IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

6.4.4 Create an additional Domain Controller from installation media – IFM NTDSUTIL SYSVOL FULL DIT

In very first of the series: Administer Active Directory Domain Services Domain Controllers, you saw how to promote a Windows Server 2012 as an additional DC with the help of the AD DS Installation Wizard, then designate into a Site to power your domain.

And you may wonder, where/how data about the domain/forest comes to this DC so that it can serve its clients?

That is a process called the replication/synchronization; however, that data can't be downloaded as a single file easily, records about objects will be delivery in the sequence manner.

So it requires a great amount of traffic as well as time if the AD DS database is a big one.

(If a WAN connection is used, the scenario is worse, because the bandwidth, the latency will become problems).

You can't imagine that an NTDS.DIT database file in the real scenario can grow up to hundreds of GB @@

[00:18] That's why Microsoft invented a method to create an additional Domain Controller from installation media (IFM).

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

Basically, this process contains 2 phases: create a backup of a working DC's system state, and deploy ADC through AD DS Installation Wizard.

"Installing AD DS from Media"

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770654(v=ws.10)

[00:33] Choose a DC that has the up-to-date AD DS database, and it must run the same WS versions.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

In this virtual lab, I pick the master DC of the domain SnoOpy.com

[00:45] Fire up a CMD prompt in the Administrator mode, then enter the ntdsutil console.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[00:52] Active Directory Database, SYSVOL and System State

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

http://www.rebeladmin.com/2015/02/active-directory-database-sysvol-and-system-state/

[00:57] Select NTDS:

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

> Activate instance ntds

then enter the IFM tool:

> \ifm

Actually, there are 4 types of the backup/snapshot to create: Full, RODC, Full with SYSVOL and RODC with SYSVOL.

We focus on the traffic/time reducing, so "Writeable Domain Controller with SYSVOL" is the best choice.

> create sysvol full C:\IFM

"C:\IFM" is the path where the snapshot will be exported.

You can place it on a shared-folder, or a DVD/USB drive so that you can instruct AD DS Installation Wizard to import later, though they can eliminate the need of Active Directory's intensive replications.

[01:13] Active Directory Back to Basics – Sysvol"


https://social.technet.microsoft.com/wiki/contents/articles/24160.active-directory-back-to-basics-sysvol.aspx

[01:19] NTDSUTIL will create a snapshot of the domain's database, firstly, to avoid changes occur, mount its components, then copy them into the specified path.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[01:32] In this virtual demo, I will copy this state backup directly into the destination server (USB likely), rather than leave it as a network-share.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[02:08] This was an ADC of SnoOpy.com, I decommission it to do demonstrations in previous episodes.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

Now we bring it back with IFM.

[02:41] That process is so familiar, the difference is that we are replacing the need for extra replications with master DC by taking advance of having a copy of the domain/forest database locally.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[02:32]
[02:47] Deploying Domain Controllers with Install From Media (IFM)

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

https://www.brandonlawson.com/active-directory/deploying-domain-controllers-with-install-from-media-ifm/

[02:54] Install the Active Directory Domain Services role, do Post-deployment Configuration to Promote this server to a domain controller.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[03:32] Specify the domain SnoOpy.com and an administrative account.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

Due to the previous DC promoting: "An account with the name of the server has been found in the directory.

In order to continue, you need to confirm that you want to reinstall this domain controller

– If you are creating a DC that will be a Global Catalog Server, create your IFM on a Global Catalog Server.

– If you are creating a DC that will be a DNS Server, create your IFM on a DNS Server.

[04:15] Choose an appropriate Site name and a complex DSRM password.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[04:23] Now specify the Install From Media (IFM) option with the path to its local disk C:\IFM

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[04:36] Customize the location of the AD DS database, log files if necessary.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[04:38] At that Review Options page, you can take an overview look at settings about the new DC.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

Furthermore, you can export this process as a PowerShell script to automate that DC IFM deployment task, like we did with the normal promoting.

http://mo-servers.blogspot.com/p/how-to-install-additional-domain.html

You can observe that the process of creating an additional DC from installation media doesn't so difficult.

The key points I want to show are:

– its application in the ADC deployment scenario that the AD database is big, slow WAN connections will be used.

– There are some notices that you have to take care of to make this kind of deployment is successful.

[04:51] If I completed this installation, this machine would become an ADC effortlessly.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

– We can use the same procedure with Windows Server 2008 R2, as long as, we create the backup with the same WS version.

– With WS 2008, we must launch AD DS Installation Wizard through dcpromo utility alongside with \/adv option so that IFM mode can be available.

– If you are planning to enable AD Recycle Bin in your domain/forest, make sure the NTDS snapshot is created afterward, otherwise, it will become useless with this ADC deployment.

[05:01] How to install Active Directory Domain Services (AD DS) in Windows Server 2012 – Adding a replica Domain Controller to an existing AD DS Domain using the Install From Media (IFM) method"


https://www.interfacett.com/blogs/how-install-active-directory-domain-services-ad-ds-windows-server-2012-part-3-adding-replica-domain-controller-existing-ad-ds-domain-using-install-from-media-ifm-method/

[05:07] Furthermore, keep in mind that ntdsutil has a bunch of practical usages that administrators will need in a daily basis: Metadata cleanup, Files, Semantic database analysis, Group membership evaluation, Roles, IFM, etc.

6 4 4 Create an additional Domain Controller from installation media IFM NTDSUTIL SYSVOL FULL DIT | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

https://searchwindowsserver.techtarget.com/tip/A-closer-look-at-the-Ntdsutil-command-line-tools-for-Active-Directory

[05:08] If you should find any difficulties in using ntdsutil to back up your AD domain/forest (it is being used in conjunction with IFM preparations), check out my YOUTUBE channel to see other useful methods: Windows Server Backup, Acronis Backup Advanced for Active Directory


https://Marvel-IT.icu

[SHAZAM]


http://shazam.marvel-it.icu/s=94ec52a0&f=Ji9YpWx6

[YOUTUBE]

6.4.4 Create an additional Domain Controller from installation media – IFM NTDSUTIL SYSVOL FULL DIT

Tags

Related Articles

Back to top button