; DCPROMO unattend file (automatically generated by dcpromo)
; dcpromo.exe /unattend:C:\Users\Administrator\Documents\lon-dc2-rodc.txt
; You may need to fill in password fields prior to using the unattend file.
; If you leave the values for "Password" and/or "DNSDelegationPassword"
; as "*", then you will be asked for credentials at runtime.
; Read-Only Replica DC promotion
; RODC Password Replication Policy
PasswordReplicationDenied="CONTOSO\Denied RODC Password Replication Group"
PasswordReplicationAllowed="CONTOSO\Allowed RODC Password Replication Group"
; Set SafeModeAdminPassword to the correct value prior to using the unattend file
; Run-time flags (optional)
3. Check the output as DCPROMO runs.
Checking if Active Directory Domain Services binaries are installed...
Active Directory Domain Services Setup
Validating environment and parameters...
The following actions will be performed:
Configure this server as an additional Active Directory domain controller for th
e domain contoso.com.
Read-only domain controller: Yes
Global catalog: Yes
DNS Server: Yes
Update DNS Delegation: No
Source DC: lon-dc1.contoso.com
Password Replication Policy:
Allow: CONTOSO\Allowed RODC Password Replication Group
Deny: BUILTIN\Server Operators
Deny: BUILTIN\Backup Operators
Deny: BUILTIN\Account Operators
Deny: CONTOSO\Denied RODC Password Replication Group
Delegation for RODC Installation and Administration:
Database folder: C:\Windows\NTDS
Log file folder: C:\Windows\NTDS
SYSVOL folder: C:\Windows\SYSVOL
The DNS Server service will be configured on this computer.
This computer will be configured to use this DNS server as its preferred DNS ser
Checking if Group Policy Management Console needs to be installed...
Press CTRL-C to: Cancel
Stopping service NETLOGON
Copying initial Directory Service database file C:\Windows\system32\ntds.dit to
Installing the Directory Service
Configuring the local computer to host Active Directory Domain Services
Replicating the schema directory partition
Replicating CN=Schema,CN=Configuration,DC=contoso,DC=com: received 401 out of ap
proximately 1578 objects
Replicating CN=Schema,CN=Configuration,DC=contoso,DC=com: received 801 out of ap
proximately 1578 objects
Replicating CN=Schema,CN=Configuration,DC=contoso,DC=com: received 1201 out of a
pproximately 1578 objects
Replicated the schema container.
Replicating the configuration directory partition
Replicating CN=Configuration,DC=contoso,DC=com: received 400 out of approximatel
y 3193 objects
Replicating CN=Configuration,DC=contoso,DC=com: received 801 out of approximatel
y 3193 objects
Replicating CN=Configuration,DC=contoso,DC=com: received 1202 out of approximate
ly 3193 objects
Replicating critical domain information...
Replicating secrets for Read-only Domain Controller.
Configuring service IsmServ
Setting the computer's DNS computer name root to contoso.com
Setting security on the domain controller and Directory Service files and regist
Securing Kerberos Policy
Replicating data DC=contoso,DC=com: Received 3845 out of approximately 3845 obje
cts and 52 out of approximately 52 distinguished name (DN) values...
Press CTRL-C to: Finish Replication Later
The attempted domain controller operation has completed
Configuring the DNS Server service on this computer...
Active Directory Domain Services is now installed on this computer for the domai
This Active Directory domain controller is assigned to the site Default-First-Si
te-Name. You can manage sites with the Active Directory Sites and Services admin
Windows Server 2008 domain controllers have a new more secure default for the se
curity setting named "Allow cryptography algorithms compatible with Windows NT 4
.0." This setting prevents Microsoft Windows and non-Microsoft SMB "clients" fro
m using weaker NT 4.0 style cryptography algorithms when establishing security c
hannel sessions against Windows Server 2008 domain controllers. As a result of t
his new default, operations or applications that require a security channel serv
iced by Windows Server 2008 domain controllers might fail.
Platforms impacted by this change include Windows NT 4.0, as well as non-Microso
ft SMB "clients" and network-attached storage (NAS) devices that do not support
stronger cryptography algorithms. Some operations on clients running versions of
Windows earlier than Vista with Service Pack 1 are also impacted, including dom
ain join operations performed by the Active Directory Migration Tool or Windows
For more information about this setting, see Knowledge Base article 942564 (http
You must restart this computer to complete the operation.
4. Restart the server to complete installation.
shutdown -r -t 0
Share this blog post on social media:Tweet
All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.