JSI Tip 6398. How do I perform an unattended promotion or demotion of a Windows 2000 Domain controller?

Jerold Schulman

March 2, 2003

7 Min Read
ITPro Today logo

NOTE: The text in the following Microsoft Knowledge Base article is provided so that the site search can find this page. Please click the Knowledge Base link to insure that you are reading the most current information.

Microsoft Knowledge Base article Q223757 contains:


Dcpromo.exe is the executable program (.exe) that promotes and demotes Windows 2000 domain controllers. You can use Dcpromo.exe to perform the following tasks:

  • Promote Windows 2000 workgroup and member servers toWindows 2000 domain controllers.

  • Upgrade Microsoft Windows NT 4.0 domain controllers toWindows 2000 domain controllers.

  • Demote Windows 2000 domain controllers to Windows 2000servers.

This article provides information about syntax you can use to build answer files that perform unattended promotions and demotions of Windows 2000 domain controllers.


The Dcpromo.exe answer file is an ASCII text file that provides automated user input for each page of the Dcpromo.exe Wizard. Subtle differences exist between Windows 2000 and Microsoft Windows .NET Server Dcpromo.exe answer file syntax. Despite these differences, Windows .NET Server can read the Windows 2000 answer file syntax and interpret equivalent settings. If answer file interoperability between Windows 2000 and Windows .NET Server domain controllers is required, use the answer file syntax that is described in this article.

To start Dcpromo.exe in unattended mode from a command prompt if you either click Start and then click Run or if you use an unattended Setup file, use the dcpromo /answer:answer.txt command, where answer.txt is path and file name of the answer file to be used for demotion or promotion.

Each Dcpromo.exe operation requires answers to specific fields in the [DCInstall] section of the answer file. The following list provides the required fields for each operation. The default values are used if the option is not specified. The default values for these fields are described in the "Dcpromo Field Definitions" section later in this article.

  • For new tree in new forest installations, the followingoptions apply:

    [DCINSTALL]ReplicaOrNewDomain=DomainTreeOrChild=TreeCreateOrJoin=CreateNewDomainDNSName=DNSOnNetwork=yesDomainNetbiosName=AutoConfigDNS=yesSiteName=[active directory site name (optional)];AllowAnonymousAccess=noDatabasePath=%systemroot%tdsLogPath=%systemroot%tdsSYSVOLPath=%systemroot%sysvolSafeModeAdminPassword=CriticalReplicationOnly=NoRebootOnSuccess=yes

  • For Windows NT 4.0 Backup domain controller ( BDC) upgradesor new Windows 2000 replica installations, the following options apply:


  • For child domain installations, the following optionsapply:


  • For new tree in existing forest installations, thefollowing options apply:


  • For domain controller demotion, the following optionsapply:


Dcpromo Field Definitions

This section describes Dcpromo fields and the options you can use. The default value for each option is displayed in bold text.


  • Yes|No

  • Used when downlevel (pre Windows 2000) serves will beauthenticating users from this domain or any trusting domain. This optionindicates whether DCPromo should cause the permissions to be set to permitanonymous access to user and group information. "Yes" allows anonymous access."No" uses more restrictive permissions.


  • No default

  • Used to establish the local administrator password whendemoting a domain controller


  • No|Yes

  • Determines whether the wizard should install and configureDNS for the new domain as it has detected that dynamic DNS updates are notavailable.


  • No default

  • Name of subordinate domain that is appended to theParentDomainDNSName. If the parent domain is A.COM and the subordinate domainis "B", the new domain would be B.A.COM and "B" (no quotes) would be entered asthe ChildName.


  • Create|Join

  • "Create" creates a new forest. "Join" places the new domainas a root of a new domain tree in an existing forest.


  • No value

  • Optional Parameter. Specifies that during replicationphase of DCPROMO that only critical replication be sourced initially. Noncritical replication will resume when the computer is rebooted as a domaincontroller subject to replication schedules."Yes" (no quotes) enabled criticalreplication only.


  • %systemroot%NTDS

  • Fully qualified, non-unc directory on a fixed disk of thelocal machine to host the Active directory database (NTDS.DIT). If thedirectory exists it must be empty. If it does not exist, it will be created.Free disk space on the logical drive selected must be 200 MB and possiblylarger when rounding errors are encountered and larger to accommodate allobjects in the domain. Place on a dedicated hard drive for best performance


  • No default

  • Netbios name used by downlevel clients to access thedomain. The DomainNetbiosName must be unique on the network.


  • No|Yes

  • Used in new forest installations when DNS client is notconfigured. "No" skips DNS client configuration and DNS auto-configuration forthe new domain. "Yes allows the DNS client to be configured and allows andauto-configuration to be offered.


  • Yes|No"

  • Indicates that that is computer is the last domain in itsdomain during demotion.


  • %systemroot%NTDS

  • Fully qualified, non-unc directory on a fixed disk on thelocal machine to host the Active directory log files. If the directory existsit must be empty. If it does not exist, it will be created.


  • No Default

  • Used in "new tree in existing forest" or "new forest"installations. Value is the DNS domain name to be created not currently in use.


  • No default

  • Account credentials to be used for the promotion operation.For protection, passwords are removed from the answer file following promotionand must redefine each time an answer file is used.


  • No Default

  • Name of (existing) parent DNS domain for child domaininstalls


  • Yes|No

  • Determines whether the computer should be rebooted uponsuccessful completion of a promotion or demotion. Reboots are always requiredto compete a change in Active Directory role.


  • No Default

  • For BDC upgrades and replica domain controller installs.Enter the DNS domain name of the existing domain to be replicated from.


  • Replica|Member

  • "Replica" used for Windows NT 4.0 BDCs upgraded to Windows2000 replica domain controllers. "Member" used when demoting the BDC to amember server of its domain.


  • Domain|Replica

  • Used only on new installs. "Domain" converts the serverinto the first domain controller of a new domain. "Replica" converts the serverinto a replica domain controller.


  • None

  • Used to indicate the name of the domain controller fromwhich to source the active directory on new replica or BDC upgrade installs. Ifno value is supplied, the closest domain controller from the domain beingreplicated will be selected.


  • No Default

  • Used to supply the password for the offline administratoraccount used in DS Repair mode. No value = blank password.


  • "Default-First-Site" (no quotes)

  • Value of an existing Active Directory site to place the newdomain controller. If not specified, a suitable site will be selected. Thisoption only applies to the new tree in a new forest scenario. For all otherscenarios, a site will be selected using the current site and subnetconfiguration of he forest.


  • %systemroot%SYSVOL

  • Fully qualified, non-UNC directory on a fixed disk of thelocal machine to host the Active directory log files. If the directory existsit must be empty. If it does not exist it will be created. Must be located onan NTFS 5.0 formatted partition. Place on a different physical hard drive thanthe operating system for best performance.


  • Tree|Child

  • "Tree" indicates new domain in root of new tree. "Child"creates a new child domain.


  • See Explanation

  • Domain the UserName account should be taken from. If theoperation is to create a new forest or to become a member server from a BDCupgrade there is no default. If the operation is to create a new tree, then thedefault is the DNS name of the forest the computer is presently joined to. Ifthe operation is to create a new child domain or a replica then the default isthe DNS name of the domain the computer is joined to. If the operation is todemote the computer and the computer is a domain controller in a child domain,then the default is the DNS name of the parent domains. If the operation is todemote the computer, and the computer is a domain controller of a tree rootdomain, the default is the DNS name of the forest.


  • No Default

  • Account credentials to be used for the promotionoperation.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like