALL] answer file, see Appendix of unattended installation
parameters.
Schema preparation: Before you can add AD DS to a server that is running
Windows Server "Longhorn" in a Windows Server 2003 or Windows 2000 Server
18
forest, you must update the schema on the schema operations master in the forest
by running adprep /forestprep.
Domain preparation: Before you can add AD DS to a server that is running
Windows Server "Longhorn" in a Windows Server 2003 or Windows 2000 Server
domain, you must update the infrastructure master in the domain by running
adprep /domainprep /gpprep.
RODC preparation: Before you can install AD DS to create an RODC, you must
prepare the forest by running adprep /rodcprep.
DNS infrastructure: Before you add AD DS to create a domain or forest, be sure that
a DNS infrastructure is in place on your network. When you install AD DS, you can
include DNS server installation, if needed. When you create a new domain, a DNS
delegation is created automatically during the installation process.
For information about configuring a Server Core installation, see the Microsoft Windows
Server Code Name "Longhorn" Beta 2 Server Core Step-By-Step Guide in this
documentation set.
Steps for installing AD DSThe following sections provide step-by-step instructions for installing AD DS in all
configurations, including methods for installing it on both Full Windows Server "Longhorn"
installations and Server Core Windows Server "Longhorn" installations. These sections
provide both the Windows interface and command-line methods for performing
installations.
The process for performing an unattended installation of AD DS is the same for a server
that is running a Full installation of Windows Server "Longhorn" and for a Server Core
installation of Windows Server "Longhorn". The unattended method of installation is
required for Server Core operating systems.
Procedures for installing AD DS are provided for the following scenarios:
Installing a new Windows Server "Longhorn" forest
Installing a new Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest
Installing a Windows Server "Longhorn" domain controller in an existing
Windows Server 2003 or Windows 2000 Server domain
Installing AD DS from restored backup media
Verifying AD DS installations
19
Installing a new Windows Server "Longhorn" forest
You can install a new Windows Server "Longhorn" forest by using the following methods:
Interactively, by using the Windows interface
Unattended, by using an answer file
Unattended, by entering unattend parameters at the command line
Important
If you create a new forest by installing AD DS on a Server Core installation of
Windows Server "Longhorn", you must install display specifiers manually after
AD DS installation.
Installing a new forest by using the Windows interface
The Windows interface provides wizards that step you through the AD DS installation
process.
Administrative credentials
You must be logged on as the local administrator for the computer.
To install a new forest by using the Windows interface
1. In Initial Configuration Tasks or Server Manager, click Add roles.
2. In the Add Roles Wizard, on the Before You Begin page, review the preliminary
verification steps. When you complete all the preliminary steps, click Next.
3. On the Select Server Roles page, select Active Directory Domain Services,
and then click Next.
4. On the Active Directory Domain Services page, review the introductory notes,
and then click Next to confirm your selections, or click Install to proceed with
installation.
5. On the Welcome to the Active Directory Domain Services Installation Wizard
page, click Next.
When you create the first domain controller in a new forest, there are no
additional advanced options.
6. On the Choose a Deployment Configuration page, click New forest, and then
click Next.
7. On the New Domain Name page, type the full DNS name for the forest root
20
domain, and then click Next.
8. On the Set Forest Functional Level page, select the forest functional level that
accommodates the domain controllers that you plan to install anywhere in the
forest, and then click Next.
9. On the Set Domain Functional Level page, select the domain functional level
that accommodates the domain controllers that you plan to install anywhere in
the domain, and then click Next.
10. On the Additional Options page, DNS server is selected by default so that your
forest DNS infrastructure can be created during AD DS installation. If you plan to
use Active Directory–integrated DNS, click Next. If you have an existing DNS
infrastructure and you do not want this domain controller to be a DNS server,
select DNS server to clear the check box, and then click Next.
11. On the Location for Database, Log Files and SYSVOL page, type or browse to
the volume and folder locations for the database file, the directory service log
files, and the system volume (SYSVOL) files, and then click Next.
Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.
12. On the Active Director Domain Services Restore Mode Administrator
Password page, type and confirm the restore mode password, and then click
Next. This password must be used to start AD DS in Directory Service Restore
Mode for tasks that must be performed offline.
13. On the Summary page, review your selections. Click Back to change any
selections, if necessary. When you are sure that your selections are accurate,
click Next to install AD DS.
14. When you are prompted, restart the server to complete the AD DS installation.
Installing a new forest by using an answer file
You can use the unattended method to install AD DS to create a new forest on a Full
installation of Windows Server "Longhorn" or on a Server Core installation of
Windows Server "Longhorn". To use the unattended method of installation, you must first
prepare an answer file that contains configuration values.
Use the following procedure to create the answer file. This procedure identifies only the
essential answer file entries for creating a new Windows Server "Longhorn" forest. For a
21
complete list of unattended installation options, including default values, allowed values,
and descriptions, see Unattended install options.
Administrative credentials
To perform this procedure, you can use any account that has Read and Write privileges
for the text editor application.
To create an answer file for installing a new forest
1. Open Notepad or any other text editor.
2. On the first line, type [DCINSTALL], and then press ENTER.
3. Type the following entries, one entry on each line:
AutoConfigDNS=yes
NewDomain=forest
NewDomainDNSName=<fully qualified DNS name>
DomainNetBiosName=<first label of the fully qualified DNS name, by default>
ReplicaOrNewDomain=domain
ForestLevel=<forest functional level number>
DomainLevel=<domain functional level number>
DatabasePath=<path to a folder on a local volume, surrounded by double
quotation marks>
LogPath=<path to a folder on a local volume, surrounded by double quotation
marks>
SYSVOLPath=<path to a folder on a local volume, surrounded by double
quotation marks>
SafeModeAdminPassword=<password>
RebootOnCompletion=yes
4. Save the answer file to the location on the installation server from which it is to be
called by Dcpromo, or save the file to a network shared folder or removable
media for distribution.
After you create the answer file, use the following procedure to perform the unattended
installation. Use this procedure to install AD DS on either a Full installation of
Windows Server "Longhorn" or a Server Core installation of Windows Server "Longhorn".
22
Note
If you are performing this procedure on a server that is running a Server Core
installation of Windows Server "Longhorn" Beta 2, you must also perform the
procedure in Importing localized display specifiers on a Server Core
implementation of a new forest.
Administrative credentials
You must be logged on to the server with the local administrator account.
To install a new domain controller by using an answer file
At the command prompt, type the following, and then press ENTER:
dcpromo /unattend:answerFileLocation
Installing a new forest by entering unattended installation parameters at the command line
If you have a list of the unattend options and parameter values that you want to use to
create a new forest, you can type the options and values directly into the command line
rather than using an answer file.
Use the following procedure to install a new forest unattended from the command line. If
you are performing this procedure on a server that is running a Server Core installation of
Windows Server "Longhorn" Beta 2, you must also perform the procedure in Importing
localized display specifiers on a Server Core implementation of a new forest.
