You are on page 1of 61

Step-by-Step Guide for Windows Server

"Longhorn" Beta 2 AD DS Installation


and Removal
Microsoft Corporation

Published: June 2006

Program Manager: Mas Libman

User Assistance Writer: Mary Hillman

Editor: Jim Becker

Abstract
Active Directory® Domain Services (AD DS) is a server role of the Microsoft®
Windows Server® Code Name "Longhorn" operating system. AD DS provides a
distributed directory service that you can use for centralized, secure management of your
network. This guide describes the installation and removal processes for the AD DS
server role. You can use the procedures in this guide to install and remove AD DS on
servers that are running Windows Server "Longhorn" in a test lab environment.
This document supports a preliminary release of a software product that may be changed
substantially prior to final commercial release, and is the confidential and proprietary
information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure
agreement between the recipient and Microsoft. This document is provided for
informational purposes only and Microsoft makes no warranties, either express or
implied, in this document. Information in this document, including URL and other Internet
Web site references, is subject to change without notice. The entire risk of the use or the
results from the use of this document remains with the user. Unless otherwise noted, the
example companies, organizations, products, domain names, e-mail addresses, logos,
people, places, and events depicted herein are fictitious, and no association with any real
company, organization, product, domain name, e-mail address, logo, person, place, or
event is intended or should be inferred. Complying with all applicable copyright laws is
the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other


intellectual property rights covering subject matter in this document. Except as expressly
provided in any written license agreement from Microsoft, the furnishing of this document
does not give you any license to these patents, trademarks, copyrights, or other
intellectual property.

© 2006 Microsoft Corporation. All rights reserved.

Active Directory, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT,
Windows Server, and Windows Vista are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.


Contents
Step-by-Step Guide for Windows Server "Longhorn" Beta 2 AD DS Installation and
Removal..........................................................................................................................1
Abstract.......................................................................................................................1

Contents.............................................................................................................................4

Step-by-Step Guide for Windows Server "Longhorn" Beta 2 AD DS Installation and


Removal .............................................................................................................7
In this guide....................................................................................................................7
What's new in AD DS installation and removal?.............................................................7
New installation options...............................................................................................8
New options in the Active Directory Domain Services Installation Wizard................8
New unattend options..............................................................................................9
RODC option............................................................................................................9
DNS installation options...........................................................................................9
Global catalog installation options............................................................................9
New server operating system installation options......................................................10
Full installation.......................................................................................................10
Server Core installation..........................................................................................10
Known issues for installing and removing AD DS.........................................................11
Scenarios for installing AD DS......................................................................................11
Install a new Windows Server "Longhorn" forest.......................................................12
Install a new Windows Server "Longhorn" domain in an existing
Windows 2000 Server or Windows Server 2003 forest..........................................12
Install a new Windows Server "Longhorn" domain controller in an existing
Windows 2000 Server or Windows Server 2003 domain.......................................13
Install AD DS from restored backup media................................................................14
Verify AD DS installations..........................................................................................15
Scenarios for removing AD DS.....................................................................................15
Remove a domain controller from a domain..............................................................16
Remove the last domain controller in a domain.........................................................16
Remove the last domain controller in a forest...........................................................16
Requirements for AD DS installation.............................................................................16
Steps for installing AD DS.............................................................................................17
Installing a new Windows Server "Longhorn" forest..................................................17
Installing a new forest by using the Windows interface..........................................18
Installing a new forest by using an answer file.......................................................19
Installing a new forest by entering unattended installation parameters at the
command line.....................................................................................................21
Importing localized display specifiers on a Server Core implementation of a new
forest...................................................................................................................22
Installing a new Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest..........................................23
Preparing the forest schema for Windows Server "Longhorn"...............................23
Installing a new Windows Server "Longhorn" domain by using the Windows
interface..............................................................................................................24
Installing a new Windows Server "Longhorn" domain unattended by using an
answer file...........................................................................................................26
Installing a new Windows Server "Longhorn" domain by entering unattended
installation parameters at the command line.......................................................28
Installing a Windows Server "Longhorn" domain controller in an existing
Windows Server 2003 or Windows 2000 Server domain.......................................28
Preparing the domain for Windows Server "Longhorn"..........................................28
Installing a Windows Server "Longhorn" domain controller by using the Windows
interface..............................................................................................................29
Installing a Windows Server "Longhorn" domain controller by using an answer file
............................................................................................................................31
Installing a new Windows Server "Longhorn" domain controller by entering
unattended installation parameters at the command line....................................33
Installing AD DS from restored backup media...........................................................33
Verifying an AD DS installation..................................................................................35
Steps for removing AD DS............................................................................................35
Removing a Windows Server "Longhorn" domain controller from a domain.............36
Removing a Windows Server "Longhorn" domain controller by using the Windows
interface..............................................................................................................36
Removing a Windows Server "Longhorn" domain controller by using an answer file
............................................................................................................................37
Removing a Windows Server "Longhorn" domain controller by entering unattended
installation parameters at the command line.......................................................38
Removing AD DS binaries......................................................................................38
Removing the last Windows Server "Longhorn" domain controller in a domain........39
Removing the last Windows Server "Longhorn" domain controller in a domain by
using the Windows interface...............................................................................39
Removing the last Windows Server "Longhorn" domain controller in a domain by
using an answer file............................................................................................40
Removing the last Windows Server "Longhorn" domain controller in a domain by
entering unattended installation parameters at the command line......................41
Removing the last Windows Server "Longhorn" domain controller in a forest...........41
Removing the last Windows Server "Longhorn" domain controller in a forest by
using the Windows interface...............................................................................42
Removing the last Windows Server "Longhorn" domain controller in a forest by
using an answer file............................................................................................43
Removing the last Windows Server "Longhorn" domain controller in a forest by
entering unattended installation parameters at the command line......................43
Appendix of unattended installation parameters...........................................................43
Unattended general options......................................................................................44
Unattended install options.........................................................................................44
Unattended uninstall options.....................................................................................52
Unattended installation return codes.........................................................................53
Success return codes.............................................................................................53
Failure return codes...............................................................................................54
Logging bugs and feedback..........................................................................................61
7

Step-by-Step Guide for Windows Server


"Longhorn" Beta 2 AD DS Installation
and Removal
Active Directory® Domain Services (AD DS) is a server role of the Microsoft®
Windows Server® Code Name "Longhorn" operating system. AD DS provides a
distributed directory service that you can use for centralized, secure management of your
network.
This guide describes the installation and removal processes for the AD DS server role.
You can use the procedures in this guide to install and remove AD DS on servers that are
running Windows Server "Longhorn" in a test lab environment.

In this guide
• What's new in AD DS installation and removal?

• Known issues for installing and removing AD DS

• Key scenarios for installing AD DS

• Key scenarios for removing AD DS

• Requirements for AD DS installation

• Steps for installing AD DS

• Steps for removing AD DS

• Appendix of unattend parameters

What's new in AD DS installation and


removal?
AD DS has the following new options in Windows Server "Longhorn":

• AD DS installation options

• Server operating system installation options

• Read-only domain controller (RODC) option


8

• Domain Name System (DNS) installation options

• Global catalog installation options

New installation options


When you install AD DS, you have several new options in Windows Server "Longhorn",
both in the Active Directory Domain Services Installation Wizard and when you perform
an unattended installation at the command line.

The new AD DS installation options are as follows:

• You can specify the following domain controller options:

• DNS server: In the Microsoft Windows Server® 2003 operating system, DNS
server installation is offered, if needed. In Windows Server "Longhorn", DNS
installation and configuration is automatic, if needed. When you install DNS on
the first domain controller in a new domain in Windows Server "Longhorn", a
delegation for the new domain is created automatically in DNS.

• Global catalog server: As in Windows Server 2003, installing a domain


controller as a global catalog server is not an installation option in the Windows
interface.

• RODC: This domain controller option is new in Windows Server "Longhorn".


It is available when you add a domain controller in an existing domain. The first
domain controller in the forest or domain cannot be an RODC.

• You can specify the site of a new domain controller or use the site that
corresponds to the IP address of the computer.

New options in the Active Directory Domain Services Installation


Wizard
You can use the Active Directory Domain Services Installation Wizard to add the AD DS
server role interactively.

The wizard has the following new options:

• You can access the Active Directory Domain Services Installation Wizard in new
ways, as follows:

• You can click Add Roles in Initial Configuration Tasks, the application that
appears when you first install the operating system.

• You can click Add Roles in Server Manager, which is always available on the
Administrative Tools menu and through an icon in the notification area.
9

• The advanced installation mode is available in the Active Directory Domain


Services Installation Wizard; you do not have to run dcpromo /adv.

• The option to create a new domain tree is available only in advanced mode.

New unattend options


New options for running unattended installation of AD DS are available in
Windows Server "Longhorn". Unlike unattended installation in Windows Server 2003,
unattended installation in Windows Server "Longhorn" does not require a response to any
user interface (UI) prompt, such as to restart the domain controller, which makes the
process truly "unattended."
During an unattended operation, a return code is used to indicate whether or not the
operation was successful.

For a list of all return codes and unattend options for Windows Server "Longhorn",
including allowed values, default values, and descriptions, see the Appendix of
unattended installation parameters.

RODC option
A new type of domain controller can be installed on servers that are running
Windows Server "Longhorn" Beta 2. RODC hosts a read-only replica of the AD DS
database. RODC makes it possible for organizations to deploy a domain controller easily
in remote locations where its physical security cannot be guaranteed.

