Working with Domain Controllers

 < Day Day Up > 



Computers running Windows Server 2003 can act as member servers or domain controllers. Although everything discussed in the previous sections of this chapter applies to any type of computer account, the discussion in this section applies only to domain controllers.

Installing and Demoting Domain Controllers

Domain controllers perform many important tasks in Active Directory domains. You make a member server a domain controller by running the DCPROMO command, which installs directory services and promotes the member server to be a domain controller. If you run DCPROMO a second time on the server, you will demote the domain controller so that it acts once again as a member server only.

Real World

The DCPROMO command starts a graphical utility. It does, however, accept several command-line parameters, including /Answer:FileName and /Adv. With the /Answer parameter, you can provide the name of an answer file that scripts the directory services installation. If you are automating the installation of an entire server, you would add a GUIRunOnce entry in the Unattend.txt file to automatically start DCPROMO at the end of the Unattended Setup. With the /Adv parameter, you tell DCPROMO to run in advanced mode, which gives you the option to create the domain controller from restored backup files. To be able to copy domain information from restored backup files, you will first need to back up the System State for a domain controller running Windows Server 2003 in the same domain as the member server you want to promote, and then you will need to restore the System State files to a drive on the member server.

Finding Domain Controllers in Active Directory

When you want to work strictly with domain controllers rather than all computer accounts, you can use the DSQUERY server and DSGET server commands. By default when you use DSQUERY server, you search your logon domain. In fact, if you type dsquery server on a line by itself and press Enter, you’ll get a list of all domain controllers in your logon domain. As necessary, you can specify the domain to search using the –Domain parameter. Consider the following example:

dsquery server -domain tech.cpandl.com

Here, you obtain a list of all the domain controllers in the tech.cpandl.com domain. If you want a list of all domain controllers in the entire forest, you can do this as well. Simply type dsquery server –forest.

In all these examples, the resulting output is a list of DNs for domain controllers. Unlike previous DNs that we’ve worked with, these DNs include site configuration information, such as:

"CN=CORPSVR02,CN=Servers,CN=Default-First-Site- 
Name,CN=Sites,CN=Configuration,DC=cpandl,DC=com"

This additional information is provided by DSQUERY server to specify the site associated with the server. Remember, domains can span more than one physical location and the way you tell Active Directory about these physical locations is to use sites and subnets. In this example, the associated site is Default-First- Site-Name in the Sites configuration container.

Note

DSQUERY server has additional parameters that help you search for global catalogs and operations masters. These parameters are discussed in the sections of this chapter titled “Finding Global Catalogs” and “Finding Operations Masters.”

As with the computer-related commands, DSQUERY server and DSGET server are best used together. Here, you use DSQUERY server to obtain the DNs for one or more domain controllers and then use DSGET server to display the properties for the related accounts. Properties you can display are specified with the following parameters:

  • Dn Displays the DN of matching domain controllers in the output.

  • Desc Displays the description of matching domain controllers in the output.

  • Dnsname Displays the fully qualified domain name of the domain controller.

  • Isgc Displays a Yes/No value indicating whether the domain controller is a global catalog server as well.

For example, if you wanted a detailed summary of all domain controllers in the forest, you could type the command

dsquery server -forest | dsget server -desc -dnsname -isgc

To save this information, direct the output to a file, such as

dsquery server -forest | dsget server -desc -dnsname -isgc > forest-
dcs.txt



 < Day Day Up > 



Microsoft Windows Command-Line Administrator's Pocket Consultant
MicrosoftВ® WindowsВ® Command-Line Administrators Pocket Consultant
ISBN: 0735620385
EAN: 2147483647
Year: 2004
Pages: 114

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net