Administrative credentials
You must be logged on to the server with the local administrator account.
To install a new domain controller by entering unattended installation parameters at the command line
1. At a command prompt, type the following, and then press ENTER:
dcpromo /unattend /unattendOption:value /unattendOption:value ...
Where
unattendOption is an option in the Unattend install options table. Separate
each option:value pair with a space.
value is the configuration instruction for the option
23
The following example creates the first domain controller in a new forest where
you expect to install at least some Windows Server 2003 domain controllers:
dcpromo /autoConfigDns:yes /dnsOnNetwork:yes
/replicaOrNewDomain:domain /newDomain:forest
/newDomainDnsName:contoso.com /DomainNetbiosName:contoso
/databasePath:"e:\ntds" /logPath:"e:\ntdslogs" /sysvolpath:"g:\sysvol"
/safeModeAdminPassword:FH#3573.cK /forestLevel:2 /domainLevel:2
/rebootOnCompletion:yes
2. When you have typed all the options that are required to create the forest, press
ENTER.
Importing localized display specifiers on a Server Core implementation of a new forest
For Windows Server "Longhorn" Beta 2 only, if you create a new AD DS on a computer
that is running a Server Core installation of Windows Server "Longhorn", the non-English
display specifiers are not imported automatically as they are for a new forest that is
created on a server that is running a Full installation of Windows Server "Longhorn". As a
result, some areas of the UI might appear in English instead of another language.
To correct this problem, you must manually import the display specifiers from the Server
Core domain controller from which you created the forest.
Administrative credentials
Administrator account in the forest root domain.
To import localized display specifiers on a Server Core forest root domain controller
1. Log on to the first domain controller that was created in a forest and that is
installed on a server running a Server Core installation of Windows Server
"Longhorn".
2. Open a command prompt, type the following command, and then press ENTER:
%windir%\system32\dcphelp.exe
3. Immediately after running dcphelp.exe, verify that the operation was successful
by checking the error level returned by dcphelp.exe. Type the following
command, and then press ENTER:
echo %errorlevel%
24
4. Check the returned value, and then do one of the following:
If the returned value equals 0, check %windir%\debug\csv.log to see the
import result.
If a value other than 0 is returned, check %windir%\debug\dcpromohelp.log
for more information to help troubleshoot the issue.
Installing a new Windows Server "Longhorn" domain in an existing Windows Server 2003 or Windows 2000 Server forest
Before you install the first Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest, you must do the following:
If this domain controller is the first Windows Server "Longhorn" domain controller that
you are adding to the forest, prepare the forest by updating the schema.
If you plan to install an RODC in the forest after you install the initial Windows Server
"Longhorn" domain controller, you must also run the command adprep /rodcprep.
For additional requirements for installing an RODC in a Windows Server 2003 forest,
see the Step-by-Step Guide for Planning, Deploying, and Using a Windows Server
"Longhorn" Beta 2 Read-only Domain Controller in this documentation set.
You can install a new Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest by using the following procedures:
Prepare the forest schema for Windows Server "Longhorn".
Install a new domain, as follows:
Interactively, by using the Windows interface
Unattended, by using an answer file
Unattended, by entering unattended installation parameters at the command line
Preparing the forest schema for Windows Server "Longhorn"
Before you can add a domain controller that is running Windows Server "Longhorn" to an
Active Directory environment running Windows 2000 Server or Windows Server 2003,
you must update the schema. You must update the Active Directory schema from the
domain controller that hosts the schema operations master role. If you are performing an
unattended installation of AD DS with Windows Server "Longhorn", you must update the
schema before you install the operating system. For normal installations, you must
25
update the schema after you run Setup and before you install AD DS. Use the following
procedure to update the Windows Server 2003 or Windows 2000 Server Active Directory
schema for Windows Server "Longhorn".
Administrative credentials
You must use an account that has membership in all of the following groups: Enterprise
Admins, Schema Admins, and Domain Admins. By default, Domain Admins is a member
of Enterprise Admins.
To prepare the forest schema for Windows Server "Longhorn"
1. Log on to the schema master as a member of the Enterprise Admins, Schema
Admins, and Domain Admins groups.
2. Insert the Windows Server "Longhorn" DVD into the CD or DVD drive. Copy the
contents of the \sources\adprep folder to an Adprep folder on the schema master.
3. Open a command prompt, and then change directories to the Adprep folder.
4. At the command prompt, type the following, and then press ENTER:
adprep /forestprep
5. Allow the operation to complete, and then allow the changes to replicate before
performing the next procedure.
Installing a new Windows Server "Longhorn" domain by using the Windows interface
The Windows interface provides wizards that step you through the AD DS installation
process.
Administrative credentials
You must be a member of the Domain Admins group in the parent domain, or you must
be a member of the Enterprise Admins group in the forest.
To install a new domain by using the Windows interface
1. In Initial Configuration Tasks or Server Manager, click Add roles.
2. In the Add Roles Wizard, on the Before You Begin page, review the preliminary
verification steps. When you complete all the preliminary steps, click Next.
3. On the Select Server Roles page, select AD DS, and then click Next.
4. On the Active Directory Domain Services page, review the introductory notes,
26
and then click Next to confirm your selections, or click Install to proceed with
installation.
5. On the Welcome to the Active Directory Domain Services Installation Wizard
page, click Next, or, to use the advanced option if you want to identify the source
domain controller for AD DS replication, select Use Advanced mode
installation.
6. On the Choose a Deployment Configuration page, click Existing forest and
New domain, and then click Next.
7. On the Network credentials page, provide the user name and password for an
account that has at least Domain Admins privileges in the parent domain, and
then click Next.
8. On the Name the New Domain page, type the parent and child domain names
according to the instructions, and then click Next.
9. On the Domain NetBIOS Name page, change the name, if necessary, and then
click Next.
10. On the Set Domain Functional Level page, select the domain functional level
that accommodates the domain controllers that you plan to install anywhere in
the domain, and then click Next.
11. On the Select Site page, select a site from the list or select the option to install
the domain controller in the site that corresponds to its IP address, and then click
Next.
12. On the Additional Options page, make the following selections, and then click
Next:
DNS server: This option is selected by default so that your domain controller
can function as a DNS server and a delegation is created in DNS for this
domain.
Global Catalog: This option adds the global catalog, read-only directory
partitions to the domain controller and enables global catalog search
functionality.
13. If you have selected the advanced installation mode, on the Source Domain
Controller page, specify a domain controller from which to replicate the
configuration and schema directory partitions, and then click Next.
14. On the Location for Database, Log Files and SYSVOL page, type or browse to
the volume and folder locations for the database file, the directory service log
files, and the system volume (SYSVOL) files, and then click Next.
27
Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.
15. On the Active Director Domain Services Restore Mode Administrator
Password page, type and confirm the restore mode password, and then click
Next. This password must be used to start AD DS in Directory Service Restore
Mode for tasks that must be performed offline.
