Scripting in Windows 2000 Active Directory
Active Directory expert Jim Hudson explores different ways to use scripting in Active Directory.
Scripting in Windows 2000 Active Directory
by Jim Hudson
This article is derived from Special Edition Using Active Directory, by Jim Hudson and Sean Fullerton (Que Publishing, November 2000).
In the next few articles, we are going to be looking at some different ways to use scripting in Active Directory. First, we will look at using scripting to automatically install Active Directory and DNS. Then we will look at writing logon scripts and attaching them to users and computers via Group Policy.
Automating dcpromo
I think I like scripting so much two reasons. One, I am really lazy; two, I am easily bored. I would rather spend 30 minutes of cool coding to avoid 3 minutes of actual work. Automated setups are no exception. The upside is that once I have scripted something, I never have to do it by hand again. Thus our next section: scripting dcpromo.
Running dcpromo with an answer file is very easy. Simply type dcpromo /answer:answer.txt at the command line, and you are on your way. This assumes, of course, that you have a properly configured answer file in the same directory that you are running dcpromo.
All dcpromo answer files follow a very specific syntax, which is documented well, if somewhat tersely, in the file unattend.doc. Unattend.doc is a fairly large Word document that is located in \support\tools\deploy.cab. The document can be extracted from the .cab file by using Explorer. Unattend.doc mainly documents creating unattended setup files, but it also documents the unattended setup of Active Directory. The following answer file, shown in the following listing, will cause the local server to be promoted to a forest root with a domain name of fis.local.
The following listing shows the script in its entirety. After this listing, we will look at the script one line at a time and discuss the impact of each command. This is not an exhaustive list of all commands, but simply a working example. For other parameters, see unattend.doc.
[DCInstall] AutoConfigDNS=YES CreateOrJoin=Create DatabasePath="c:\winnt\NTDS" DomainNetBiosName="fis" LogPath="c:\winnt\NTDS" NewDomainDNSName="fis.local" RebootOnSuccess=Yes ReplicaOrNewDomain=Domain SysVolPath="c:\winnt\sysvol" TreeOrChild=Tree
The first line is simply a header that sets up the parameters.
[DCInstall]
The next line tells dcpromo to automatically install and configure DNS.
AutoConfigDNS=YES
CreateorJoin sets whether we are creating a new forest or joining an existing one.
CreateOrJoin=Create
DatabasePath sets the path to the Active Directory database.
DatabasePath="c:\winnt\NTDS"
DomainNetBiosName sets the downlevel domain name for NT and Windows clients.
DomainNetBiosName="fis"
LogPath sets the path to Active Directory.
LogPath="c:\winnt\NTDS"
NewDomainDNSName sets the Active Directory domain name for the new domain.
NewDomainDNSName="fis.local"
RebootOnSuccess tells the server to automatically reboot when the promotion process is done.
RebootOnSuccess=Yes
ReplicaOrNewDomain sets whether we are creating the first domain controller in a new domain or a domain controller for an existing domain.
SysVolPath sets the path to the sysvol folder that holds the sysvol share. This share holds the filesystem objects that make up Group Policy.
TreeOrChild sets whether the domain is the root of a tree or a child domain of an existing tree.
TreeOrChild=Tree
After you have executed the dcpromo /answer:answer.txt command, the promotion will proceed as normal. If you specified the rebootonsuccess parameter, the system will automatically restart, and when the machine comes back up, Active Directory will be installed.