In very first of the series: Administer Active Directory Domain Services Domain Controllers, you saw how to promote a Windows Server 2012 as an additional DC with the help of the AD DS Installation Wizard, then designate into a Site to power your domain.
And you may wonder, where/how data about the domain/forest comes to this DC so that it can serve its clients?
That is a process called the replication/synchronization; however, that data can't be downloaded as a single file easily, records about objects will be delivery in the sequence manner.
So it requires a great amount of traffic as well as time if the AD DS database is a big one.
(If a WAN connection is used, the scenario is worse, because the bandwidth, the latency will become problems).
You can't imagine that an NTDS.DIT database file in the real scenario can grow up to hundreds of GB @@
[00:18] That's why Microsoft invented a method to create an additional Domain Controller from installation media (IFM).
Basically, this process contains 2 phases: create a backup of a working DC's system state, and deploy ADC through AD DS Installation Wizard.
"Installing AD DS from Media"
[00:33] Choose a DC that has the up-to-date AD DS database, and it must run the same WS versions.
In this virtual lab, I pick the master DC of the domain SnoOpy.com
[00:45] Fire up a CMD prompt in the Administrator mode, then enter the ntdsutil console.
[00:52] Active Directory Database, SYSVOL and System State
[00:57] Select NTDS:
> Activate instance ntds
then enter the IFM tool:
Actually, there are 4 types of the backup/snapshot to create: Full, RODC, Full with SYSVOL and RODC with SYSVOL.
We focus on the traffic/time reducing, so "Writeable Domain Controller with SYSVOL" is the best choice.
> create sysvol full C:\IFM
"C:\IFM" is the path where the snapshot will be exported.
You can place it on a shared-folder, or a DVD/USB drive so that you can instruct AD DS Installation Wizard to import later, though they can eliminate the need of Active Directory's intensive replications.
[01:13] Active Directory Back to Basics – Sysvol"
[01:19] NTDSUTIL will create a snapshot of the domain's database, firstly, to avoid changes occur, mount its components, then copy them into the specified path.
[01:32] In this virtual demo, I will copy this state backup directly into the destination server (USB likely), rather than leave it as a network-share.
[02:08] This was an ADC of SnoOpy.com, I decommission it to do demonstrations in previous episodes.
Now we bring it back with IFM.
[02:41] That process is so familiar, the difference is that we are replacing the need for extra replications with master DC by taking advance of having a copy of the domain/forest database locally.
[02:47] Deploying Domain Controllers with Install From Media (IFM)
[02:54] Install the Active Directory Domain Services role, do Post-deployment Configuration to Promote this server to a domain controller.
[03:32] Specify the domain SnoOpy.com and an administrative account.
Due to the previous DC promoting: "An account with the name of the server has been found in the directory.
In order to continue, you need to confirm that you want to reinstall this domain controller
– If you are creating a DC that will be a Global Catalog Server, create your IFM on a Global Catalog Server.
– If you are creating a DC that will be a DNS Server, create your IFM on a DNS Server.
[04:15] Choose an appropriate Site name and a complex DSRM password.
[04:23] Now specify the Install From Media (IFM) option with the path to its local disk C:\IFM
[04:36] Customize the location of the AD DS database, log files if necessary.
[04:38] At that Review Options page, you can take an overview look at settings about the new DC.
Furthermore, you can export this process as a PowerShell script to automate that DC IFM deployment task, like we did with the normal promoting.
You can observe that the process of creating an additional DC from installation media doesn't so difficult.
The key points I want to show are:
– its application in the ADC deployment scenario that the AD database is big, slow WAN connections will be used.
– There are some notices that you have to take care of to make this kind of deployment is successful.
[04:51] If I completed this installation, this machine would become an ADC effortlessly.
– We can use the same procedure with Windows Server 2008 R2, as long as, we create the backup with the same WS version.
– With WS 2008, we must launch AD DS Installation Wizard through dcpromo utility alongside with \/adv option so that IFM mode can be available.
– If you are planning to enable AD Recycle Bin in your domain/forest, make sure the NTDS snapshot is created afterward, otherwise, it will become useless with this ADC deployment.
[05:01] How to install Active Directory Domain Services (AD DS) in Windows Server 2012 – Adding a replica Domain Controller to an existing AD DS Domain using the Install From Media (IFM) method"