16. On the Summary page, review your selections. Click Back to change any
selections, if necessary, and when you are sure that your selections are accurate,
click Next to install AD DS.
17. When you are prompted, restart the server to complete the AD DS installation.
Installing a new Windows Server "Longhorn" domain unattended by using an answer file
You can use the unattended method to install AD DS to create a new domain on a Full
installation of Windows Server "Longhorn" or on a Server Core installation of
Windows Server "Longhorn". To use the unattended method of installation, you must first
prepare an answer file that contains configuration values.
You can use the following procedure to create the answer file. This procedure identifies
only the essential answer file entries for creating a new Windows Server "Longhorn"
domain. For a complete list of unattended installation options, including default values,
allowed values, and return codes, see Unattended install options.
Administrative credentials
To perform this procedure, you can use any account that has Read and Write privileges
for the text editor application.
To create an answer file for installing a new domain
1. Open Notepad or any text editor.
2. On the first line, type [DCINSTALL] and then press ENTER.
3. Create the following entries, one entry on each line. These options are the
minimum options that are required for a new domain installation with DNS
configured automatically. For a complete list of unattended installation options,
including default values, allowed values, and descriptions, see Unattended install
options.
28
ParentDomainDNSName=<fully qualified DNS name of parent domain>
UserName=<administrative account in parent domain>
Password=<password for the account in UserName>
NewDomain=child
ChildName=<fully qualified DNS name of new domain>
NewDomainDNSName=<fully qualified DNS name of new domain>
DomainNetBiosName=<usually, first label of the fully qualified DNS name>
ReplicaOrNewDomain=domain
DomainLevel=<domain functional level number>
DatabasePath=<path to a folder on a local volume, surrounded by double
quotation marks>
LogPath=<path to a folder on a local volume, surrounded by double quotation
marks>
SYSVOLPath=<path to a folder on a local volume, surrounded by double
quotation marks>
AutoConfigDNS=yes
DNSDelegation=yes
DNSDelegationUserName=<if different from the account that is being used to
install AD DS, the account in the parent domain that has the privileges that are
required to create a DNS delegation>
DNSDelegationPassword=<if using a different account for
DNSDelegationUserName, the password for the account>
DNSOnNetwork=yes
SafeModeAdminPassword=<password>
RebootOnCompletion=yes
4. Save the answer file to the location on the installation server from which it is to be
called by Dcpromo, or save the file to a network share or removable media for
distribution.
5. Use the procedure "To install a new domain controller by using an answer file" to
install the new domain.
29
Installing a new Windows Server "Longhorn" domain by entering unattended installation parameters at the command line
Use the procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to install the new domain, but use the unattend options
that are appropriate for creating a new domain.
Installing a Windows Server "Longhorn" domain controller in an existing Windows Server 2003 or Windows 2000 Server domain
Before you install the first Windows Server "Longhorn" domain controller in an existing
Windows Server 2003 or Windows 2000 Server domain, you must do the following:
Prepare the forest by updating the schema, if necessary. For instructions to prepare
the forest, see "Prepare the forest schema for Windows Server "Longhorn"" in
Installing a new Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest .
Prepare the domain by running adprep /domainprep on the infrastructure operations
master.
If you are installing an RODC in an existing Windows Server 2003 domain, you must
also run the adprep /rodcprep command. For information about installing an RODC,
see the Step-by-Step Guide for Planning, Deploying, and Using a Windows Server
"Longhorn" Beta 2 Read-only Domain Controller in this documentation set.
You also have the option to use the install from media (IFM) method of installation. For
this option, you must have prepared installation media from a restored backup of a
domain controller in the same domain. For information about using IFM to install a
domain controller in an existing domain, see Installing AD DS from restored backup
media.
Preparing the domain for Windows Server "Longhorn"
Use the following procedure to prepare the domain for Windows Server "Longhorn".
Administrative credentials
You must be a member of the Domain Admins group to perform this procedure.
To prepare the domain for Windows Server "Longhorn"
1. Identify the domain infrastructure operations master role holder as follows:
30
In Active Directory Users and Computers, right-click the domain object, click
Operations Masters, and then click Infrastructure.
2. Log on to the infrastructure master as a member of the Domain Admins group.
3. Insert the Windows Server "Longhorn" DVD into the CD or DVD drive. Copy the
contents of the \sources\adprep folder to an Adprep folder on the infrastructure
master.
4. Open a command prompt, and then change directories to the Adprep folder
5. If this domain controller is the first Windows Server "Longhorn" domain controller
in a Windows 2000 Server domain, type the following, and then press ENTER:
adprep /domainprep /gpprep
6. If this domain controller is the first Windows Server "Longhorn" domain controller
in a Windows Server 2003 domain, type the following, and then press ENTER:
adprep /domainprep
If you prepare a Windows Server 2003 domain by running adprep
/domainprep /gpprep, you can safely disregard the error that indicates that
domain updates were not necessary.
7. Allow the operation to complete, and then allow the changes to replicate before
performing the next procedure.
Installing a Windows Server "Longhorn" domain controller by using the Windows interface
You can use the Active Directory Domain Services Installation Wizard to create a domain
controller in an existing domain. If you use the advanced options in the wizard, you can
control how AD DS is installed on the server, either by IFM or by replication:
IFM: You can provide a location for installation media that you have restored from a
backup of a similar domain controller in the same domain.
Replication: You can specify a domain controller in the domain from which to replicate
AD DS.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the
domain that is being installed.
31
To install a domain controller in an existing domain by using the Windows interface
1. In Initial Configuration Tasks or Server Manager, click Add roles.
2. In the Add Roles Wizard, on the Before You Begin page, review the preliminary
verification steps. When you complete all the preliminary steps, click Next.
3. On the Select Server Roles page, select Active Directory Domain Services,
and then click Next.
4. On the Active Directory Domain Services page, review the introductory notes,
and then click Next to confirm your selections, or click Install to proceed with
installation.
5. On the Welcome to the Active Directory Domain Services Installation Wizard
page, click Next, or, if you want to perform an IFM installation or identify the
source domain controller for AD DS replication, select Use Advanced mode
installation.
6. On the Choose a Deployment Configuration page, click Existing forest and
Existing domain, and then click Next.
7. On the Network credentials page, provide the user name and password for an
account that has at least Domain Admins privileges in the domain to which you
are adding the domain controller, specify the domain name, and then click Next.
8. On the Select Domain page, select the domain of the new domain controller, and
then click Next.
9. On the Select Site page, select a site from the list or select the option to install
the domain controller in the site that corresponds to its IP address, and then click
Next.
10. On the Additional Options page, make the following selections, and then click
Next:
DNS server: This option is selected by default so that your domain controller
can function as a DNS server. If you do not want the domain controller to be
a DNS server, clear this option.
Global Catalog: This option adds the global catalog, read-only directory
partitions to the domain controller, and it enables global catalog search
functionality.
Read-only domain controller. This option is not compatible with the global
catalog. For information about installing a read-only domain controller, see
the Step-by-Step Guide for Planning, Deploying, and Using a Windows
32
Server "Longhorn" Beta 2 Read-only Domain Controller in this documentation
set.
11. If you selected the advanced installation mode, you can specify the following
advanced options:
a. On the Install from Media? page, you can provide the location of installation
media to be used to create the domain controller and configure AD DS, or
you can allow replication over the network. For information about using this
method to install the domain controller, see Installing AD DS from restored
backup media.
b. On the Source Domain Controller page, you can specify a domain
controller from which to replicate the configuration and schema directory
partitions. If you select This specific domain controller, you can select the
domain controller that you want to provide source replication to create the
new domain controller, and then click Next.
12. On the Location for Database, Log Files and SYSVOL page, type or browse to
the volume and folder locations for the database file, the directory service log
files, and the system volume (SYSVOL) files, and then click Next.
Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.
13. On the Active Directory Domain Services Restore Mode Administrator
Password page, type and confirm the restore mode password, and then click
Next. This password must be used to start AD DS in Directory Service Restore
Mode for tasks that must be performed offline.
14. On the Summary page, review your selections. Click Back to change any
selections, if necessary. When you are sure that your selections are accurate,
click Next to install AD DS.
15. When you are prompted, restart the server to complete the AD DS installation.
Installing a Windows Server "Longhorn" domain controller by using an answer file
The answer file that you use to create a new domain controller must have the replica
options specified. Use the following procedure to create the answer file.
Administrative credentials
33
To perform this procedure, you can use any account that has Read and Write privileges
for the text editor application.
To create an answer file for installing a new domain controller
1. Open Notepad or any text editor.
2. On the first line, type [DCINSTALL], and then press ENTER.
3. Create the following entries, one entry on each line. These options are the
minimum options that are required for a new domain controller installation with
DNS configured automatically. For a complete list of unattended installation
options, including default values, allowed values, and descriptions, see
Unattended install options.
UserName=<administrative account in the domain of the new domain controller>
UserDomain=<name of the domain of the new domain controller>
Password=<password for the account in UserName>
ReplicaOrNewDomain=replica
LogPath=<path to a folder on a local volume, surrounded by double quotation
marks>
SYSVOLPath=<path to a folder on a local volume, surrounded by double
quotation marks>
DNSOnNetwork=yes
SafeModeAdminPassword=<password>
RestartOnCompletion=yes
4. Save the answer file to the location on the installation server from which it is to be
called by Dcpromo, or save the file to a network share or removable media for
distribution.
5. Use the procedure "To install a new domain controller by using an answer file" to
install the new domain controller.
Installing a new Windows Server "Longhorn" domain controller by entering unattended installation parameters at the command line
Use the procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to install the new domain controller, but use unattended
options that are appropriate for creating a new domain controller in an existing domain.
34
Installing AD DS from restored backup media
You can use installation media from a restored backup of an existing domain controller in
the domain to install a new domain controller in the same domain. IFM is an effective
method for minimizing replication of all directory data when you install AD DS, such as on
the first domain controller in a remote site. For information about how to prepare
installation media from a restored AD DS backup, see the Step-by-Step Guide for
Windows Server "Longhorn" Beta 2 Active Directory Domain Services Backup and
Recovery in this documentation set.
Requirements for installing from restored backup media include the following:
You must have restored backup media that is prepared from a similar domain
controller in the same domain, as follows:
For Windows Server "Longhorn" Beta 2 only, you can use restored backups of
only Full installation domain controllers to install AD DS on Full installation
servers. You cannot use IFM to install AD DS on a Server Core installation.
You can use backup media from an RODC to install only other RODCs.
Backup media must be created from a domain controller that has the same
operating system version and platform as the target server.
For Windows Server "Longhorn" Beta 2 only, you can install AD DS from backup
media only by using the Windows interface. You cannot use an unattended
installation to install a domain controller from backup media.
Use the following procedure to use the IFM method of installing AD DS on a server in the
same domain.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the
domain that is being installed.
To install a domain controller from backup media by using the Windows interface
1. Prepare backup media according to instructions in the Step-by-Step Guide for
Windows Server "Longhorn" Beta 2 Active Directory Domain Services Backup
and Recovery in this documentation set.
2. In Initial Configuration Tasks or Server Manager, click Add roles.
3. In the Add Roles Wizard, on the Before You Begin page, review the preliminary
verification steps. When you complete all the preliminary steps, click Next.
35
4. On the Select Server Roles page, select Active Directory Domain Services,
and then click Next.
5. On the Active Directory Domain Services page, review the introductory notes,
and then click Next to confirm your selections, or click Install to proceed with
installation.
6. On the Welcome to the Active Directory Domain Services Installation Wizard
page, select Use Advanced mode installation.
7. On the Choose a Deployment Configuration page, click Existing forest and
Existing domain, and then click Next.
8. On the Network credentials page, provide the user name and password for an
account that has at least Domain Admins privileges in the domain to which you
are adding the domain controller, specify the domain name, and then click Next.
9. On the Select Domain page, select the domain of the new domain controller, and
then click Next.
10. On the Select Site page, select a site from the list or select the option to install
the domain controller in the site that corresponds to its IP address, and then click
Next.
11. On the Additional Options page, select additional options according to the
configuration of the backup domain controller, and then click Next:
12. On the Install from Media? page, click Install from media at the location
below.
13. In Location, type or browse to the disk drive location of the installation media.
14. On the Location for Database, Log Files and SYSVOL page, type or browse to
the volume and folder locations for the database file, the directory service log
files, and the system volume (SYSVOL) files, and then click Next.
Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.
15. On the Active Directory Domain Services Restore Mode Administrator
Password page, type and confirm the restore mode password, and then click
Next. This password must be used to start AD DS in Directory Service Restore
Mode for tasks that must be performed offline.
16. On the Summary page, review your selections. Click Back to change any
selections, if necessary. When you are sure that your selections are accurate,
36
click Next to install AD DS.
17. When you are prompted, restart the server to complete AD DS installation.
Additional considerations
Dcpromo.exe installs AD DS using the data in the restored files, which eliminates the
need to replicate every object from a partner domain controller. However, objects that
were modified, added, or deleted since the backup was taken must be replicated. If
the backup was recent, the amount of replication that is required will be considerably
less than the amount of replication that is required for a regular AD DS installation.
Verifying an AD DS installation
After you install AD DS, verify key functionality such as DNS resource record registrations
and SYSVOL replication. For verification steps to perform after installing AD DS, see
Verifying Active Directory Installation (http://go.microsoft.com/fwlink/?LinkId=68736).
Steps for removing AD DSThe following sections provide step-by-step instructions for removing AD DS in all
configurations, including methods for removing the server role on both Full
Windows Server "Longhorn" installations and Server Core Windows Server "Longhorn"
installations. Methods are described for performing installations by using both the
Windows interface and the command line.
The unattended method of removing AD DS is required for Server Core operating
systems. The process for performing an unattended removal of AD DS is the same for a
server that is running a Full installation of Windows Server "Longhorn" or a Server Core
installation of Windows Server "Longhorn".
For Windows Server "Longhorn" Beta 2 installations only, you must uninstall the directory
service binaries manually when you use an unattended method to remove AD DS.
Procedures to remove AD DS are provided for the following scenarios:
Removing a Windows Server "Longhorn" domain controller from a domain
Removing the last Windows Server "Longhorn" domain controller in a domain
Removing the last Windows Server "Longhorn" domain controller in a forest
37
Removing a Windows Server "Longhorn" domain controller from a domain
The procedures in this section describe the methods for removing the last domain
controller in the domain.
Removing a Windows Server "Longhorn" domain controller by using the Windows interface
You can use the Active Directory Domain Services Installation Wizard to remove a
domain controller from an existing domain.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the
domain.
To remove a domain controller by using the Windows interface
1. On the Start menu, click Administrative Tools, and then click Server Manager.
2. Under Roles Summary, click Remove roles.
3. In the Remove Roles Wizard, under Roles, select Active Directory Domain
Services, and then click Next.
4. On the Confirm Removal Options page, confirm the removal options, and then
click Remove.
5. In the Welcome to the Active Directory Domain Services Installation Wizard
page, click Next.
6. On the Delete Domain? page, make no selection, and click Next.
7. If the domain controller has application directory partitions, on the Application
Directory Partitions page, view the application directory partitions in the list, and
then remove or retain application directory partitions, as follows:
If you do not want to retain any application directory partitions that are stored
on the domain controller, click Next.
If you want to retain any application directory partition that an application has
created on the domain controller, use the application that created the partition
to remove it, and then click Update to update the list.
8. On the Confirm Deletion page, select the option to delete all application
directory partitions on the domain controller, and then click Next.
38
9. On the Administrator Password page, type and confirm a secure password for
the local Administrator account, and then click Next.
10. On the Summary page, review your selections, and then click Next to remove
AD DS.
11. When you are prompted, restart the server to complete AD DS removal.
Removing a Windows Server "Longhorn" domain controller by using an answer file
The answer file that you use to remove a domain controller in a domain where other
domain controllers exist requires only Domain Admin credentials. You can also create the
password for the local Administrator account for the member server. If you do not specify
the password in the answer file, the administrator password is blank.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the
domain.
To create an answer file for removing a domain controller
1. Open Notepad or any text editor.
2. On the first line, type [DCINSTALL], and then press ENTER.
3. Create the following entries, one entry on each line. For a complete list of
unattended installation options, including default values, allowed values, and
descriptions, see Unattended install options.
username=<administrative account in the domain>
password=<password for the account in UserName>
administratorpassword=<local administrator password for server>
removeapplicationpartitions=yes
4. Save the answer file to the location on the installation server from which it is to be
called by Dcpromo, or save the file to a network shared folder or removable
media for distribution.
5. The Dcpromo command to use an answer file is the same for both removing and
installing a domain controller. Use the procedure "To install a new domain
controller by using an answer file" to remove the domain controller.
39
Removing a Windows Server "Longhorn" domain controller by entering unattended installation parameters at the command line
The Dcpromo command that you use to enter unattended installation parameters at the
command line is the same for both removing and installing a domain controller. Use the
procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to remove the domain controller, but use unattend
options that are appropriate for removing a domain controller from an existing domain.
Removing AD DS binaries
After you remove AD DS from a domain controller running Windows Server "Longhorn"
Beta 2, you must manually remove the AD DS binary files. This is a known issue for
Windows Server "Longhorn" Beta 2, but it will not be required in further Windows Server
"Longhorn" Beta releases.
Caution
Do not run this command on an installed domain controller. Be sure to restart the
server after removing AD DS before you run this command. Running this
command on an installed domain controller results in data loss on the domain
controller and requires a reinstallation of the operating system.
Administrative credentials
To perform this procedure, you must be a member of the local Administrators group on
the member server.
To remove AD DS binaries
1. Remove AD DS from the server, and then restart the server.
2. At a command prompt, type the following, and then press ENTER:
start /w pkgmgr /uu:DirectoryServices-DomainController /l:dcuninstall.log
start /w is optional if you want to retain the command prompt until the process
completes.
Removing the last Windows Server "Longhorn" domain controller in a domain
The procedures in this section describe the methods for removing the last domain
controller in the domain.
40
Removing the last Windows Server "Longhorn" domain controller in a domain by using the Windows interface
The Active Directory Domain Services Installation Wizard provides all the steps that you
need to remove the domain. During domain removal, the Active Directory Domain
Services Installation Wizard displays a list of all the application directory partitions that
are stored on the domain controller. If there are application directory partitions that were
created by an application other than AD DS, you can use the appropriate application to
remove these directory partitions, or you can let the Active Directory Domain Services
Installation Wizard remove them.
Application directory partitions that are created by AD DS, such as the DomainDNSZones
and ForestDNSZones application directory partitions, cannot be retained if you remove
AD DS.
Administrative credentials
To complete this procedure, you must be a member of the Domain Admins group in the
parent domain or a member of the Enterprise Admins group in the forest.
To remove the last domain controller in a domain by using the Windows interface
1. On the Start menu, click Administrative Tools, and then click Server Manager.
2. Under Roles Summary, click Remove roles.
3. In the Remove Roles Wizard, under Roles, select Active Directory Domain
Services, and then click Next.
4. On the Confirm Removal Options page, confirm the removal options, and then
click Remove.
5. In the Welcome to the Active Directory Domain Services Installation Wizard
page, click Next.
6. On the Delete Domain? page, select the option to delete the domain. Before you
continue, read the instructions for managing the removal of cryptographic keys
and the decryption of Encrypting File System (EFS)–encrypted files, and perform
these actions, if necessary. When you are sure that you have completed all
security tasks, click Next.
7. If the domain controller has application directory partitions, on the Application
Directory Partitions page, view the application directory partitions in the list and
remove or retain application directory partitions, as follows:
If you do not want to retain any application directory partitions that are stored
41
on the domain controller, click Next.
If you want to retain any application directory partition that an application has
created on the domain controller, use the application that created the partition
to remove it, and then click Update to update the list.
8. On the Confirm Deletion page, select the option to delete all application
directory partitions on the domain controller, and then click Next.
9. On the Administrator Password page, type and confirm a secure password for
the local Administrator account, and then click Next.
10. On the Summary page, review your selections, and then click Next to remove
AD DS.
11. When you are prompted, restart the server to complete AD DS removal.
For information about cryptographic keys and certificate management, see
Windows Server 2003 PKI Operations Guide (http://go.microsoft.com/fwlink/?
