Setting DNS and WINS
Configuring TCP/IP on a NIC involves more than simply setting an IP address and gateway. You also need to set a DNS server and probably a WINS server. I could use a GUI to accomplish this step, but why not use a batch file? Netsh can set a system to use a DNS or WINS system, as follows:
netsh int ip set [dns|wins]
<nicsname> static <ipaddress>
Suppose I intend to have UptownDC (my server at 192.168.0.2) act as the WINS and DNS server for this particular subnet. But I'm setting up UptownDC, so what addresses should I provide for the DNS and WINS servers? Typically, I'd tell UptownDC to look to itself to resolve names with DNS and WINS, so I'd simply include the following lines in my batch file:
netsh int ip set dns
L static 192.168.0.2
netsh int ip set wins
L static 192.168.0.2
One more Netsh thought: If you have a complex IP setup that you'd like to create from the command line, you might find the Netsh Int Dump command useful. After you get your computer's TCP/IP stack just the way you want it, simply type
netsh int dump
and Netsh will produce a script that lets you regenerate that TCP/IP configuration.
The DNS Domain Suffix
So far so good: With three lines in a batch file, I've set up the IP address, subnet mask, gateway, and DNS and WINS servers. But now I need to tackle the DNS domain suffix. In my experience, setting up a DNS server is easier if it already has a domain suffix. Otherwise, the DNS server software leaves warnings in the event log. Also, the server doesn't know to dynamically register its DNS records if it doesn't know which zone to register them with. Therefore, if UptownDC will be a member of bigfirm.biz, the server will need a domain suffix of bigfirm.biz as soon as possible.
I haven't found a Microsoft-documented way to set a domain suffix from a batch file, so I've devised my own method. Remember that I'm starting from a simple system that's a member of a workgroup, not a domain. And the system contains little software—it's essentially limited to the server itself and the DNS and WINS server services. So although I can virtually guarantee that this method works on workgroup systems that have a minimum of preinstalled software, I can't vouch for its effectiveness on more complex systems. Test it before you rely on it.
Set a DNS domain suffix through the GUI, reboot, then search the registry for that domain suffix. Only two results will turn up, both in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters registry subkey. Both the NV Domain and Domain entries (of type REG_SZ) contain the DNS domain suffix name. To make UptownDC into UptownDC.bigfirm.biz, I need to open regedit, navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters registry subkey, add a new REG_SZ entry named NV Domain, and place bigfirm.biz inside it, then perform the same steps for the Domain entry.
But how can I automate this procedure? Windows 2003, Windows XP, and Win2K contain a useful command-line tool for manipulating the registry—reg.exe. I can instruct reg.exe to create and populate a value entry in an HKEY_LOCAL_MACHINE registry subkey as follows:
reg add HKLM\<keyname> /v
<valuename> /d <data> /f
The /v parameter specifies that you want to enter a particular value into the key (rather than creating an empty key). The /f parameter forces the command. If you don't force the command, when reg.exe finds that you already have a particular key or value, it stops and asks whether you're sure that you want to make the change. Equipped with this command, I can add two more lines to my setup batch file:
reg add HKLM\SYSTEM\CurrentControlSetServices\Tcpip\Parameters /v Domain /d "bigfirm.biz" /f
reg add HKLM\SYSTEM\CurrentControlSetServices\Tcpip\Parameters /v "NV Domain" /d "bigfirm.biz" /f
Typically, whenever you change a system's domain suffix, the system insists that you reboot. I've never understood why a reboot is necessary, but I suspect it's because Windows is programmed to force a reboot when you change a machine name, and the DNS domain suffix is on the same Properties page. The bottom line is that in my experience, you don't need to reboot after setting these registry properties.
Can you force a reboot if you'd like to ensure that your system reboots after the domain suffix change? Windows 2003 and XP offer a useful command called shutdown.exe that will do the job. Although Win2K doesn't offer the command, the XP version works fine in Win2K, and alternatively you can use the Microsoft Windows 2000 Server Resource Kit's shutdown.exe command. Shutdown.exe's syntax varies between Windows 2003 and Win2K, however, so your batch file will differ depending on your OS. The Windows 2003 batch file would end with
shutdown /r /t 0 /f
and the Win2K batch file would end with
shutdown /r /t:0 /c
In a future column, I'll show you how to set up an AD-ready DNS server from a batch file. I'll also show you how to run Dcpromo automatically to create a domain controller (DC).