Creating a New Active Directory Forest in Server Core

Creating a New Active Directory Forest in Server Core

  • Comments 1
  • Likes

We often get asked how to do certain “simple” operations on the GUI when running the Server Core installation of Windows Server 2008 R2.  While the SCONFIG utility allows you to perform a number of tasks quickly, it does not cover every possibility.  There are still times when you need to go to the command line or look into using PowerShell.  This post takes you through how to create a new Active Directory Forest in Server Core.

imageThis article explains how to install a new domain forest on Windows Server Core, or in the Windows Server CLI (Command Line Interpreter). I will not discuss any other option for RODCs, existing domains, child domains, and so on… there are a plethora of articles out there that describe those already.

It astounded me the first (several) times I tried to create a new domain using Windows Server Core installations as my first domain controller in the forest. There are, I should mention, copious articles on creating additional DCs in an existing domain, but I have not come across too many (any?) that explained creating the FIRST… i.e.: creating the forest FOR the trees clip_image001

This evening Steve Syfuhs and I sat down and attempted to do just that. Actually our original intentions had very little to do with that, but as we discovered along the way we would have two choices:

  • Create a new physical server with Windows Server 2008 FULL install, create a new domain on GUI mode, join our Server Core machine to that domain, promote it to Domain Controller, transfer all Operations Master Roles to the Server Core machine, and continue on; or
  • Figure out once and for all how to create our domain in Server Core.

I should point out that between us we read several dozen articles (including some written by some very reputable IT Pros) that CLAIMED that it was possible, but none that elaborated.

So we started clawing our way through the tidbits we gleaned from various sources and came up with the following unattend file that did the job:

[DCInstall]
InstallDNS=yes
NewDomain=forest
NewDomainDNSName=swmi.ca
DomainNetBiosName=SWMI
SiteName=Default-First-Site-Name
ReplicaOrNewDomain=domain
ForestLevel=3
DomainLevel=3
DatabasePath="%systemroot%ntds"
LogPath="%systemroot%ntds"
RebootOnCompletion=yes
SYSVOLPath="%systemroot%sysvol"
SafeModeAdminPassword=Pa$$w0rd

Now: Once the file was created we put it in the root of C: on the server core machine, and typed the following command:

dcpromo /unattend:c:unattend.txt

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • excellent. I've done the same about a year ago.

    This is what I recommend to my customers.

    Server Core is more secure than the full installation with the GUI.

    Also make sure that your Admins are Powershell ready.

    Great Thanks