LinkId=68752). For information about EFS, see Encrypting File System Technical
Reference (http://go.microsoft.com/fwlink/?LinkId=68751).
Removing the last Windows Server "Longhorn" domain controller in a domain by using an answer file
The answer file that specifies that you are removing the last domain controller in the
domain must include that instruction, and it must specify the parent domain.
Administrative credentials
To complete this procedure, you must be a member of the Domain Admins group in the
parent domain or a member of the Enterprise Admins group in the forest.
To create an answer file for removing the last domain controller in a domain
1. On the first line, type [DCINSTALL], and then press ENTER.
2. Create the following entries, one entry on each line. For a complete list of
unattend installation options, including default values, allowed values, and
descriptions, see Unattended install options.
ParentDomainDNSName=<fully qualified DNS name of parent domain>
UserName=<administrative account in parent domain>
Password=<password for the account in UserName>
IsLastDCInDomain=yes
42
AdministratorPassword=<local administrator password for server>
RemoveApplicationPartitions=<yes if you want to remove the partitions. If you
want to retain them, you do not need this entry.>
3. Save the answer file to the location on the installation server from which it is to be
called by Dcpromo, or save the file to a network share or removable media for
distribution.
4. The Dcpromo command to use an answer file is the same for both removing and
installing a domain controller. Use the procedure "To install a new domain
controller by using an answer file" to remove the domain controller.
Removing the last Windows Server "Longhorn" domain controller in a domain by entering unattended installation parameters at the command line
The Dcpromo command that you use to enter unattended installation parameters at the
command line is the same for both removing and installing a domain controller. Use the
procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to remove the domain controller, but use unattend
options that are appropriate for removing the last domain controller in the domain.
Removing the last Windows Server "Longhorn" domain controller in a forest
The procedures in this section describe the methods that you can use to remove the last
domain controller in an AD DS forest.
Removing the last Windows Server "Longhorn" domain controller in a forest by using the Windows interface
Use the following procedure to remove the forest.
Administrative credentials
To complete this procedure, you must be a member of the Domain Admins group in the
forest root domain or the Enterprise Admins group in the forest.
To remove the last domain controller in a forest by using the Windows interface
1. On the Start menu, click Administrative Tools, and then click Server Manager.
43
2. Under Roles Summary, click Remove roles.
3. In the Remove Roles Wizard, under Roles, select Active Directory Domain
Services, and then click Next.
4. On the Confirm Removal Options page, confirm the removal options, and then
click Remove.
5. On the Welcome to the Active Directory Domain Services Installation Wizard
page, click Next.
6. On the Delete Domain? page, select the option to delete the domain and forest.
Before you continue, read the instructions for managing the removal of
cryptographic keys and the decryption of EFS-encrypted files, and perform these
actions, if necessary. When you are sure that you have completed all security
tasks, click Next.
7. If the domain controller has application directory partitions, on the Application
Directory Partitions page, view the application directory partitions in the list, and
then remove or retain application directory partitions, as follows:
If you do not want to retain any application directory partitions that are stored
on the domain controller, click Next.
If you want to retain any application directory partition that an application has
created on the domain controller, use the application that created the partition
to remove it, and then click Update to update the list.
8. On the Confirm Deletion page, select the option to delete all application
directory partitions on the domain controller, and then click Next.
9. On the Administrator Password page, type and confirm a secure password for
the local Administrator account, and then click Next.
10. On the Summary page, review your selections, and then click Next to remove
AD DS.
11. When you are prompted, restart the server to complete AD DS removal.
Removing the last Windows Server "Longhorn" domain controller in a forest by using an answer file
The Dcpromo unattend options for removing the last domain controller in a forest are the
same as the unattend options for removing the last domain controller in a domain. Use
the procedure "To create an answer file for removing the last domain controller in a
domain" to create the answer file for removing the last domain controller in the forest.
44
Use the procedure "To install a new domain controller by using an answer file" to remove
the domain controller.
Removing the last Windows Server "Longhorn" domain controller in a forest by entering unattended installation parameters at the command line
The Dcpromo command that you use to enter unattend parameters at the command line
is the same for both removing and installing a domain controller. Use the procedure "To
install a new domain controller by entering unattended installation parameters at the
command line" to remove the domain controller, but use unattend options that are
appropriate for removing the last domain controller in the domain. Because the forest root
domain is the domain that you are removing, the options for removing the domain
effectively remove the forest itself.
Appendix of unattended installation parametersThe tables in this appendix provide the information that you need to create an answer file
for installing or uninstalling AD DS in unattended mode.
Dcpromo.exe accepts these parameters either directly from the command line or as
entered in a text file that is formatted in standard.INI format. The text file must contain a
section heading [DCINSTALL] followed by AD DS (domain controller) server role
unattended installation parameters.
Create a text file that contains the [DCINSTALL] heading and in which each line in the file
contains an option and its value in the form option=value. To use the options directly from
the command line, precede each option:value pair with a forward slash (/) and separate
each /option=value pair with a space. At the command line, you can also use a colon (:)
to separate the option and the value (/option:value).
The following are example lines in an answer text file:
[DCINSTALL]
The following is an example set of the same options as typed in the Dcpromo.exe
command line:
dcpromo /unattend /username:Jsmith /password:SP#f357.2 ...
45
Unattended general options
The option in the following table is available for unattended installation and removal of
AD DS. This option is new in Windows Server "Longhorn".
General options Parameters Default value Description
/RebootOnCompletion Yes | No Yes Restart the
computer when
the operation is
complete, whether
or not the
operation is
successful.
Unattended install options
The following new options are available for unattended installations of AD DS. Options
that are new in Windows Server "Longhorn" appear in bold text.
Install options Parameters Default value Description
/AdministratorPassword password Specifies a local
Administrator account
password for the
computer after AD DS
is removed.
/AllowDomainReinstall Yes | No No If Dcpromo detects
that the domain
already exists,
specifies whether to
recreate the domain.
AllowDomainControllerReinstall Yes | No No When a replica
domain controller is
added, if Dcpromo
detects that the
domain controller
already exists,
specifies whether to
46
Install options Parameters Default value Description
overwrite the domain
controller data of the
existing domain
controller.
/ApplicationPartitionsToReplicate "partition_DN_1
partition_DN_2 ...partition_
DN_n"
Space-separated (or
comma-and-space-
separated)
distinguished names,
with the entire string
enclosed in quotation
marks, of application
directory partitions
that you want to
include when you use
restored backup
media to install AD DS
(or * to include all
application directory
partitions).
/AutoConfigDNS Yes | No Yes Specifies whether
DNS is configured for
a new domain if
Dcpromo detects that
the DNS dynamic
update protocol is not
available, or if
Dcpromo detects an
insufficient number of
DNS servers for an
existing domain.
/ChildName child_domain_name Specifies whether to
append the DNS label
for the new domain at
the beginning of the
name of an existing
directory service
domain when
47
Install options Parameters Default value Description
installing a child
domain.