For information about using RODC, see the Step-by-Step Guide for Planning, Deploying,
and Using a Windows Server "Longhorn" Beta 2 Read-only Domain Controller in this
documentation set.

DNS installation options


The option to install DNS is available, depending on your installation selections and DNS
conditions on the network. In scenarios where DNS is required, the option is not
available, and DNS is installed automatically.

When you select the DNS option or when DNS is installed automatically, DNS creates a
new delegation, or it updates existing delegations for the server automatically.

Global catalog installation options


In Windows Server "Longhorn", the global catalog server option is available for all
installations other than the first domain controller in the forest, which must be a global
10

catalog server. In Windows Server "Longhorn" Beta 2, the global catalog server option is
not compatible with RODCs. However, RODCs will be capable of hosting the global
catalog in future releases of Windows Server "Longhorn".

Global catalog server is the default domain controller option when you are adding a new
domain controller in an existing domain.

New server operating system installation options


Windows Server "Longhorn" provides a new minimal server installation option, called
Server Core installation, in addition to the Full installation option.

Full installation
For ease of management, you can install AD DS on a server that is running the Full
installation of Windows Server "Longhorn". A Full installation of Windows Server
"Longhorn" supports both interactive (wizard) and unattended domain controller
installation.

Server Core installation


A Server Core installation provides a minimal environment for running specific server
roles, which reduces servicing and management requirements and the attack surface for
those server roles. To install AD DS on a Server Core installation of Windows Server
"Longhorn", perform an unattended installation. Server Core installations do not provide
any graphical UI (GUI). They must be managed solely from the command line. A Server
Core installation supports the following server roles:

• AD DS
• DHCP server

• File server

• DNS server

For more information about Server Core installations, see Microsoft Windows Server
Code Name "Longhorn" Beta 2 Server Core Step-By-Step Guide in this documentation
set.
11

Known issues for installing and removing


AD DS
The following issues affect Beta 2 versions of Windows Server "Longhorn":

• When you create a new Windows Server "Longhorn" forest on a Server Core
installation, non-English display specifiers are not installed automatically. You must
import display specifiers manually.

• Starting a new domain at, or raising an existing domain to, the Windows Server
"Longhorn" domain level might result in SYSVOL not being replicated. Issues with
migrating from File Replication service (FRS) replication to Distributed File Service
(DFS) Replication will be resolved in subsequent Windows Server "Longhorn"
versions.

• When you remove the AD DS server role, the role binaries are not removed
automatically. After you remove AD DS and restart the server, you must remove
AD DS binaries manually.

• You cannot create a child domain or additional domain controller with a Japanese
domain name.

• You cannot install DNS during installation of an additional domain controller when
a Unicode DNS name is used.

• When a domain name includes Unicode or double-byte characters, domain


controllers hosting that domain cannot be located by DNS clients.

For known issues that apply when you deploy an RODC, see the Step-by-Step Guide for
Planning, Deploying, and Using a Windows Server "Longhorn" Beta 2 Read-only Domain
Controller in this documentation set.

Scenarios for installing AD DS


The following AD DS installation scenarios are available in Windows Server "Longhorn":

• Install a new Windows Server "Longhorn" forest

• Install a new Windows Server "Longhorn" domain in an existing


Windows 2000 Server or Windows Server 2003 forest

• Install a new Windows Server "Longhorn" domain controller in an existing


Windows 2000 Server or Windows Server 2003 domain

• Install AD DS from restored backup media

• Verify domain controller installations


12

Install a new Windows Server "Longhorn" forest


When you install AD DS to create the first domain controller in a new Windows Server
"Longhorn" forest, be aware of the following considerations:

• You must make forest and domain functional level decisions that determine
whether your forest and domain can contain domain controllers that run Microsoft
Windows® 2000 Server, Windows Server 2003, or both.

Important
Multiple–domain controller domains that are created at, or raised to, the
Windows Server "Longhorn" functional level are not supported in
Windows Server "Longhorn" Beta 2. As a result of issues with migration from
FRS replication to DFS Replication in Windows Server "Longhorn" Beta 2,
SYSVOL might not replicate properly at the Windows Server "Longhorn"
domain functional level. This condition can prevent a new domain controller
that is added subsequently from advertising itself as a domain controller.

• Domain controllers that are running the Microsoft Windows NT® Server 4.0
operating system are not supported with Windows Server "Longhorn".

• Servers running Windows NT Server 4.0 are not supported by domain controllers
that are running Windows Server "Longhorn".

• The first Windows Server "Longhorn" domain controller in a forest cannot be an


RODC.

Install a new Windows Server "Longhorn" domain in an


existing Windows 2000 Server or
Windows Server 2003 forest
When you install AD DS to create the first domain controller in a new Windows Server
"Longhorn" domain, be aware of the following considerations:

• Before you create a new Windows Server "Longhorn" domain in a


Windows 2000 Server or Windows Server 2003 forest, you must prepare the forest
for Windows Server "Longhorn" by extending the schema (that is, by running
adprep /forestprep).

• You must make domain functional level decisions that determine whether your
domain can contain domain controllers that run Windows 2000 Server,
Windows Server 2003, or both.
13

Important
Multiple–domain controller domains that are created at, or raised to, the
Windows Server Longhorn domain functional level are not supported in
Windows Server "Longhorn" Beta 2. As a result of issues with migration from
FRS replication to DFS Replication in Windows Server "Longhorn" Beta 2,
SYSVOL might not replicate properly at the Windows Server "Longhorn"
domain functional level. This condition can prevent a new domain controller
that is added subsequently from advertising itself as a domain controller.

Windows Server "Longhorn" security principals are not created until the primary domain
controller (PDC) operations master in the forest root domain is running Windows Server
"Longhorn". This requirement is similar to the Windows Server 2003 requirement.
For procedures to install a new domain, see Installing a new Windows Server "Longhorn"
domain in an existing Windows Server 2003 or Windows 2000 Server forest.

Install a new Windows Server "Longhorn" domain


controller in an existing Windows 2000 Server or
Windows Server 2003 domain
When you install a new Windows Server "Longhorn" domain controller in an existing
Windows 2000 Server or Windows Server 2003 domain, be aware of the following
considerations:

• If this domain controller is the first Windows Server "Longhorn" domain controller
in the forest, you must prepare the forest for Windows Server "Longhorn" by
extending the schema (that is, by running adprep /forestprep), on the schema
master if this has not already been done.

• If this domain controller is the first Windows Server "Longhorn" domain controller
in a Windows 2000 Server domain, you must prepare the domain by running
adprep /domainprep /gpprep on the infrastructure master.

• If this domain controller is the first Windows Server "Longhorn" domain controller
in a Windows Server 2003 domain, you must prepare the domain by running
adprep /domainprep on the infrastructure master.

Note
If you prepare a Windows Server 2003 domain by running adprep
/domainprep /gpprep, you can safely disregard the error message that
indicates that domain updates were not necessary.
14

• The first Windows Server "Longhorn" domain controller in an existing


Windows 2000 Server or Windows Server 2003 domain cannot be created as an
RODC. After a Windows Server "Longhorn" domain controller exists in the domain,
subsequent Windows Server "Longhorn" domain controllers can be created as
RODCs. The forest and domain functional level of Windows Server 2003 is required
for creating an RODC.

Note
Do not add an additional Windows Server "Longhorn" domain controller if the
forest or domain functional level is Windows Server "Longhorn". For
Windows Server "Longhorn" Beta 2, the Windows Server "Longhorn"
functional level is not supported for a domain that has multiple domain
controllers.

• If you are installing the first RODC in the forest, you must prepare the forest by
running adprep /rodcprep. For more information, see the Step-by-Step Guide for
Planning, Using, and Deploying a Windows Server "Longhorn" Beta 2 Read-Only
Domain Controller in this documentation set.

• For the Windows Server "Longhorn" Beta 2 release, changing the domain
functional level to Windows Server "Longhorn" in a pre-existing
Windows 2000 Server or Windows Server 2003 domain after upgrading all domain
controllers to Windows Server "Longhorn" Beta 2 is not supported.

After you have prepared the forest and the domain, you can install AD DS to create a
new Windows Server "Longhorn" domain controller. Use Server Manager to install the
Active Directory Domain Services server role.

For procedures to install a new domain controller, see Installing a Windows Server
"Longhorn" domain controller in an existing Windows Server 2003 or Windows 2000
Server domain.

Install AD DS from restored backup media


As with Windows Server 2003, you can use restored backup media to minimize
replication traffic during AD DS installation on a server that is running Windows Server
"Longhorn". You can use this installation method to install a new domain controller in an
existing domain. The installation media that you use must be prepared from the same
type of domain controller that you are installing. The following aspects of the domain
controller source and target must be identical:

• Domain controller option: Writeable or read-only


15

• Operating system: Windows 2000 Server, Windows Server 2003, or


Windows Server "Longhorn"

• Platform: x86, IA64, or x64

A Server Core installation can be the source for installing a new domain controller on a
Full installation of Windows Server "Longhorn".

Note
For Windows Server "Longhorn" Beta 2, you cannot use restored backup media
to install AD DS on a Server Core installation of Windows Server "Longhorn".

For information about creating the backup media, see the Step-by-Step Guide for
Windows Server "Longhorn" Beta 2 Active Directory Domain Services Backup and
Recovery in this documentation set.

For the procedure to install a new domain controller by using backup media, see
Installing AD DS from restored backup media.

Verify AD DS installations
You can perform verification steps after you install a domain controller, including the
following:

• Check the directory service event log for errors.

• Make sure that the SYSVOL folder is accessible to clients.

