Dcpromo command - most important in AD installation

With installations, 7 minutes of planning will save an hour for rework. The secret of troubleshooting Active Directory installs is mastering DNS.  I find NSLookup invaluable, also Ipconfig's new switches /registerdns and /flushdns are handy.

 

What's new in Windows Server 2003?

 

 

ADPREP

 

Here is a built-in command line tool that will prepare the schema.  It does not actually install the NDTS.dit files but it does prepare the forest or the individual domain for Active Directory.

 

ADPrep /forestprep     - on the schema master in your Windows 2000 forest.

 

ADPrep /domainprep   - on the Infrastructure Master in each AD domain.

 

 

DCPROMO /adv   - Turn Member server to AD DC via Backup/Restore.

 

If you already have a working domain controller, backup the system state, go to a member server, run DCPROMO /adv then point the wizard to the backup files.

 

 

Procedure for creating a Domain Controller

 

DCPROMO decisions

 

To call for the Active Directory Installation Wizard, Start, Run DCPROMO and answer these questions:

 

  1. New Domain - or Replica (another DC in the same domain)

  2. Domain Tree in existing forest - or New Domain Tree

  3. Domain in New Forest

 

Crucial Install DNS Stage

 

There are many ways of installing DNS, but I favour doing as little as possible myself, and letting the DCPROMO Wizard do as much as possible.  For Example, here is a crucial stage where DCPROMO needs DNS, I always select the middle option, ' Install and Configure DNS on this computer...'  To be crystal clear, I do NOT configure DNS myself, I let the Wizard create all those _msdcs records.

 

 

 

Best practice

 

Remember that the Active Directory can grow so make sure the partition has at least 300 MB of free space for NTDS.dit itself, and 100 MB for the log files.  Talking of the logs, install the edbxxx.log files on a separate disk.

 

 

Post installation considerations

 

To verify that installation has run smoothly check the following:

 

  1. DNS _SRV record: _msdcs, _sites, _tcp, _udp.  Also the GC, DC records are essential for users to find the global catalog and domain controller in order to logon.  If these records do not appear, try stopping and starting the Netlogon service.

  2. Run %systemroot%\sysvol and look for domain folders.

  3. Check the System and Directory Service Event logs for error messages.

 

 

Demotion back to member server

 

 

 

The Active Directory Installation Wizard (Dcpromo.exe) assigns all 5 FSMO roles to the first domain controller in the forest root domain. The first domain controller in each new child or tree domain is assigned the three domain-wide roles. Domain controllers continue to own FSMO roles until they are reassigned by using one of the following methods: