Windows 7 / Getting Started

Installing a New Windows Server 2008 Child Domain

If you have an existing domain, you can create a new child domain by creating a Windows Server 2008 R2 domain controller. Before you do, however, you must run Adprep /forestprep, as described in the "Installing the First Windows Server 2008 R2 Domain Controller in an Existing Domain" section.

Then install AD DS and launch the Active Directory Domain Services Installation Wizard and, on the Choose A Deployment Configuration page, click Existing Forest and Create A New Domain In An Existing Forest. You are prompted to select the domain functional level. Because it is the first DC in the domain, it cannot be an RODC, and it cannot be installed from media. If you select the Use Advanced Mode Installation check box on the Welcome page, the wizard presents you with a Source Domain Controller page on which you specify a domain controller from which to replicate the configuration and schema partitions.

Using Dcpromo.exe, you can create a child domain with the minimal options shown in the following command:

dcpromo /unattend /installDNS:yes
    /replicaOrNewDomain:domain /newDomain:child
    /ParentDomainDNSName:google.com
    /newDomainDnsName:subsidiary.google.com /childName:subsidiary
    /DomainNetbiosName:subsidiary
    /databasePath:"e:\ntds" /logPath:"f:\ntdslogs" /sysvolpath:"g:\sysvol"
    /safeModeAdminPassword:password /forestLevel:3 /domainLevel:3
    /rebootOnCompletion:yes

The following answer file reflects the same minimal parameters:

[DCINSTALL]
ReplicaOrNewDomain=domain
NewDomain=child
ParentDomainDNSName=FQDN of parent domain
UserDomain=FQDN of user specified by UserName
UserName= DOMAIN\username (in Administrators group of ParentDomainDNSName)
Password=password for user specified by UserName or * for prompt
ChildName=single-label prefix for domain
    (Child domain FQDN will be ChildName.ParentDomainDNSName)
DomainNetBiosName=Domain NetBIOS name
DomainLevel=domain functional level (not lower than current forest level)
InstallDNS=yes
CreateDNSDelegation=yes
DNSDelegationUserName=DOMAIN\username with permissions to create
    DNS delegation, if different than UserName, above
DNSDelegationPassword=password for DNSDelegationUserName or * for prompt
DatabasePath="path to folder on a local volume"
LogPath="path to folder on a local volume"
SYSVOLPath="path to folder on a local volume"
SafeModeAdminPassword=password
RebootOnCompletion=yes

Installing a New Domain Tree

A tree is composed of one or more domains that share a contiguous DNS namespace. So, for example, the google.com and subsidiary.google.com domains would be in a single tree. Additional trees are simply additional domains in the same forest that are not in the same namespace. For example, if Google, Ltd., bought Tailspin Toys, the tailspintoys.com domain would be in a separate tree in the domain. Very little functional difference exists between a child domain and a domain in another tree, and the process for creating a new tree is, therefore, very similar to creating a child domain.

First, you must run Adprep.exe /forestprep, as described in the "Installing the First Windows Server 2008 R2 Domain Controller in an Existing Forest or Domain" section. Then you can install AD DS and run the Active Directory Domain Services Installation Wizard. You must select Use Advanced Mode Installation on the Welcome page of the wizard. On the Choose A Deployment Configuration page, click Existing Forest, select Create A New Domain In An Existing Forest, and select Create A New Domain Tree Root Instead Of A New Child Domain. The rest of the process is identical to creating a new child domain.

The following options provided as parameters to Dcpromo.exe create a new tree for the tailspintoys.com domain within the google.com forest:

dcpromo /unattend /installDNS:yes
    /replicaOrNewDomain:domain /newDomain:tree
    /newDomainDnsName:tailspintoys.com /DomainNetbiosName:tailspintoys
    /databasePath:"e:\ntds" /logPath:"f:\ntdslogs" /sysvolpath:"g:\sysvol"
    /safeModeAdminPassword:password /domainLevel:2
    /rebootOnCompletion:yes

The domain functional level is configured at 2-Windows Server 2003 Native-so the domain could include Windows Server 2003 domain controllers. An unattended installation answer file that creates the same new tree would look similar to the following:

[DCINSTALL]
ReplicaOrNewDomain=domain
NewDomain=tree
NewDomainDNSName=FQDN of new domain
DomainNetBiosName=NetBIOS name of new domain
UserDomain=FQDN of user specified by UserName
UserName= DOMAIN\username (in Administrators group of ParentDomainDNSName)
Password=password for user specified by UserName or * for prompt
DomainLevel=domain functional level (not lower than current forest level)
InstallDNS=yes
ConfirmGC=yes
CreateDNSDNSDelegation=yes
DNSDelegationUserName=account with permissions to create DNS delegation
    required only if different than UserName, above
DNSDelegationPassword=password for DNSDelegationUserName or * for prompt
DatabasePath="path to folder on a local volume"
LogPath="path to folder on a local volume"
SYSVOLPath="path to folder on a local volume"
SafeModeAdminPassword=password
RebootOnCompletion=yes
[Previous] [Contents] [Next]

In this tutorial:

  1. Administering Domain Controllers
  2. Deploying Domain Controllers
  3. Unattended Installation Options and Answer Files
  4. Installing a New Windows Server 2008 R2
  5. Installing Additional Domain Controllers in a Domain
  6. Installing an Additional Domain Controller
  7. Installing a New Windows Server 2008 Child Domain
  8. Staging the Installation of an RODC
  9. Installing AD DS from Media
  10. Managing Operations Masters
  11. Domain-Wide Operations Master Roles
  12. Optimizing the Placement of Operations Masters
  13. Transferring Operations Master Roles
  14. Seizing Operations Master Roles
  15. Configuring DFS Replication of SYSVOL
  16. Understanding Migration Stages