• Verify DNS functionality.

• Verify replication.

Scenarios for removing AD DS


You can remove the AD DS server role by using the Active Directory Domain Services
Installation Wizard or by performing an unattended removal. Server Core installations are
always removed through an unattended removal.

Unattended options provide the ability to remove AD DS without having to provide any
information other than the information that is contained in the answer file. For information
about unattended AD DS removal return codes, see the Appendix of unattended
installation parameters.

Although processes for removing AD DS are essentially unchanged from


Windows Server 2003, they are included here for completeness. For more information
16

about removing domain controllers, domains, and forests, including forced removal, see
Administering Domain Controllers (http://go.microsoft.com/fwlink/?LinkId=68642).

Remove a domain controller from a domain


For procedures to remove a domain controller from an existing domain, see Removing a
Windows Server "Longhorn" domain controller from a domain.

Remove the last domain controller in a domain


For procedures to remove the last domain controller in a domain, see Removing the last
Windows Server "Longhorn" domain controller in a domain.

Remove the last domain controller in a forest


For procedures to remove the last domain controller in a forest, see Removing the last
Windows Server "Longhorn" domain controller in a forest.

Requirements for AD DS installation


For Windows Server "Longhorn" hardware requirements, see the Windows Server
"Longhorn" Beta 2 release notes.

The following software requirements apply to both Full installations and Server Core
installations:

• Windows Server "Longhorn" Beta 2 operating system

• Appropriate TCP/IP and DNS server addresses configured

• When you use an answer file to perform an unattended installation of AD DS, a


[DCINSTALL] unattend.txt file with appropriate parameters specified. For a list of
entries for the [DCINSTALL] answer file, see Appendix of unattended installation
parameters.

• Schema preparation: Before you can add AD DS to a server that is running


Windows Server "Longhorn" in a Windows Server 2003 or Windows 2000 Server
forest, you must update the schema on the schema operations master in the forest
by running adprep /forestprep.

• Domain preparation: Before you can add AD DS to a server that is running


Windows Server "Longhorn" in a Windows Server 2003 or Windows 2000 Server
17

domain, you must update the infrastructure master in the domain by running
adprep /domainprep /gpprep.

• RODC preparation: Before you can install AD DS to create an RODC, you must
prepare the forest by running adprep /rodcprep.

• DNS infrastructure: Before you add AD DS to create a domain or forest, be sure


that a DNS infrastructure is in place on your network. When you install AD DS, you
can include DNS server installation, if needed. When you create a new domain, a
DNS delegation is created automatically during the installation process.

For information about configuring a Server Core installation, see the Microsoft Windows
Server Code Name "Longhorn" Beta 2 Server Core Step-By-Step Guide in this
documentation set.

Steps for installing AD DS


The following sections provide step-by-step instructions for installing AD DS in all
configurations, including methods for installing it on both Full Windows Server "Longhorn"
installations and Server Core Windows Server "Longhorn" installations. These sections
provide both the Windows interface and command-line methods for performing
installations.

The process for performing an unattended installation of AD DS is the same for a server
that is running a Full installation of Windows Server "Longhorn" and for a Server Core
installation of Windows Server "Longhorn". The unattended method of installation is
required for Server Core operating systems.

Procedures for installing AD DS are provided for the following scenarios:

• Installing a new Windows Server "Longhorn" forest

• Installing a new Windows Server "Longhorn" domain in an existing


Windows Server 2003 or Windows 2000 Server forest

• Installing a Windows Server "Longhorn" domain controller in an existing


Windows Server 2003 or Windows 2000 Server domain

• Installing AD DS from restored backup media

• Verifying AD DS installations

Installing a new Windows Server "Longhorn" forest


You can install a new Windows Server "Longhorn" forest by using the following methods:
18

• Interactively, by using the Windows interface

• Unattended, by using an answer file

• Unattended, by entering unattend parameters at the command line

Important
If you create a new forest by installing AD DS on a Server Core installation of
Windows Server "Longhorn", you must install display specifiers manually after
AD DS installation.

Installing a new forest by using the Windows interface


The Windows interface provides wizards that step you through the AD DS installation
process.

Administrative credentials

You must be logged on as the local administrator for the computer.

To install a new forest by using the Windows interface


1. In Initial Configuration Tasks or Server Manager, click Add roles.

2. In the Add Roles Wizard, on the Before You Begin page, review the
preliminary verification steps. When you complete all the preliminary steps, click
Next.

3. On the Select Server Roles page, select Active Directory Domain


Services, and then click Next.

4. On the Active Directory Domain Services page, review the introductory


notes, and then click Next to confirm your selections, or click Install to proceed
with installation.

5. On the Welcome to the Active Directory Domain Services Installation


Wizard page, click Next.

When you create the first domain controller in a new forest, there are no
additional advanced options.

6. On the Choose a Deployment Configuration page, click New forest, and


then click Next.

7. On the New Domain Name page, type the full DNS name for the forest root
domain, and then click Next.

8. On the Set Forest Functional Level page, select the forest functional level
19

that accommodates the domain controllers that you plan to install anywhere in
the forest, and then click Next.

9. On the Set Domain Functional Level page, select the domain functional
level that accommodates the domain controllers that you plan to install anywhere
in the domain, and then click Next.

10. On the Additional Options page, DNS server is selected by default so that
your forest DNS infrastructure can be created during AD DS installation. If you
plan to use Active Directory–integrated DNS, click Next. If you have an existing
DNS infrastructure and you do not want this domain controller to be a DNS
server, select DNS server to clear the check box, and then click Next.
11. On the Location for Database, Log Files and SYSVOL page, type or
browse to the volume and folder locations for the database file, the directory
service log files, and the system volume (SYSVOL) files, and then click Next.

Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.

12. On the Active Director Domain Services Restore Mode Administrator


Password page, type and confirm the restore mode password, and then click
Next. This password must be used to start AD DS in Directory Service Restore
Mode for tasks that must be performed offline.

13. On the Summary page, review your selections. Click Back to change any
selections, if necessary. When you are sure that your selections are accurate,
click Next to install AD DS.

14. When you are prompted, restart the server to complete the AD DS
installation.

Installing a new forest by using an answer file


You can use the unattended method to install AD DS to create a new forest on a Full
installation of Windows Server "Longhorn" or on a Server Core installation of
Windows Server "Longhorn". To use the unattended method of installation, you must first
prepare an answer file that contains configuration values.

Use the following procedure to create the answer file. This procedure identifies only the
essential answer file entries for creating a new Windows Server "Longhorn" forest. For a
complete list of unattended installation options, including default values, allowed values,
and descriptions, see Unattended install options.

Administrative credentials
20

To perform this procedure, you can use any account that has Read and Write privileges
for the text editor application.

To create an answer file for installing a new forest


1. Open Notepad or any other text editor.

2. On the first line, type [DCINSTALL], and then press ENTER.

3. Type the following entries, one entry on each line:

AutoConfigDNS=yes

NewDomain=forest

NewDomainDNSName=<fully qualified DNS name>

DomainNetBiosName=<first label of the fully qualified DNS name, by default>

ReplicaOrNewDomain=domain

ForestLevel=<forest functional level number>

DomainLevel=<domain functional level number>

DatabasePath=<path to a folder on a local volume, surrounded by double


quotation marks>

LogPath=<path to a folder on a local volume, surrounded by double quotation


marks>

SYSVOLPath=<path to a folder on a local volume, surrounded by double


quotation marks>

SafeModeAdminPassword=<password>

RebootOnCompletion=yes
4. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network shared folder or removable
media for distribution.

After you create the answer file, use the following procedure to perform the unattended
installation. Use this procedure to install AD DS on either a Full installation of
Windows Server "Longhorn" or a Server Core installation of Windows Server "Longhorn".

Note
If you are performing this procedure on a server that is running a Server Core
installation of Windows Server "Longhorn" Beta 2, you must also perform the
21

procedure in Importing localized display specifiers on a Server Core


implementation of a new forest.

Administrative credentials

You must be logged on to the server with the local administrator account.

To install a new domain controller by using an answer file


• At the command prompt, type the following, and then press ENTER:

dcpromo /unattend:answerFileLocation

Installing a new forest by entering unattended installation


parameters at the command line
If you have a list of the unattend options and parameter values that you want to use to
create a new forest, you can type the options and values directly into the command line
rather than using an answer file.

Use the following procedure to install a new forest unattended from the command line. If
you are performing this procedure on a server that is running a Server Core installation of
Windows Server "Longhorn" Beta 2, you must also perform the procedure in Importing
localized display specifiers on a Server Core implementation of a new forest.

Administrative credentials

You must be logged on to the server with the local administrator account.

To install a new domain controller by entering unattended installation


parameters at the command line
1. At a command prompt, type the following, and then press ENTER:

dcpromo /unattend /unattendOption:value /unattendOption:value ...

Where

• unattendOption is an option in the Unattend install options table.


Separate each option:value pair with a space.

• value is the configuration instruction for the option

The following example creates the first domain controller in a new forest where
you expect to install at least some Windows Server 2003 domain controllers:

dcpromo /autoConfigDns:yes /dnsOnNetwork:yes


22

/replicaOrNewDomain:domain /newDomain:forest
/newDomainDnsName:contoso.com /DomainNetbiosName:contoso
/databasePath:"e:\ntds" /logPath:"e:\ntdslogs" /sysvolpath:"g:\sysvol"
/safeModeAdminPassword:FH#3573.cK /forestLevel:2 /domainLevel:2
/rebootOnCompletion:yes

2. When you have typed all the options that are required to create the forest,
press ENTER.

Importing localized display specifiers on a Server Core


implementation of a new forest
For Windows Server "Longhorn" Beta 2 only, if you create a new AD DS on a computer
that is running a Server Core installation of Windows Server "Longhorn", the non-English
display specifiers are not imported automatically as they are for a new forest that is
created on a server that is running a Full installation of Windows Server "Longhorn". As a
result, some areas of the UI might appear in English instead of another language.

To correct this problem, you must manually import the display specifiers from the Server
Core domain controller from which you created the forest.

Administrative credentials

Administrator account in the forest root domain.

To import localized display specifiers on a Server Core forest root domain


controller
1. Log on to the first domain controller that was created in a forest and that is
installed on a server running a Server Core installation of Windows Server
"Longhorn".
2. Open a command prompt, type the following command, and then press
ENTER:

%windir%\system32\dcphelp.exe

3. Immediately after running dcphelp.exe, verify that the operation was


successful by checking the error level returned by dcphelp.exe. Type the
following command, and then press ENTER:

echo %errorlevel%

4. Check the returned value, and then do one of the following:

• If the returned value equals 0, check %windir%\debug\csv.log to see the


import result.
23

• If a value other than 0 is returned, check %windir


%\debug\dcpromohelp.log for more information to help troubleshoot the
issue.

Installing a new Windows Server "Longhorn" domain in an


existing Windows Server 2003 or Windows 2000
Server forest
Before you install the first Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest, you must do the following:

• If this domain controller is the first Windows Server "Longhorn" domain controller
that you are adding to the forest, prepare the forest by updating the schema.

• If you plan to install an RODC in the forest after you install the initial
Windows Server "Longhorn" domain controller, you must also run the command
adprep /rodcprep. For additional requirements for installing an RODC in a
Windows Server 2003 forest, see the Step-by-Step Guide for Planning, Deploying,
and Using a Windows Server "Longhorn" Beta 2 Read-only Domain Controller in this
documentation set.

You can install a new Windows Server "Longhorn" domain in an existing


Windows Server 2003 or Windows 2000 Server forest by using the following procedures:

• Prepare the forest schema for Windows Server "Longhorn".

• Install a new domain, as follows:

• Interactively, by using the Windows interface

• Unattended, by using an answer file

• Unattended, by entering unattended installation parameters at the command


line

Preparing the forest schema for Windows Server "Longhorn"


Before you can add a domain controller that is running Windows Server "Longhorn" to an
Active Directory environment running Windows 2000 Server or Windows Server 2003,
you must update the schema. You must update the Active Directory schema from the
domain controller that hosts the schema operations master role. If you are performing an
unattended installation of AD DS with Windows Server "Longhorn", you must update the
schema before you install the operating system. For normal installations, you must
update the schema after you run Setup and before you install AD DS. Use the following
24

procedure to update the Windows Server 2003 or Windows 2000 Server Active Directory
schema for Windows Server "Longhorn".

Administrative credentials

You must use an account that has membership in all of the following groups: Enterprise
Admins, Schema Admins, and Domain Admins. By default, Domain Admins is a member
of Enterprise Admins.

To prepare the forest schema for Windows Server "Longhorn"


1. Log on to the schema master as a member of the Enterprise Admins,
Schema Admins, and Domain Admins groups.

2. Insert the Windows Server "Longhorn" DVD into the CD or DVD drive. Copy
the contents of the \sources\adprep folder to an Adprep folder on the schema
master.

3. Open a command prompt, and then change directories to the Adprep folder.

4. At the command prompt, type the following, and then press ENTER:

adprep /forestprep

5. Allow the operation to complete, and then allow the changes to replicate
before performing the next procedure.

Installing a new Windows Server "Longhorn" domain by using the


Windows interface
The Windows interface provides wizards that step you through the AD DS installation
process.

Administrative credentials
You must be a member of the Domain Admins group in the parent domain, or you must
be a member of the Enterprise Admins group in the forest.

To install a new domain by using the Windows interface


1. In Initial Configuration Tasks or Server Manager, click Add roles.

2. In the Add Roles Wizard, on the Before You Begin page, review the
preliminary verification steps. When you complete all the preliminary steps, click
Next.

3. On the Select Server Roles page, select AD DS, and then click Next.
25

4. On the Active Directory Domain Services page, review the introductory


notes, and then click Next to confirm your selections, or click Install to proceed
with installation.

5. On the Welcome to the Active Directory Domain Services Installation


Wizard page, click Next, or, to use the advanced option if you want to identify the
source domain controller for AD DS replication, select Use Advanced mode
installation.

6. On the Choose a Deployment Configuration page, click Existing forest


and New domain, and then click Next.

7. On the Network credentials page, provide the user name and password for
an account that has at least Domain Admins privileges in the parent domain, and
then click Next.

8. On the Name the New Domain page, type the parent and child domain
names according to the instructions, and then click Next.

9. On the Domain NetBIOS Name page, change the name, if necessary, and
then click Next.

10. On the Set Domain Functional Level page, select the domain functional
level that accommodates the domain controllers that you plan to install anywhere
in the domain, and then click Next.

11. On the Select Site page, select a site from the list or select the option to
install the domain controller in the site that corresponds to its IP address, and
then click Next.

12. On the Additional Options page, make the following selections, and then
click Next:

• DNS server: This option is selected by default so that your domain


controller can function as a DNS server and a delegation is created in DNS
for this domain.

• Global Catalog: This option adds the global catalog, read-only directory
partitions to the domain controller and enables global catalog search
functionality.

13. If you have selected the advanced installation mode, on the Source Domain
Controller page, specify a domain controller from which to replicate the
configuration and schema directory partitions, and then click Next.

14. On the Location for Database, Log Files and SYSVOL page, type or
browse to the volume and folder locations for the database file, the directory
26

service log files, and the system volume (SYSVOL) files, and then click Next.

Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.

15. On the Active Director Domain Services Restore Mode Administrator


Password page, type and confirm the restore mode password, and then click
Next. This password must be used to start AD DS in Directory Service Restore
Mode for tasks that must be performed offline.

16. On the Summary page, review your selections. Click Back to change any
selections, if necessary, and when you are sure that your selections are accurate,
click Next to install AD DS.

17. When you are prompted, restart the server to complete the AD DS
installation.

Installing a new Windows Server "Longhorn" domain unattended by


using an answer file
You can use the unattended method to install AD DS to create a new domain on a Full
installation of Windows Server "Longhorn" or on a Server Core installation of
Windows Server "Longhorn". To use the unattended method of installation, you must first
prepare an answer file that contains configuration values.

You can use the following procedure to create the answer file. This procedure identifies
only the essential answer file entries for creating a new Windows Server "Longhorn"
domain. For a complete list of unattended installation options, including default values,
allowed values, and return codes, see Unattended install options.

Administrative credentials

To perform this procedure, you can use any account that has Read and Write privileges
for the text editor application.

To create an answer file for installing a new domain


1. Open Notepad or any text editor.

2. On the first line, type [DCINSTALL] and then press ENTER.

3. Create the following entries, one entry on each line. These options are the
minimum options that are required for a new domain installation with DNS
configured automatically. For a complete list of unattended installation options,
including default values, allowed values, and descriptions, see Unattended install
27

options.

ParentDomainDNSName=<fully qualified DNS name of parent domain>

UserName=<administrative account in parent domain>

Password=<password for the account in UserName>

NewDomain=child

ChildName=<fully qualified DNS name of new domain>

NewDomainDNSName=<fully qualified DNS name of new domain>

DomainNetBiosName=<usually, first label of the fully qualified DNS name>


ReplicaOrNewDomain=domain

DomainLevel=<domain functional level number>

DatabasePath=<path to a folder on a local volume, surrounded by double


quotation marks>

LogPath=<path to a folder on a local volume, surrounded by double quotation


marks>

SYSVOLPath=<path to a folder on a local volume, surrounded by double


quotation marks>

AutoConfigDNS=yes

DNSDelegation=yes

DNSDelegationUserName=<if different from the account that is being used to


install AD DS, the account in the parent domain that has the privileges that are
required to create a DNS delegation>

DNSDelegationPassword=<if using a different account for


DNSDelegationUserName, the password for the account>

DNSOnNetwork=yes

SafeModeAdminPassword=<password>

RebootOnCompletion=yes

4. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network share or removable media
for distribution.

5. Use the procedure "To install a new domain controller by using an answer
file" to install the new domain.
28

Installing a new Windows Server "Longhorn" domain by entering


unattended installation parameters at the command line
Use the procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to install the new domain, but use the unattend options
that are appropriate for creating a new domain.

Installing a Windows Server "Longhorn" domain controller


in an existing Windows Server 2003 or Windows 2000
Server domain
Before you install the first Windows Server "Longhorn" domain controller in an existing
Windows Server 2003 or Windows 2000 Server domain, you must do the following:

• Prepare the forest by updating the schema, if necessary. For instructions to


prepare the forest, see "Prepare the forest schema for Windows Server "Longhorn""
in Installing a new Windows Server "Longhorn" domain in an existing
Windows Server 2003 or Windows 2000 Server forest.

• Prepare the domain by running adprep /domainprep on the infrastructure


operations master.

• If you are installing an RODC in an existing Windows Server 2003 domain, you
must also run the adprep /rodcprep command. For information about installing an
RODC, see the Step-by-Step Guide for Planning, Deploying, and Using a Windows
Server "Longhorn" Beta 2 Read-only Domain Controller in this documentation set.

You also have the option to use the install from media (IFM) method of installation. For
this option, you must have prepared installation media from a restored backup of a
domain controller in the same domain. For information about using IFM to install a
domain controller in an existing domain, see Installing AD DS from restored backup
media.

Preparing the domain for Windows Server "Longhorn"


Use the following procedure to prepare the domain for Windows Server "Longhorn".

Administrative credentials

You must be a member of the Domain Admins group to perform this procedure.

To prepare the domain for Windows Server "Longhorn"


1. Identify the domain infrastructure operations master role holder as follows:
29

• In Active Directory Users and Computers, right-click the domain object,


click Operations Masters, and then click Infrastructure.

2. Log on to the infrastructure master as a member of the Domain Admins


group.

3. Insert the Windows Server "Longhorn" DVD into the CD or DVD drive. Copy
the contents of the \sources\adprep folder to an Adprep folder on the
infrastructure master.

4. Open a command prompt, and then change directories to the Adprep folder

5. If this domain controller is the first Windows Server "Longhorn" domain


controller in a Windows 2000 Server domain, type the following, and then press
ENTER:

adprep /domainprep /gpprep

6. If this domain controller is the first Windows Server "Longhorn" domain


controller in a Windows Server 2003 domain, type the following, and then press
ENTER:

adprep /domainprep

If you prepare a Windows Server 2003 domain by running adprep


/domainprep /gpprep, you can safely disregard the error that indicates that
domain updates were not necessary.

7. Allow the operation to complete, and then allow the changes to replicate
before performing the next procedure.

Installing a Windows Server "Longhorn" domain controller by using


the Windows interface
You can use the Active Directory Domain Services Installation Wizard to create a domain
controller in an existing domain. If you use the advanced options in the wizard, you can
control how AD DS is installed on the server, either by IFM or by replication:

• IFM: You can provide a location for installation media that you have restored from
a backup of a similar domain controller in the same domain.

• Replication: You can specify a domain controller in the domain from which to
replicate AD DS.

Administrative credentials

To perform this procedure, you must be a member of the Domain Admins group in the
domain that is being installed.
30

To install a domain controller in an existing domain by using the Windows


interface
1. In Initial Configuration Tasks or Server Manager, click Add roles.

2. In the Add Roles Wizard, on the Before You Begin page, review the
preliminary verification steps. When you complete all the preliminary steps, click
Next.

3. On the Select Server Roles page, select Active Directory Domain


Services, and then click Next.

4. On the Active Directory Domain Services page, review the introductory


notes, and then click Next to confirm your selections, or click Install to proceed
with installation.

5. On the Welcome to the Active Directory Domain Services Installation


Wizard page, click Next, or, if you want to perform an IFM installation or identify
the source domain controller for AD DS replication, select Use Advanced mode
installation.

6. On the Choose a Deployment Configuration page, click Existing forest


and Existing domain, and then click Next.

7. On the Network credentials page, provide the user name and password for
an account that has at least Domain Admins privileges in the domain to which
you are adding the domain controller, specify the domain name, and then click
Next.

8. On the Select Domain page, select the domain of the new domain controller,
and then click Next.

9. On the Select Site page, select a site from the list or select the option to
install the domain controller in the site that corresponds to its IP address, and
then click Next.

10. On the Additional Options page, make the following selections, and then
click Next:

• DNS server: This option is selected by default so that your domain


controller can function as a DNS server. If you do not want the domain
controller to be a DNS server, clear this option.

• Global Catalog: This option adds the global catalog, read-only directory
partitions to the domain controller, and it enables global catalog search
functionality.

• Read-only domain controller. This option is not compatible with the


31

global catalog. For information about installing a read-only domain controller,


see the Step-by-Step Guide for Planning, Deploying, and Using a Windows
Server "Longhorn" Beta 2 Read-only Domain Controller in this documentation
set.

11. If you selected the advanced installation mode, you can specify the following
advanced options:

a. On the Install from Media? page, you can provide the location of
installation media to be used to create the domain controller and configure
AD DS, or you can allow replication over the network. For information about
using this method to install the domain controller, see Installing AD DS from
restored backup media.
b. On the Source Domain Controller page, you can specify a domain
controller from which to replicate the configuration and schema directory
partitions. If you select This specific domain controller, you can select the
domain controller that you want to provide source replication to create the
new domain controller, and then click Next.

12. On the Location for Database, Log Files and SYSVOL page, type or
browse to the volume and folder locations for the database file, the directory
service log files, and the system volume (SYSVOL) files, and then click Next.

Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.

13. On the Active Directory Domain Services Restore Mode Administrator


Password page, type and confirm the restore mode password, and then click
Next. This password must be used to start AD DS in Directory Service Restore
Mode for tasks that must be performed offline.

14. On the Summary page, review your selections. Click Back to change any
selections, if necessary. When you are sure that your selections are accurate,
click Next to install AD DS.

15. When you are prompted, restart the server to complete the AD DS
installation.

Installing a Windows Server "Longhorn" domain controller by using


an answer file
The answer file that you use to create a new domain controller must have the replica
options specified. Use the following procedure to create the answer file.
32

Administrative credentials

To perform this procedure, you can use any account that has Read and Write privileges
for the text editor application.

To create an answer file for installing a new domain controller


1. Open Notepad or any text editor.

2. On the first line, type [DCINSTALL], and then press ENTER.

3. Create the following entries, one entry on each line. These options are the
minimum options that are required for a new domain controller installation with
DNS configured automatically. For a complete list of unattended installation
options, including default values, allowed values, and descriptions, see
Unattended install options.

UserName=<administrative account in the domain of the new domain controller>

UserDomain=<name of the domain of the new domain controller>

Password=<password for the account in UserName>

ReplicaOrNewDomain=replica

LogPath=<path to a folder on a local volume, surrounded by double quotation


marks>

SYSVOLPath=<path to a folder on a local volume, surrounded by double


quotation marks>

DNSOnNetwork=yes

SafeModeAdminPassword=<password>

RestartOnCompletion=yes
4. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network share or removable media
for distribution.

5. Use the procedure "To install a new domain controller by using an answer
file" to install the new domain controller.
33

Installing a new Windows Server "Longhorn" domain controller by


entering unattended installation parameters at the command
line
Use the procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to install the new domain controller, but use unattended
options that are appropriate for creating a new domain controller in an existing domain.

Installing AD DS from restored backup media


You can use installation media from a restored backup of an existing domain controller in
the domain to install a new domain controller in the same domain. IFM is an effective
method for minimizing replication of all directory data when you install AD DS, such as on
the first domain controller in a remote site. For information about how to prepare
installation media from a restored AD DS backup, see the Step-by-Step Guide for
Windows Server "Longhorn" Beta 2 Active Directory Domain Services Backup and
Recovery in this documentation set.

Requirements for installing from restored backup media include the following:

• You must have restored backup media that is prepared from a similar domain
controller in the same domain, as follows:

• For Windows Server "Longhorn" Beta 2 only, you can use restored backups
of only Full installation domain controllers to install AD DS on Full installation
servers. You cannot use IFM to install AD DS on a Server Core installation.

• You can use backup media from an RODC to install only other RODCs.

• Backup media must be created from a domain controller that has the same
operating system version and platform as the target server.
• For Windows Server "Longhorn" Beta 2 only, you can install AD DS from backup
media only by using the Windows interface. You cannot use an unattended
installation to install a domain controller from backup media.

Use the following procedure to use the IFM method of installing AD DS on a server in the
same domain.

Administrative credentials

To perform this procedure, you must be a member of the Domain Admins group in the
domain that is being installed.
34

To install a domain controller from backup media by using the Windows


interface
1. Prepare backup media according to instructions in the Step-by-Step Guide
for Windows Server "Longhorn" Beta 2 Active Directory Domain Services Backup
and Recovery in this documentation set.

2. In Initial Configuration Tasks or Server Manager, click Add roles.

3. In the Add Roles Wizard, on the Before You Begin page, review the
preliminary verification steps. When you complete all the preliminary steps, click
Next.

4. On the Select Server Roles page, select Active Directory Domain


Services, and then click Next.

5. On the Active Directory Domain Services page, review the introductory


notes, and then click Next to confirm your selections, or click Install to proceed
with installation.

6. On the Welcome to the Active Directory Domain Services Installation


Wizard page, select Use Advanced mode installation.

7. On the Choose a Deployment Configuration page, click Existing forest


and Existing domain, and then click Next.

8. On the Network credentials page, provide the user name and password for
an account that has at least Domain Admins privileges in the domain to which
you are adding the domain controller, specify the domain name, and then click
Next.

9. On the Select Domain page, select the domain of the new domain controller,
and then click Next.
10. On the Select Site page, select a site from the list or select the option to
install the domain controller in the site that corresponds to its IP address, and
then click Next.

11. On the Additional Options page, select additional options according to the
configuration of the backup domain controller, and then click Next:

12. On the Install from Media? page, click Install from media at the location
below.

13. In Location, type or browse to the disk drive location of the installation
media.

14. On the Location for Database, Log Files and SYSVOL page, type or
browse to the volume and folder locations for the database file, the directory
35

service log files, and the system volume (SYSVOL) files, and then click Next.

Windows Server Backup backs up the directory service by volume. For backup
and recovery efficiency, store these files on separate volumes that do not contain
applications or other nondirectory files.

15. On the Active Directory Domain Services Restore Mode Administrator


Password page, type and confirm the restore mode password, and then click
Next. This password must be used to start AD DS in Directory Service Restore
Mode for tasks that must be performed offline.

16. On the Summary page, review your selections. Click Back to change any
selections, if necessary. When you are sure that your selections are accurate,
click Next to install AD DS.

17. When you are prompted, restart the server to complete AD DS installation.

Additional considerations

• Dcpromo.exe installs AD DS using the data in the restored files, which eliminates
the need to replicate every object from a partner domain controller. However, objects
that were modified, added, or deleted since the backup was taken must be replicated.
If the backup was recent, the amount of replication that is required will be
considerably less than the amount of replication that is required for a regular AD DS
installation.

Verifying an AD DS installation
After you install AD DS, verify key functionality such as DNS resource record registrations
and SYSVOL replication. For verification steps to perform after installing AD DS, see
Verifying Active Directory Installation (http://go.microsoft.com/fwlink/?LinkId=68736).

Steps for removing AD DS


The following sections provide step-by-step instructions for removing AD DS in all
configurations, including methods for removing the server role on both Full
Windows Server "Longhorn" installations and Server Core Windows Server "Longhorn"
installations. Methods are described for performing installations by using both the
Windows interface and the command line.

The unattended method of removing AD DS is required for Server Core operating


systems. The process for performing an unattended removal of AD DS is the same for a
server that is running a Full installation of Windows Server "Longhorn" or a Server Core
installation of Windows Server "Longhorn".
36

For Windows Server "Longhorn" Beta 2 installations only, you must uninstall the directory
service binaries manually when you use an unattended method to remove AD DS.

Procedures to remove AD DS are provided for the following scenarios:

• Removing a Windows Server "Longhorn" domain controller from a domain

• Removing the last Windows Server "Longhorn" domain controller in a domain

• Removing the last Windows Server "Longhorn" domain controller in a forest

Removing a Windows Server "Longhorn" domain


controller from a domain
The procedures in this section describe the methods for removing the last domain
controller in the domain.

Removing a Windows Server "Longhorn" domain controller by using


the Windows interface
You can use the Active Directory Domain Services Installation Wizard to remove a
domain controller from an existing domain.

Administrative credentials

To perform this procedure, you must be a member of the Domain Admins group in the
domain.

To remove a domain controller by using the Windows interface


1. On the Start menu, click Administrative Tools, and then click Server
Manager.

2. Under Roles Summary, click Remove roles.

3. In the Remove Roles Wizard, under Roles, select Active Directory


Domain Services, and then click Next.

4. On the Confirm Removal Options page, confirm the removal options, and
then click Remove.

5. In the Welcome to the Active Directory Domain Services Installation


Wizard page, click Next.

6. On the Delete Domain? page, make no selection, and click Next.

7. If the domain controller has application directory partitions, on the


Application Directory Partitions page, view the application directory partitions
37

in the list, and then remove or retain application directory partitions, as follows:

• If you do not want to retain any application directory partitions that are
stored on the domain controller, click Next.

• If you want to retain any application directory partition that an application


has created on the domain controller, use the application that created the
partition to remove it, and then click Update to update the list.

8. On the Confirm Deletion page, select the option to delete all application
directory partitions on the domain controller, and then click Next.

9. On the Administrator Password page, type and confirm a secure password


for the local Administrator account, and then click Next.
10. On the Summary page, review your selections, and then click Next to
remove AD DS.

11. When you are prompted, restart the server to complete AD DS removal.

Removing a Windows Server "Longhorn" domain controller by using


an answer file
The answer file that you use to remove a domain controller in a domain where other
domain controllers exist requires only Domain Admin credentials. You can also create the
password for the local Administrator account for the member server. If you do not specify
the password in the answer file, the administrator password is blank.

Administrative credentials

To perform this procedure, you must be a member of the Domain Admins group in the
domain.

To create an answer file for removing a domain controller


1. Open Notepad or any text editor.

2. On the first line, type [DCINSTALL], and then press ENTER.

3. Create the following entries, one entry on each line. For a complete list of
unattended installation options, including default values, allowed values, and
descriptions, see Unattended install options.

username=<administrative account in the domain>

password=<password for the account in UserName>

administratorpassword=<local administrator password for server>


38

removeapplicationpartitions=yes

4. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network shared folder or removable
media for distribution.

5. The Dcpromo command to use an answer file is the same for both removing
and installing a domain controller. Use the procedure "To install a new domain
controller by using an answer file" to remove the domain controller.

Removing a Windows Server "Longhorn" domain controller by


entering unattended installation parameters at the command
line
The Dcpromo command that you use to enter unattended installation parameters at the
command line is the same for both removing and installing a domain controller. Use the
procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to remove the domain controller, but use unattend
options that are appropriate for removing a domain controller from an existing domain.

Removing AD DS binaries
After you remove AD DS from a domain controller running Windows Server "Longhorn"
Beta 2, you must manually remove the AD DS binary files. This is a known issue for
Windows Server "Longhorn" Beta 2, but it will not be required in further Windows Server
"Longhorn" Beta releases.

Caution
Do not run this command on an installed domain controller. Be sure to restart the
server after removing AD DS before you run this command. Running this
command on an installed domain controller results in data loss on the domain
controller and requires a reinstallation of the operating system.

Administrative credentials

To perform this procedure, you must be a member of the local Administrators group on
the member server.

To remove AD DS binaries
1. Remove AD DS from the server, and then restart the server.

2. At a command prompt, type the following, and then press ENTER:


39

start /w pkgmgr /uu:DirectoryServices-DomainController /l:dcuninstall.log

start /w is optional if you want to retain the command prompt until the process
completes.

Removing the last Windows Server "Longhorn" domain


controller in a domain
The procedures in this section describe the methods for removing the last domain
controller in the domain.

Removing the last Windows Server "Longhorn" domain controller in


a domain by using the Windows interface
The Active Directory Domain Services Installation Wizard provides all the steps that you
need to remove the domain. During domain removal, the Active Directory Domain
Services Installation Wizard displays a list of all the application directory partitions that
are stored on the domain controller. If there are application directory partitions that were
created by an application other than AD DS, you can use the appropriate application to
remove these directory partitions, or you can let the Active Directory Domain Services
Installation Wizard remove them.

Application directory partitions that are created by AD DS, such as the DomainDNSZones
and ForestDNSZones application directory partitions, cannot be retained if you remove
AD DS.

Administrative credentials

To complete this procedure, you must be a member of the Domain Admins group in the
parent domain or a member of the Enterprise Admins group in the forest.

To remove the last domain controller in a domain by using the Windows


interface
1. On the Start menu, click Administrative Tools, and then click Server
Manager.

2. Under Roles Summary, click Remove roles.

3. In the Remove Roles Wizard, under Roles, select Active Directory


Domain Services, and then click Next.

4. On the Confirm Removal Options page, confirm the removal options, and
then click Remove.
40

5. In the Welcome to the Active Directory Domain Services Installation


Wizard page, click Next.

6. On the Delete Domain? page, select the option to delete the domain. Before
you continue, read the instructions for managing the removal of cryptographic
keys and the decryption of Encrypting File System (EFS)–encrypted files, and
perform these actions, if necessary. When you are sure that you have completed
all security tasks, click Next.

7. If the domain controller has application directory partitions, on the


Application Directory Partitions page, view the application directory partitions
in the list and remove or retain application directory partitions, as follows:
• If you do not want to retain any application directory partitions that are
stored on the domain controller, click Next.

• If you want to retain any application directory partition that an application


has created on the domain controller, use the application that created the
partition to remove it, and then click Update to update the list.

8. On the Confirm Deletion page, select the option to delete all application
directory partitions on the domain controller, and then click Next.

9. On the Administrator Password page, type and confirm a secure password


for the local Administrator account, and then click Next.

10. On the Summary page, review your selections, and then click Next to
remove AD DS.

11. When you are prompted, restart the server to complete AD DS removal.

For information about cryptographic keys and certificate management, see


Windows Server 2003 PKI Operations Guide (http://go.microsoft.com/fwlink/?
LinkId=68752). For information about EFS, see Encrypting File System Technical
Reference (http://go.microsoft.com/fwlink/?LinkId=68751).

Removing the last Windows Server "Longhorn" domain controller in


a domain by using an answer file
The answer file that specifies that you are removing the last domain controller in the
domain must include that instruction, and it must specify the parent domain.

Administrative credentials

To complete this procedure, you must be a member of the Domain Admins group in the
parent domain or a member of the Enterprise Admins group in the forest.
41

To create an answer file for removing the last domain controller in a domain
1. On the first line, type [DCINSTALL], and then press ENTER.

2. Create the following entries, one entry on each line. For a complete list of
unattend installation options, including default values, allowed values, and
descriptions, see Unattended install options.

ParentDomainDNSName=<fully qualified DNS name of parent domain>

UserName=<administrative account in parent domain>

Password=<password for the account in UserName>

IsLastDCInDomain=yes

AdministratorPassword=<local administrator password for server>

RemoveApplicationPartitions=<yes if you want to remove the partitions. If you


want to retain them, you do not need this entry.>

3. Save the answer file to the location on the installation server from which it is
to be called by Dcpromo, or save the file to a network share or removable media
for distribution.

4. The Dcpromo command to use an answer file is the same for both removing
and installing a domain controller. Use the procedure "To install a new domain
controller by using an answer file" to remove the domain controller.

Removing the last Windows Server "Longhorn" domain controller in


a domain by entering unattended installation parameters at
the command line
The Dcpromo command that you use to enter unattended installation parameters at the
command line is the same for both removing and installing a domain controller. Use the
procedure "To install a new domain controller by entering unattended installation
parameters at the command line" to remove the domain controller, but use unattend
options that are appropriate for removing the last domain controller in the domain.

Removing the last Windows Server "Longhorn" domain


controller in a forest
The procedures in this section describe the methods that you can use to remove the last
domain controller in an AD DS forest.
42

Removing the last Windows Server "Longhorn" domain controller in


a forest by using the Windows interface
Use the following procedure to remove the forest.

Administrative credentials

To complete this procedure, you must be a member of the Domain Admins group in the
forest root domain or the Enterprise Admins group in the forest.

To remove the last domain controller in a forest by using the Windows


interface
1. On the Start menu, click Administrative Tools, and then click Server
Manager.

2. Under Roles Summary, click Remove roles.

3. In the Remove Roles Wizard, under Roles, select Active Directory


Domain Services, and then click Next.

4. On the Confirm Removal Options page, confirm the removal options, and
then click Remove.

5. On the Welcome to the Active Directory Domain Services Installation


Wizard page, click Next.

6. On the Delete Domain? page, select the option to delete the domain and
forest. Before you continue, read the instructions for managing the removal of
cryptographic keys and the decryption of EFS-encrypted files, and perform these
actions, if necessary. When you are sure that you have completed all security
tasks, click Next.

7. If the domain controller has application directory partitions, on the


Application Directory Partitions page, view the application directory partitions
in the list, and then remove or retain application directory partitions, as follows:

• If you do not want to retain any application directory partitions that are
stored on the domain controller, click Next.

• If you want to retain any application directory partition that an application


has created on the domain controller, use the application that created the
partition to remove it, and then click Update to update the list.

8. On the Confirm Deletion page, select the option to delete all application
directory partitions on the domain controller, and then click Next.

9. On the Administrator Password page, type and confirm a secure password


43

for the local Administrator account, and then click Next.

10. On the Summary page, review your selections, and then click Next to
remove AD DS.

11. When you are prompted, restart the server to complete AD DS removal.

Removing the last Windows Server "Longhorn" domain controller in


a forest by using an answer file
The Dcpromo unattend options for removing the last domain controller in a forest are the
same as the unattend options for removing the last domain controller in a domain. Use
the procedure "To create an answer file for removing the last domain controller in a
domain" to create the answer file for removing the last domain controller in the forest.
Use the procedure "To install a new domain controller by using an answer file" to remove
the domain controller.

Removing the last Windows Server "Longhorn" domain controller in


a forest by entering unattended installation parameters at the
command line
The Dcpromo command that you use to enter unattend parameters at the command line
is the same for both removing and installing a domain controller. Use the procedure "To
install a new domain controller by entering unattended installation parameters at the
command line" to remove the domain controller, but use unattend options that are
appropriate for removing the last domain controller in the domain. Because the forest root
domain is the domain that you are removing, the options for removing the domain
effectively remove the forest itself.

Appendix of unattended installation


parameters
The tables in this appendix provide the information that you need to create an answer file
for installing or uninstalling AD DS in unattended mode.

Dcpromo.exe accepts these parameters either directly from the command line or as
entered in a text file that is formatted in standard.INI format. The text file must contain a
section heading [DCINSTALL] followed by AD DS (domain controller) server role
unattended installation parameters.

Create a text file that contains the [DCINSTALL] heading and in which each line in the file
contains an option and its value in the form option=value. To use the options directly from
44

the command line, precede each option:value pair with a forward slash (/) and separate
each /option=value pair with a space. At the command line, you can also use a colon (:)
to separate the option and the value (/option:value).

The following are example lines in an answer text file:

[DCINSTALL]

The following is an example set of the same options as typed in the Dcpromo.exe
command line:

dcpromo /unattend /username:Jsmith /password:SP#f357.2 ...

Unattended general options


The option in the following table is available for unattended installation and removal of
AD DS. This option is new in Windows Server "Longhorn".

General options Parameters Default value Description

/RebootOnCompletion Yes | No Yes Restart the


computer when the
operation is
complete, whether
or not the
operation is
successful.

Unattended install options


The following new options are available for unattended installations of AD DS. Options
that are new in Windows Server "Longhorn" appear in bold text.

Install options Parameters Default value Description

/AdministratorPassword password Specifies a local


Administrator account
password for the
computer after AD DS
is removed.

/AllowDomainReinstall Yes | No No If Dcpromo detects


that the domain
45

Install options Parameters Default value Description

already exists,
specifies whether to
recreate the domain.

AllowDomainControllerReinstall Yes | No No When a replica


domain controller is
added, if Dcpromo
detects that the
domain controller
already exists,
specifies whether to
overwrite the domain
controller data of the
existing domain
controller.

/ApplicationPartitionsToReplicate "partition_DN_1 Space-separated (or


partition_DN_2 comma-and-space-
...partition_DN_n" separated)
distinguished names,
with the entire string
enclosed in quotation
marks, of application
directory partitions that
you want to include
when you use restored
backup media to install
AD DS (or * to include
all application directory
partitions).

/AutoConfigDNS Yes | No Yes Specifies whether


DNS is configured for
a new domain if
Dcpromo detects that
the DNS dynamic
update protocol is not
available, or if
Dcpromo detects an
insufficient number of
46

Install options Parameters Default value Description

DNS servers for an


existing domain.

/ChildName child_domain_name Specifies whether to


append the DNS label
for the new domain at
the beginning of the
name of an existing
directory service
domain when installing
a child domain.

/ConfirmGc Yes | No Yes Specifies whether the


domain controller is a
global catalog server.

/CriticalReplicationOnly Yes | No Yes Specifies whether to


skip noncritical (and
potentially lengthy)
portions of replication
and allow Dcpromo to
complete before
replication is complete.

/DatabasePath path_to_database_files %systemroot%\ Location of the


NTDS Ntds.dit file.

/DisableCancelForDnsInstall Yes | No No Specifies whether to


disable the Cancel
button during a DNS
installation. This option
is retained for
backward compatibility
with
Windows Server 2003
unattend files. It is
ignored if it is used for
Windows Server
"Longhorn".

/DNSDelegation Yes | No Computed Indicates whether to


automatically create a DNS
47

Install options Parameters Default value Description

based on the delegation that


environment. references this new
DNS server. Valid for
Active Directory–
integrated DNS only.

/DNSDelegationUserName user_name The user name to be


used when the DNS
delegation is created
in the parent zone and
credentials are
different from the
credentials provided
for AD DS role
installation or removal.

/DNSDelegationPassword Password The password for the


user name that is used
to create the DNS
delegation.

/DNSOnNetwork Yes | No Yes Specifies whether to


set DNS server
addresses
automatically.

/DomainLevel 0|2|3 Based on Specifies the domain


levels existing functional level when a
in the forest new domain is created
in an existing forest,
as follows:

0 = Windows 2000
Server Native

2 = Windows
Server 2003 Native

3 = Windows Server
"Longhorn"

/DomainNetBiosName domain_NetBIOS_name First label of Assigns a network


DNS name basic input/output
48

Install options Parameters Default value Description

system (NetBIOS)
name to the new
domain.

/ForestLevel 0|2|3 0 Specifies the forest


functional level when a
new domain is created
in a new forest, as
follows:

0 = Windows 2000
Server Native

2 = Windows
Server 2003 Native

3 = Windows Server
"Longhorn"

ForestLevel replaces
SetForestVersion in
Windows Server 2003.

/LogPath Path_to_log_files %systemroot%\ Specifies the location


NTDS of the database log
files

/NewDomain Forest | Tree | Child Forest Specifies the type of


new domain:

• The root
domain of a new
forest

• The root
domain of a new
tree in an existing
forest

• A child domain
in an existing
forest

The type of new


domain must be
49

Install options Parameters Default value Description

specified when AD DS
is installed on a
Windows Server
"Longhorn" Server
Core installation.

/NewDomainDNSName DNS_domain_name The required name of


a new forest or a new
tree in an existing
forest.

/OnDemandAllowed Security_Principal | NONE The name of one or


more security
principals that are
replicated to this
RODC, specified
within quotation
marks. To specify
more than one security
principal, add the entry
multiple times.

In Windows Server
"Longhorn" Beta 2, if
you have no security
principals to add,
leave this entry blank.
Using the value
"NONE" causes the
unattended RODC
installation to fail. This
issue will be resolved
for Windows Server
"Longhorn" Beta 3.

/OnDemandDenied Security_Principal | NONE The name of one or


more security
principals that are not
to be replicated to this
RODC. To specify
more than one security
50

Install options Parameters Default value Description

principal, add the entry


multiple times.

/ParentDomainDNSName DNS_domain_name The DNS domain


name of an existing
parent domain when a
child domain is
removed or installed.

/Password password The password for the


account name (the
value in UserName) to
use for installing or
removing AD DS.
Dcpromo deletes this
value after installation.

/ReplicaDomainDNSName DNS_domain_name The DNS domain


name of the domain to
replicate to this new
domain controller
replica.

/ReplicaOrNewDomain Replica | Replica Specifies whether to


Read_only_replica | install the domain
Domain controller as:

• An additional
domain controller
in an existing
domain

• An RODC in
an existing domain

• The first
domain controller
in a new domain

/ReplicationSourceDC DNS_name_of_source Indicates the full DNS


name of the domain
controller from which
AD DS data is
51

Install options Parameters Default value Description

replicated to create the


new domain controller.

/ReplicationSourcePath path_to_installation_medi The location of the


a files that are used to
install a new domain
controller by using
restored backup
media.