/ConfirmGc Yes | No Yes Specifies whether the
domain controller is a
global catalog server.
/CriticalReplicationOnly Yes | No Yes Specifies whether to
skip noncritical (and
potentially lengthy)
portions of replication
and allow Dcpromo to
complete before
replication is
complete.
/DatabasePath path_to_database_files %systemroot%\
NTDS
Location of the
Ntds.dit file.
/DisableCancelForDnsInstall Yes | No No Specifies whether to
disable the Cancel
button during a DNS
installation. This
option is retained for
backward compatibility
with
Windows Server 2003
unattend files. It is
ignored if it is used for
Windows Server
"Longhorn".
/DNSDelegation Yes | No Computed
automatically
based on the
environment.
Indicates whether to
create a DNS
delegation that
references this new
DNS server. Valid for
Active Directory–
integrated DNS only.
/DNSDelegationUserName user_name The user name to be
48
Install options Parameters Default value Description
used when the DNS
delegation is created
in the parent zone and
credentials are
different from the
credentials provided
for AD DS role
installation or removal.
/DNSDelegationPassword Password The password for the
user name that is
used to create the
DNS delegation.
/DNSOnNetwork Yes | No Yes Specifies whether to
set DNS server
addresses
automatically.
/DomainLevel 0 | 2 | 3 Based on
levels existing
in the forest
Specifies the domain
functional level when
a new domain is
created in an existing
forest, as follows:
0 = Windows 2000
Server Native
2 = Windows
Server 2003 Native
3 = Windows Server
"Longhorn"
/DomainNetBiosName domain_NetBIOS_name First label of
DNS name
Assigns a network
basic input/output
system (NetBIOS)
name to the new
domain.
/ForestLevel 0 | 2 | 3 0 Specifies the forest
functional level when
a new domain is
49
Install options Parameters Default value Description
created in a new
forest, as follows:
0 = Windows 2000
Server Native
2 = Windows
Server 2003 Native
3 = Windows Server
"Longhorn"
ForestLevel replaces
SetForestVersion in
Windows Server 2003.
/LogPath Path_to_log_files %systemroot%\
NTDS
Specifies the location
of the database log
files
/NewDomain Forest | Tree | Child Forest Specifies the type of
new domain:
The root domain
of a new forest
The root domain
of a new tree in an
existing forest
A child domain in
an existing forest
The type of new
domain must be
specified when AD DS
is installed on a
Windows Server
"Longhorn" Server
Core installation.
/NewDomainDNSName DNS_domain_name The required name of
a new forest or a new
tree in an existing
50
Install options Parameters Default value Description
forest.
/OnDemandAllowed Security_Principal | NONE The name of one or
more security
principals that are
replicated to this
RODC, specified
within quotation
marks. To specify
more than one
security principal, add
the entry multiple
times.
In Windows Server
"Longhorn" Beta 2, if
you have no security
principals to add,
leave this entry blank.
Using the value
"NONE" causes the
unattended RODC
installation to fail. This
issue will be resolved
for Windows Server
"Longhorn" Beta 3.
/OnDemandDenied Security_Principal | NONE The name of one or
more security
principals that are not
to be replicated to this
RODC. To specify
more than one
security principal, add
the entry multiple
times.
/ParentDomainDNSName DNS_domain_name The DNS domain
name of an existing
parent domain when a
51
Install options Parameters Default value Description
child domain is
removed or installed.
/Password password The password for the
account name (the
value in UserName) to
use for installing or
removing AD DS.
Dcpromo deletes this
value after installation.
/ReplicaDomainDNSName DNS_domain_name The DNS domain
name of the domain to
replicate to this new
domain controller
replica.
/ReplicaOrNewDomain Replica |
Read_only_replica |
Domain
Replica Specifies whether to
install the domain
controller as:
An additional
domain controller
in an existing
domain
An RODC in an
existing domain
The first domain
controller in a new
domain
/ReplicationSourceDC DNS_name_of_source Indicates the full DNS
name of the domain
controller from which
AD DS data is
replicated to create
the new domain
controller.
/ReplicationSourcePath path_to_installation_media The location of the
files that are used to
52
Install options Parameters Default value Description
install a new domain
controller by using
restored backup
media.
/SafeModeAdminPassword password | NONE The password for the
administrator account
to use when starting
the computer in Safe
Mode or a variant of
Safe Mode, such as
Directory Service
Restore Mode.
/SiteName site_name The name of an
existing site where
you can place the new
domain controller.
/Syskey NONE | system key Indicates that the user
must provide the
system key.
/SysVolPath path_to_SYSVOL_folder %systemroot%\
sysvol
The path to the
SYSVOL folder, which
must be on a fixed
disk on the local
computer.
/UserDomain domain_name The domain name for
the user account that
is used to install
AD DS on a member
server.
/UserName user_name The account name of
the user who is
installing AD DS.
53
Unattended uninstall options
The new options in the following table are available for unattended removal of AD DS.
Options that are new in Windows Server "Longhorn" are shown in bold type.
Uninstall options Parameters Default
value
Description
/AdministratorPassword admin_password Sets the local
administrator
password for the
computer during
removal of a
domain controller.
/DemoteFSMO Yes | No No Indicates that a
forced removal
should continue
even if an
operations master
role is held by the
domain controller.
/ForceDemotion Indicates that the
removal proceeds
if the domain
controller is offline.
Caution: The
/ForceDemotion
switch results in
data loss on the
domain controller.
/IgnoreIsLastDcInDomainMismatch Yes | No No If you have set
IsLastDCInDomain
to Yes but there is
actually one or
more other domain
controllers in the
domain, this option
specifies whether
to continue with the
54
Uninstall options Parameters Default
value
Description
removal as
configured.
/IsLastDCInDomain Yes | No No Indicates whether
the computer on
which Dcpromo is
running is the last
domain controller
in the domain.
/RemoveApplicationPartitions Yes | No No Specifies whether
to remove
application
directory partitions
during removal of a
domain controller.
Unattended installation return codes
When the unattended installation completes, Dcpromo returns one of the following codes
to indicate the status of the operation to the user. Unused numbers are reserved for
future use.
1-10 = success return codes
11-100 = failure return codes
Success return codes
The codes in the following table indicate successful completion of an AD DS installation
or removal operation.
Value Case Description
1 ExitSuccess The operation
succeeded.
2 ExitSuccessNeedReboot The operation
succeeded, and the
55
Value Case Description
server must be restarted
manually.
3 ExitSuccessWithNonCriticalFailure The operation
succeeded, but there has
been a failure, such as a
failure with DNS
installation or delegation
configuration. Check
Dcpromoui log files, and
investigate further.
Failure return codes
The codes in the following table indicate failed completion of an AD DS installation or
removal operation.
Value Case Description
11 ExitAlreadyRunning DcPromo is already
running.
12 ExitMustBeAdministrator The user must be an
administrator.
