Active Directory Domain Services: Install from (restored backup) media (IFM) - Windows Server blog by Kurt Roggen [BE]
woensdag 12 september 2007 12:08 Kurt Roggen

Active Directory Domain Services: Install from (restored backup) media (IFM)

As with Windows Server 2003, you can use restored backup media to minimize replication traffic during AD DS installation on a server that is running Windows Server 2008.  You can use this installation method to install a new (additional) domain controller in an existing domain. 

Of course the amount of data to be replicated, depends on the up-to-dateness of your backup.  Objects that were modified, added or deleted since the backup was taken, must be replicated after the AD DS installation process. 
If the backup was recent, the amount of replication data required will be considerably smaller than the amount of replication data required for a normal AD DS installation.

The Install From Media (IFM) option only appears when the check box for "Use advanced mode installation" is selected on the Welcome page of the wizard.  This "advanced mode" is an alternative to running dcpromo /adv.

IMPORTANT: The installation media that you use must be prepared from the same type of domain controller that you are installing. The following aspects of the domain controller source and target must be identical:

  • Domain controller option: Writable (RWDC) or Read-Only (RODC)
  • Operating system: Windows 2000 Server, Windows Server 2003 or Windows Server 2008
  • Platform: x86, IA64 or x64

NOTE: A Server Core installation can be the source for installing a new domain controller on a Full installation of Windows Server 2008.

Installation Media

Windows Server 2008 includes an improved version of Ntdsutil.exe that you can use to create the installation media for both writable (RWDC) and read-only DCs (RODC).  Ntdsutil.exe can create four types of installation media:

  1. Full (or writable) domain controller (Create Sysvol Full %s)
  2. Full (or writable) domain controller without SYSVOL data (Create Full %s)
  3. Read-only domain controller (Create Sysvol RODC %s)
  4. Read-only domain controller without SYSVOL data (Create RODC %s)

Ntdsutil allows to create four types of installation media.

If the installation media does not include SYSVOL - by default - the entire SYSVOL data must be replicated from another domain controller.  If the installation media includes SYSVOL, then the new domain controller will need to replicate only changes that have been made to SYSVOL since the installation media was created.

So, you can run the ntdsutil ifm command on a writable domain controller to create an installation media for an RWDC and/or an RODC.  You can only create an installation media for a RODC from another RODC.  In case of an RODC installation media only, ntdsutil removes any cached secrets, such as passwords.

As you can see below, ntdsutil uses VSS (Volume Shadow Copy Service) to create a snapshot of AD from the running DC, replays its logs and defragments the AD database.
Ntdsutil ifm allows to create IFM media for RWDC and RODC.

After also running a "Create Sysvol full" IFM creation, this is what the filesystem looks like. Notice the StartGPOs folder...

You can also create installation media by using the Windows Server Backup tool - feature not installed by default - in Windows Server 2008.  In this case, you need to use the wbadmin (WindowsBackupAdmin) command-line tool option to restore system state data to an alternate location.

However, you should use Ntdsutil.exe because Windows Server Backup can back up only the set of critical volumes, which occupies much more space than is required for AD DS installation data.

More information: Installing AD DS from (Installation) Media

Also have a look at Jorge de Almeida Pinto's Quest for Knowledge (MVP Directory Services)