/SafeModeAdminPassword password | NONE The password for the


administrator account
to use when starting
the computer in Safe
Mode or a variant of
Safe Mode, such as
Directory Service
Restore Mode.

/SiteName site_name The name of an


existing site where you
can place the new
domain controller.

/Syskey NONE | system key Indicates that the user


must provide the
system key.

/SysVolPath path_to_SYSVOL_folder %systemroot%\ The path to the


sysvol SYSVOL folder, which
must be on a fixed
disk on the local
computer.

/UserDomain domain_name The domain name for


the user account that
is used to install
AD DS on a member
server.

/UserName user_name The account name of


the user who is
52

Install options Parameters Default value Description

installing AD DS.

Unattended uninstall options


The new options in the following table are available for unattended removal of AD DS.
Options that are new in Windows Server "Longhorn" are shown in bold type.

Uninstall options Parameters Default Description


value

/AdministratorPassword admin_password Sets the local


administrator
password for the
computer during
removal of a
domain controller.

/DemoteFSMO Yes | No No Indicates that a


forced removal
should continue
even if an
operations master
role is held by the
domain controller.

/ForceDemotion Indicates that the


removal proceeds if
the domain
controller is offline.

Caution: The
/ForceDemotion
switch results in
data loss on the
domain controller.

/IgnoreIsLastDcInDomainMismatch Yes | No No If you have set


IsLastDCInDomain
to Yes but there is
actually one or
53

Uninstall options Parameters Default Description


value

more other domain


controllers in the
domain, this option
specifies whether to
continue with the
removal as
configured.

/IsLastDCInDomain Yes | No No Indicates whether


the computer on
which Dcpromo is
running is the last
domain controller in
the domain.

/RemoveApplicationPartitions Yes | No No Specifies whether


to remove
application
directory partitions
during removal of a
domain controller.

Unattended installation return codes


When the unattended installation completes, Dcpromo returns one of the following codes
to indicate the status of the operation to the user. Unused numbers are reserved for
future use.

• 1-10 = success return codes

• 11-100 = failure return codes

Success return codes


The codes in the following table indicate successful completion of an AD DS installation
or removal operation.
54

Value Case Description

1 ExitSuccess The operation


succeeded.

2 ExitSuccessNeedReboot The operation


succeeded, and the
server must be restarted
manually.

3 ExitSuccessWithNonCriticalFailure The operation


succeeded, but there has
been a failure, such as a
failure with DNS
installation or delegation
configuration. Check
Dcpromoui log files, and
investigate further.

Failure return codes


The codes in the following table indicate failed completion of an AD DS installation or
removal operation.

Value Case Description

11 ExitAlreadyRunning DcPromo is already


running.

12 ExitMustBeAdministrator The user must be an


administrator.

13 ExitCertSvcInstalled Certificate Server is


installed.

14 ExitInSafeBootMode The server is running


in Safe Mode.

15 ExitRoleChangePending A role change is in


progress or requires
that the server be
restarted.

16 ExitIncorrectPlatform The server is running


55

Value Case Description

on wrong platform.

17 ExitNeedNTFS5Drive No drives are


formatted for NTFS 5.

18 ExitInsufficientWinDirSpace %windir% does not


have enough space.

19 ExitNameChangeNeedsReboot A name change is


pending.

20 ExitBadComputerName The computer name


uses invalid syntax.

21 ExitHoldsFSMOs This domain controller


holds an operations
master role, is a global
catalog server, or is a
DNS server.

22 ExitNeedToInstallTcpIp TCP/IP must be


installed or is not
functioning.

23 ExitNeedToConfigDnsFirst The DNS client must


be configured first.

24 ExitBadCredentials The supplied


credentials are not
valid or are missing
required elements.

25 ExitDcNotFound A domain controller for


the specified domain
could not be located.

26 ExitUnableReadDomainList The list of domains


could not be read from
the forest.

27 ExitMustSpecifyDomain A domain name is


missing (parent, child,
tree, or forest).

28 ExitBadDomainName The domain name is


56

Value Case Description

not valid.

29 ExitParentDomainNotExists The parent domain


does not exist.

30 ExitDomainNotInForest The specified domain


is not found in the
forest.

31 ExitChildDomainExists The child domain


already exists.

32 ExitBadNetbiosDomainName The NetBIOS name is


not valid.

33 ExitBadIFMPath The path to the IFM


files is not valid.

34 ExitBadIFMDatabase The IFM database is


bad.

35 ExitNoSyskeyForIFM A system key is


required for the IFM
database.

37 ExitBadDBPath The database path or


database log path is
not valid.

38 ExitInsuffSpaceForDB The volume does not


have enough space for
the database or the
database log.

39 ExitBadSysVolPath The SYSVOL path is


not valid.

40 ExitBadSiteName The site name is not


valid.

41 ExitMustSpecifySafeModePwd You must specify a


password for Safe
Mode.

42 ExitBadSafeModePwd The Safe Mode


password does not
57

Value Case Description

meet password
criteria.

43 ExitBadAdminPwd The administrator


password does not
meet criteria.

44 ExitBadForestName The specified forest


name is not valid.

45 ExitForestExists A forest with the


specified name
already exists.

46 ExitBadTreeName The specified name for


the tree is not valid.

47 ExitTreeExists A tree with the


specified name
already exists.

48 ExitTreeNotFitInForest The tree name does


not fit into the forest
structure.

49 ExitDomainNotExists The specified domain


does not exist.

50 ExitLastDcMismatch This is not the last


domain controller.

51 ExitUnconfirmedAppPartitions Application partitions


exist on this domain
controller.

52 ExitRequiredParameterMissing An answer file or


command-line
unattend parameters
were not provided.

53 ExitPromoDemotFailedNeedReboot The installation or


removal failed and the
server must be
restarted.
58

Value Case Description

54 ExitPromoDemotFailed The installation or


removal failed.

55 ExitPromoDemoteFailedBecauseUserCancelled The installation or


removal failed
because it was
canceled by the user.

56 ExitPromoDemotFailedBecauseUserCancelledNeedReboot The installation or


removal failed
because it was
canceled by the user.
The computer must be
restarted to return to
the previous state.

57 ExitDomainReadOnlyReplicaGroupNotSpecified The operator failed to


specify one of the
required RODC
groups
(allowed/denied).

58 ExitDomainReadOnlyReplicaSiteNotSpecified The operator failed to


specify the site name
for an RODC.

59 ExitLastDnsServer The domain controller


appears to be the last
DNS server for one of
its Active Directory–
integrated zones.

60 ExitDomainReadOnlyReplicaPdcNotLonghorn The Primary Domain


Controller (PDC)
emulator for the
domain is not running
Windows Server
"Longhorn".

61 ExitInstallDNSNotAllowed You cannot install


AD DS with DNS in an
existing domain that
does not already host
59

Value Case Description

DNS.

62 ExitAnswerFileMissingSectionName The answer file does


not have a [DCInstall]
section.

63 ExitInsufficientForestFunctionalLevelForRodc The forest functional


level is less than
Windows Server 2003.

64 ExitPromoFailedBecauseComponentBinaryDetectionFailed The installation failed


because the
installation of the
AD DS binaries on the
server could not be
determined.

65 ExitPromoFailedBecauseComponentBinaryInstallationFailed The installation failed


because the AD DS
binaries could not be
installed.

66 ExitPromoFailedBecauseOSDetectionFailed The installation failed


because the operating
system installation
option (whether Server
Core installation or
Full installation) could
not be determined.

67 ExitRodcCannotBeAGC The RODC cannot be


a global catalog server

68 ExitInvalidReplicationPartner The replication partner


is not valid.

69 ExitRequiredPortInUse The required port is


already in use by
some other
application.

70 ExitForestRootDcMustBeGc The first forest root


domain controller must
be a global catalog
60

Value Case Description

server.

71 ExitDnsAlreadyInstalled DNS server is already


installed.

72 ExitIsAppServer The installation failed


because the server is
a Terminal Services
application server.

73 ExitInvalidForestFunctionalLevel The specified forest


functional level is not
valid.

74 ExitInvalidDomainFunctionalLevel The specified domain


functional level is not
valid.

75 ExitDefaultPasswordReplicationPolicyCannotBeDetermined Unable to determine


the default password
replication policy.

76 ExitInvalidPasswordReplicationPolicy Specified allowed and


denied security groups
for the password
replication policy are
not valid.

77 ExitInvalidArgument The specified


argument is not valid.

78 ExitForestCheckFailed The installation failed


because the Active
Directory forest could
not be examined.

79 ExitRodcNDNCNotPrepped An RODC cannot be


installed because
adprep /rodcprep has
not been performed.

80 ExitDomainNotPrepped The installation failed


because
adprep/domainprep
61

Value Case Description

has not been


performed.

81 ExitForestNotPrepped The installation failed


because
adprep/forestprep
has not been
performed.

82 ExitForestSchemaMismatch The installation failed


because there is a
forest schema
mismatch.

83 ExitUnsupportedSku The installation failed


because the operating
system edition does
not supported AD DS.

Logging bugs and feedback


Your feedback is very important to help us improve this feature in future releases of
Windows Server "Longhorn". Please provide feedback regarding your experience
installing AD DS, problems that you encounter, and whether this document was helpful.
We are also interested in feature requests and general feedback about AD DS installation
and removal.

To provide feedback for this step-by-step guide, follow the instructions on the Microsoft
Web site (http://go.microsoft.com/fwlink/?linkid=55105). Please note that, in the comment
area on the Web site, you will need to provide the name of this step-by-step guide.