13 ExitCertSvcInstalled Certificate Server is
installed.
14 ExitInSafeBootMode The server is running
in Safe Mode.
15 ExitRoleChangePending A role change is in
progress or requires
that the server be
restarted.
16 ExitIncorrectPlatform The server is running
on wrong platform.
17 ExitNeedNTFS5Drive No drives are
formatted for NTFS 5.
56
Value Case Description
18 ExitInsufficientWinDirSpace %windir% does not
have enough space.
19 ExitNameChangeNeedsReboot A name change is
pending.
20 ExitBadComputerName The computer name
uses invalid syntax.
21 ExitHoldsFSMOs This domain controller
holds an operations
master role, is a global
catalog server, or is a
DNS server.
22 ExitNeedToInstallTcpIp TCP/IP must be
installed or is not
functioning.
23 ExitNeedToConfigDnsFirst The DNS client must
be configured first.
24 ExitBadCredentials The supplied
credentials are not
valid or are missing
required elements.
25 ExitDcNotFound A domain controller for
the specified domain
could not be located.
26 ExitUnableReadDomainList The list of domains
could not be read from
the forest.
27 ExitMustSpecifyDomain A domain name is
missing (parent, child,
tree, or forest).
28 ExitBadDomainName The domain name is
not valid.
29 ExitParentDomainNotExists The parent domain
does not exist.
57
Value Case Description
30 ExitDomainNotInForest The specified domain
is not found in the
forest.
31 ExitChildDomainExists The child domain
already exists.
32 ExitBadNetbiosDomainName The NetBIOS name is
not valid.
33 ExitBadIFMPath The path to the IFM
files is not valid.
34 ExitBadIFMDatabase The IFM database is
bad.
35 ExitNoSyskeyForIFM A system key is
required for the IFM
database.
37 ExitBadDBPath The database path or
database log path is
not valid.
38 ExitInsuffSpaceForDB The volume does not
have enough space
for the database or the
database log.
39 ExitBadSysVolPath The SYSVOL path is
not valid.
40 ExitBadSiteName The site name is not
valid.
41 ExitMustSpecifySafeModePwd You must specify a
password for Safe
Mode.
42 ExitBadSafeModePwd The Safe Mode
password does not
meet password
criteria.
43 ExitBadAdminPwd The administrator
58
Value Case Description
password does not
meet criteria.
44 ExitBadForestName The specified forest
name is not valid.
45 ExitForestExists A forest with the
specified name
already exists.
46 ExitBadTreeName The specified name
for the tree is not
valid.
47 ExitTreeExists A tree with the
specified name
already exists.
48 ExitTreeNotFitInForest The tree name does
not fit into the forest
structure.
49 ExitDomainNotExists The specified domain
does not exist.
50 ExitLastDcMismatch This is not the last
domain controller.
51 ExitUnconfirmedAppPartitions Application partitions
exist on this domain
controller.
52 ExitRequiredParameterMissing An answer file or
command-line
unattend parameters
were not provided.
53 ExitPromoDemotFailedNeedReboot The installation or
removal failed and the
server must be
restarted.
54 ExitPromoDemotFailed The installation or
removal failed.
59
Value Case Description
55 ExitPromoDemoteFailedBecauseUserCancelled The installation or
removal failed
because it was
canceled by the user.
56 ExitPromoDemotFailedBecauseUserCancelledNeedReboot The installation or
removal failed
because it was
canceled by the user.
The computer must be
restarted to return to
the previous state.
57 ExitDomainReadOnlyReplicaGroupNotSpecified The operator failed to
specify one of the
required RODC
groups
(allowed/denied).
58 ExitDomainReadOnlyReplicaSiteNotSpecified The operator failed to
specify the site name
for an RODC.
59 ExitLastDnsServer The domain controller
appears to be the last
DNS server for one of
its Active Directory–
integrated zones.
60 ExitDomainReadOnlyReplicaPdcNotLonghorn The Primary Domain
Controller (PDC)
emulator for the
domain is not running
Windows Server
"Longhorn".
61 ExitInstallDNSNotAllowed You cannot install
AD DS with DNS in an
existing domain that
does not already host
DNS.
60
Value Case Description
62 ExitAnswerFileMissingSectionName The answer file does
not have a [DCInstall]
section.
63 ExitInsufficientForestFunctionalLevelForRodc The forest functional
level is less than
Windows Server 2003.
64 ExitPromoFailedBecauseComponentBinaryDetectionFailed The installation failed
because the
installation of the
AD DS binaries on the
server could not be
determined.
65 ExitPromoFailedBecauseComponentBinaryInstallationFailed The installation failed
because the AD DS
binaries could not be
installed.
66 ExitPromoFailedBecauseOSDetectionFailed The installation failed
because the operating
system installation
option (whether
Server Core
installation or Full
installation) could not
be determined.
67 ExitRodcCannotBeAGC The RODC cannot be
a global catalog server
68 ExitInvalidReplicationPartner The replication partner
is not valid.
69 ExitRequiredPortInUse The required port is
already in use by
some other
application.
70 ExitForestRootDcMustBeGc The first forest root
domain controller
61
Value Case Description
must be a global
catalog server.
71 ExitDnsAlreadyInstalled DNS server is already
installed.
72 ExitIsAppServer The installation failed
because the server is
a Terminal Services
application server.
73 ExitInvalidForestFunctionalLevel The specified forest
functional level is not
valid.
74 ExitInvalidDomainFunctionalLevel The specified domain
functional level is not
valid.
75 ExitDefaultPasswordReplicationPolicyCannotBeDetermined Unable to determine
the default password
replication policy.
76 ExitInvalidPasswordReplicationPolicy Specified allowed and
denied security groups
for the password
replication policy are
not valid.
77 ExitInvalidArgument The specified
argument is not valid.
78 ExitForestCheckFailed The installation failed
because the Active
Directory forest could
not be examined.
79 ExitRodcNDNCNotPrepped An RODC cannot be
installed because
adprep /rodcprep
has not been
performed.
80 ExitDomainNotPrepped The installation failed
62
Value Case Description
because
adprep/domainprep
has not been
performed.
81 ExitForestNotPrepped The installation failed
because
adprep/forestprep
has not been
performed.
82 ExitForestSchemaMismatch The installation failed
because there is a
forest schema
mismatch.
83 ExitUnsupportedSku The installation failed
because the operating
system edition does
not supported AD DS.
Logging bugs and feedbackYour feedback is very important to help us improve this feature in future releases of
Windows Server "Longhorn". Please provide feedback regarding your experience
installing AD DS, problems that you encounter, and whether this document was helpful.
We are also interested in feature requests and general feedback about AD DS installation
and removal.
To provide feedback for this step-by-step guide, follow the instructions on the Microsoft
Web site (http://go.microsoft.com/fwlink/?linkid=55105). Please note that, in the comment
area on the Web site, you will need to provide the name of this step-by-step guide.
63