.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
How do I promote a server to a domain controller?
John Savill
January 8, 2000
3 Min Read
A. A. Windows 2000 ships with a utility, DCPROMO.EXE, which is used topromote a stand-alone/member server to a domain controller and vice-versa.
In Windows 2000 domains are DNS names which means you can have a hierarchyof domains leading to parent-child domain relationships. The advantage of theseparent-child relationships is that there have a bidirectional transitive trustwhich means that if domain b is a child of domain a, and domainc is a child of domain b, domain c implicitly trustsdomain a. This is very different from the way trusts work in earlierversions of Windows NT.
Since Windows 2000 domains rely on DNS it is vital that DNS is correctlyconfigured to enable the domain to be created (if you are creating a new toplevel domain). Information on configuring DNS for a domain can be foundhere.
A final pre-requisite is that an NTFS 5.0 volume is required to house theSYSVOL volume and so ensure you have at least one NTFS 5.0 volume (use CHKNTFSto check the versions of your partitions).
To upgrade a stand-alone/member server to a domain controller perform thefollowing:
Start the DCPROMO utility (Start - Run - DCPROMO)
Click Next to the introduction screen
You will have a choice to "New domain" or "Replica domaincontroller in existing domain". There is no concept of a BDC in NT 5.0 andall domain controllers are equal (more or less :-) ). Select New Domain andclick Next
A new concept is trees which enable the idea of child domains. If you arestarting a new top level domain select "Create new domain tree", tocreate a child domain select "Create new child domain". Click Next
If you selected to create a new domain tree you will be asked if you wantto "Create a new forest of domain trees" or "put this new domaintree in an existing forest". Forests enable you to "join" anumber of separate domain trees and again a transitive trust relationship iscreated between them. If this is your first NT 5.0 domain tree you shouldcreate a new forest. Click Next
You will then be asked for the DNS name of your domain, e.g. savilltech.comis a valid domain name. It is important this matches information configured onthe DNS server. Click Next
You will then be asked for a NetBIOS domain name which by default will bethe left most part of the DNS domain name (up to the first 15 characters), e.g.savilltech, however this can be changed. Click Next to continue.
You will then have to provide a storage area for the Active Directory andthe Active Directory log. Except the defaults and click Next
Finally you must select an area on an NTFS 5.0 partition for theSYSVOL volume for storage of the servers public files, %systemroot%SYSVOL bydefault. Click Next
An option to weaken security for pre-Windows 2000 services such as a 4.0 RAS server. Select your option andclick Next
You will be asked for an Administrator password to be used in Directory Server restore mode. Click Next
A summary screen will be displayed and click Next to start the upgrade. Itsets security and creates the Directory Server schema container. Informationfrom the default directory service file and the old SAM is then read in if themachine is an upgraded PDC.
You should then click Finish and reboot the machine.
You now have a Windows 2000 domain controller. Additional domain controllers(old BDC's) can be added by performing the above and selecting "Replicadomain controller in existing domain" in step 3. It would then ask you thename of the domain to replica.
About the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)