«

»

Nov 01

Powershell Code: Create a DCPromo Unattend File Automatically with a Script

I was brought in by a customer to automate Windows Server 2008 R2 Domain Controller deployment. I wrote a massive Powershell script that performs the entire DC configuration – of course this script started as a simple automate DCPromo and grew from there. Here’s some of the script code to demonstrate how to generate the DCPromo unattend file (with some extras).

Detailed DCPromo Unattend Options [Microsoft.com].

The script here does several things:

  • Gets the server’s site name & domain
  • Enables Powershell Remoting
  • Installs server roles (configurable)
  • Generates a random DSRM (Safe Mode) password
  • Specify DCPRomo Replication Source DC
  • Generates DCPromo Unattend Answer File

Download the script file here as a txt.

#################
# Set Variables #
#################
[Reflection.Assembly]::LoadWithPartialName(“System.Web”) ## Used to create random passwords
[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')

Import-Module ActiveDirectory

$Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name #Get AD Domain (lightweight & fast method)
$Computer = $env:ComputerName
$CurrentUserName = $env:UserName
$ADSite = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite()

$DCPromoAnswerFile="c:\temp\dcpromo.ini"

## Set AD DB (NTDS) path
$LocationNTDS = "e:\NTDS"
## Set AD DB Transaction Logs path
$LocationNTDSLogs = "f:\NTDS"
## Set AD SYSVOL path
$LocationSYSVOL = "f:\SYSVOL"
## Install DC From Media (requires IFM media set)
$InstallFromMedia = "No"
## Set IFM media set path
$DefaultIFMPath = "c:\temp\IFM"
## Reboot server after DCPromo completes
$DCPromoReboot = "Yes"
## Install Domain Controller as Read-ONly Domain Controller (RODC)
$ISRODC = "No"
## Install Domain Controller as a Global Catalog
$ISGC = "No"
## Install Domain Controller as a DNS Server
$DNSInstallSwitch = "Yes"
## Install Domain Controller as a WINS Server
$InstallWINSServer

##############################
# Enable Powershell Remoting # 
##############################
write-output "Enabling Powershell remoting... `r "
Enable-PSRemoting -force

######################################################
# Configure Windows 2008 R2 Server Roles & Features #
######################################################
Write-Verbose "Server Core needs to use OCSetup to add roles and features `r "
write-output "Configuring the server with the appropriate roles and features... `r "
import-module servermanager

Write-Verbose "Install Common Windows roles and features `r "
add-windowsfeature GPMC, Backup-Features, Backup, Backup-Tools
# add-windowsfeature AD-Domain-Services ##Not necessary to install - will be installed as part of DCPROMO - DO NOT PRE-INSTALL AD DS on Server Core

Write-Verbose "Install Custom windows roles and features `r "
IF ($DNSInstallSwitch -match "Yes") { add-windowsfeature DNS }
IF ($InstallWINSServer -match "Yes") { add-windowsfeature WINS-Server }

##################################
# DSRM SafeMode Password Config #
##################################
Write-output "Configuring DSRM password... `r "
Write-Verbose "Generate a random password 30 characters in length `r "
$RandPassLength = [int] 30
Write-Output "Generating $RandPassLength Character Random Password for AD DSRM Account... `r "
$DSRMPass = [System.Web.Security.Membership]::GeneratePassword($RandPassLength,2)
$SafeModePWD = $DSRMPass 
Write-Output "DSRM is $DSRMPass `r " 

#########################################
# Specify DCPRomo Replication Source DC #
#########################################
Write-Verbose "Specify DCPRomo Replication Source DC `r "
Write-Verbose "This enables override cpaability in the standard DCPromo process of replicating with a local DC `r "
write-output "You can specify the replication source DC for use during DCPromo. `r "
write-output "This DC has to be available during the DCPromo process or DC promotion will fail. `r "
write-output " `r "

Write-Output "Prompt to specify explicit replication source DC `r "
$Response = [Microsoft.VisualBasic.Interaction]::InputBox("Specify the replication source DC for use during DCPromo? <Yes / No>",`
 "Specify DCPromo Replication Source DC?","No") 
Switch ($Response)
 { ## OPEN Switch Response
 "Y" { $ExplicitSourceDC = "Yes" }
 "Yes" { $ExplicitSourceDC = "Yes" }
 DEFAULT { $ExplicitSourceDC = "No" }
 } ## CLOSE Switch Response

IF ($ExplicitSourceDC -eq "Yes")
 { ## OPEN IF ExplicitSourceDC Yes
 write-output "By default, the script will autodiscover a 2008 R2 DC in the site. `r "
 write-output "You can specify a different replication source DC by entering the DC's FQDN. `r "
 Write-Verbose "Discover 2008 DC `r "
 $DiscoveredSourceDC = Get-ADDomainController -discover -forcediscover -nextclosestsite -service ADWS
 $DefaultSourceDC = $DiscoveredSourceDC.HostName
 $SourceDC = Get-ADDomainController -identity "$DefaultSourceDC"
 $SourceDCOS = $SourceDC.OperatingSystem
 $SourceDCRO = $SourceDC.IsReadOnly

 IF ($SourceDCOS -like "*2003*")
 { ## OPEN IF The discovered DC is running Windows Server 2003 *
 write-output "Native autodiscover found a 2003 DC: $DefaultSourceDC `r "
 write-output "Please manually specify a 2008 R2 DC. `r "
 } ## CLOSE IF The discovered DC is running Windows Server 2003 *

 IF ($SourceDCOS -like "*2008 R2*") 
 { ## OPEN IF The discovered DC is running Windows Server 2008 R2
 write-output "Native autodiscover found the 2008 R2 DC: $DefaultSourceDC `r "
 } ## CLOSE IF The discovered DC is running Windows Server 2008 R2

 IF ($SourceDCRO -eq $True)
 { ## OPEN IF The discovered DC is running Windows Server 2003 *
 write-output "Native autodiscover found a Read Only DC: $DefaultSourceDC `r "
 write-output "Please manually specify a 2008 R2 DC. `r "
 } ## CLOSE IF The discovered DC is running Windows Server 2003 * 

 Write-Verbose "Specify explicit replication source DC `r "
 $ReplSourceDC = [Microsoft.VisualBasic.Interaction]::InputBox("Please enter the hostname of the DC you want to use as the DCPromo replication source DC",`
 "Specify DCPromo Replication Source DC?","$DefaultSourceDC") 
 $ReplSourceDC = $ReplSourceDC.Replace(" ", "")
 IF (!$ReplSourceDC ) { $ReplSourceDC = $DefaultSourceDC }

 $ReplSourceDCInfo = Get-ADDomainController -identity "$ReplSourceDC"
 $ReplSourceDCOS = $ReplSourceDCInfo.OperatingSystem

 IF ($ReplSourceDCOS -like "*2003*")
 { ## OPEN IF The discovered DC is running Windows Server 2003 *
 write-output "You have selected the DC $ReplSourceDC which is running Windows Server 2003. `r "
 write-output "This DC is now set as the replication source DC. `r "
 } ## CLOSE IF The discovered DC is running Windows Server 2003 *

 IF ($ReplSourceDCOS -like "*2008 R2*") 
 { ## OPEN IF The discovered DC is running Windows Server 2008 R2
 write-output "$ReplSourceDC is a 2008 R2 DC. This DC is now set as the replication source DC. Continuing.. `r "
 } ## CLOSE IF The discovered DC is running Windows Server 2008 R2
 } ## CLOSE IF ExplicitSourceDC Yes

#######################################
# Final Prompt before running DCPromo #
#######################################
Write-Verbose "Final Prompt before running DCPromo `r "
IF ($DCPromoReboot = "Yes") { write-output "The server will reboot automatically upon DCPromo completion. Please review the $FinalTasksFile file for additional configuration items. `r " }
IF ($DCPromoReboot = "No") { write-output "The server will NOT reboot automatically upon DCPromo completion. Please review the $FinalTasksFile file for additional configuration items. This file will automatically display. `r " }

Write-Output "Once DCPromo starts, all data displayed on screen is logged to the DCPromo log file. `r "
Write-Host "If there are any problems with the DCPromo process, please reference the DCPromo log files located in C:\Windows\Debug" -backgroundcolor DarkGreen `r
Write-Output "If you receive a TCP error please doublecheck to ensure that all unused NICs are disabled (the issue arises when there is a NIC that is unplugged `r" 

##############################
# Build DCPromo Answer File #
##############################
write-output "Building DCPromo answer file for automated DC Promotion... `r "
Write-Verbose "If the DC will be an RODC, set config data here `r "
IF ($ISRODC -match "Yes") 
 { ## OPEN IF Bracket RODC is YES
 $DCInstallType = "ReadOnlyReplica"
 $CriticalReplication = "Yes"
 } ## CLOSE IF Bracket RODC is YES

ELSE 
 { ## OPEN IF Bracket RODC is NO
 $DCInstallType = "Replica"
 $CriticalReplication = "No" 
 } ## CLOSE IF Bracket RODC is NO

Write-Verbose "Build DCPROMO unattend file for Full DC `r "
Write-Output "Building the DCPromo answer file for promotion to Domain Controller... `r "

$DCPromoFile = 
@"
[DCINSTALL]
UserName=*
UserDomain=$Domain
Password=*
SiteName=$ADSite
ReplicaOrNewDomain=$DCInstallType
ReplicaDomainDNSName=$Domain
DatabasePath=$LocationNTDS
LogPath=$LocationNTDSLogs
SYSVOLPath=$LocationSYSVOL
CriticalReplicationOnly=$CriticalReplication
ConfirmGc=$ISGC
RebootOnCompletion=$DCPromoReboot
SafeModeAdminPassword=$SafeModePWD
"@ 
$DCPromoFile | out-file c:\temp\dcpromo.ini -force

Write-Verbose "Add ReplicationSourceDC to DCPROMO Unattend file `r "
IF ($ExplicitSourceDC -match "Yes")
{ ## OPEN IF ISRODC Yes
Write-output @"
ReplicationSourceDC=$ReplSourceDC
"@ | out-file c:\temp\dcpromo.ini -append
 } ## CLOSE IF ISRODC Yes

Write-Verbose "Build DCPROMO unattend file for RODC `r "
IF ($ISRODC -match "Yes") 
 { ## OPEN IF ISRODC Yes
Write-output @"
PasswordReplicationDenied=Administrators
PasswordReplicationAllowed="Allowed RODC Password Replication Group"
DelegatedAdmin=
"@ | out-file c:\temp\dcpromo.ini -append
 } ## CLOSE IF ISRODC Yes

######################################
# DCPromo Install From Media Option #
######################################
Write-Verbose "Install From Media? `r "
IF ($InstallFromMedia -eq "No")
 { ## OPEN IF Statement for Install from Media (NO)
 Write-Verbose "Prompt to DCpromo `r "
 $title = "Promote Server $Computer to Domain Controller"
 $message = "Do you want to promote $Computer to Domain Controller Now?"
 $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Promotes server to DC."
 $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "Exits the script."
 $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
 $result = $host.ui.PromptForChoice($title, $message, $options, 0) 
 switch ($result)
 { ## OPEN Switch for DCPromo Prompt
 0 { Write-Output "You selected Yes. Running DCPromo now. Review the DCPromo log file in c:\Windows\Debug for results. `r " ; dcpromo /unattend:$DCPromoAnswerFile}
 1 { Write-Output "You selected No. `r " ; break}
 } ## CLOSE Switch for DCPromo Prompt
 } ## CLOSE IF Statement for Install from Media (NO)

ELSE
 { ## OPEN ELSE Statement for Install from Media (YES)
 #Prompt to DCpromo
 $title = "Promote Server $Computer to Domain Controller using Install From Media (IFM) option. $Computer is flagged for IFM install."
 $message = "Do you want to promote $Computer to Domain Controller using Install From Media (IFM) option Now?"
 $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", `
 "Promotes server to DC with Install From Media (IFM) option."
 $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", `
 "Exits the script."
 $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
 $result = $host.ui.PromptForChoice($title, $message, $options, 0) 
 SWITCH ($result)
 { ## OPEN Switch for DCPromo Prompt
 0 { Write-Output "You selected Yes. Running DCPromo using IFM Switch `r " ; dcpromo /ADV /ReplicationSourcePath:$IFMPath /unattend:$DCPromoAnswerFile}
 1 { Write-Output "You selected No. `r " ; break}
 } ## CLOSE Switch for DCPromo Prompt
 } ## CLOSE IF Statement for Install from Media (YES)
Share

7 comments

Skip to comment form

  1. Damian

    Cool, do you have a full listing of your script – this one is broken with end of lines.
    Thanks

    1. Sean Metcalf

      I just updated the post with a download link for the script text.
      Hope this helps!
      – Sean

  2. wat is mijn ip

    I’m already using a few parts of the script.
    Thanks for sharing this great work!

  3. Bryan

    Nice script. Note that if you want to change the path of the Unattend File, find/replace all c:\temp\dcpromo.ini with $DCPromoAnswerFile

  4. Dominic

    I try to run the script I downloaded from here on a Windows 2008R2 system. I got the following as soon as I execute

    The string starting:
    At D:\Scripts\CreateDCPromoUnattend.ps1:168 char:20
    + $DCPromoFile = <<<< @"
    is missing the terminator: "@.
    At D:\Scripts\CreateDCPromoUnattend.ps1:312 char:1
    + <<<<
    + CategoryInfo : ParserError: ( [DCINSTALL]..
    :String) [], ParseException
    + FullyQualifiedErrorId : TerminatorExpectedAtEndOfString

    I am not a powerscript savy, so any feedback what is missing would be appreciated.

    1. Sean Metcalf

      Script updated.
      @” has to be on its own line or it won’t work. Sorry about that.

  5. Dominic

    Sean, I edited the script from

    $DCPromoFile = @”

    to

    $DCPromoFile =
    @”

    But I am getting the exact error. Any more though?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>