Pages

Wednesday, March 8, 2017

Adding a replica Domain Controller to an existing ADDS Domain using the Install From Media (IFM)



I. Introduction
What happens when you need to deploy a new Domain Controller in a different country, but your NTDS.DIT file is over 180 Gigabytes, and your WAN is as slow as your grandmother?  Well I don’t know what you call it, but I call it a perfect storm of failure.  This is the exact situation one of my customers was facing.  Waiting for 180 gigs of data to replicate around a SLOOOW WAN isn’t my idea of a fun time!  Instead we deployed the additional Domain Controller using the install from media (IFM) method.

Using the IFM method, you can dramatically reduce the amount of replication traffic that is introduced during the installation of an additional DC.  Only objects that were modified, added, or deleted since the installation media was created will be replicated.  This leads me to my next topic.
Deploy your additional Domain Controller ASAP from the date when you created your media.  The longer you wait, the more you will have to replicate.  You will also need to deploy your IFM media before the Tombstone Life Time (TSL) of your forest.  If you go pass the TSL, then the “DCPROMO” will fail.  Unless you changed it, your TSL is set by  the OS version you created your forest on.
Tombstone Life Time:
+ Windows Server 2000 = 60 Days
+ Windows Server 2003 = 60 Days
+ Windows Server 2003 (SP1) = 180 Days
+ Windows Server 2003 R2 (SP1) = 60 Days
+ Windows Server 2003 R2 (SP2) = 180 Days
+ Windows Server 2008 / 2008 R2 = 180 Days
+ Windows Server 2012 / 2012 R2 = 180 Days
Personally, I would never deploy a Domain Controller from IFM older than 30 days.  I know in the retail space this happens all the time.  You ship out a  Domain Controller to a new store, and it sits in the backroom until the engineer arrives the night before the grand opening to install it.  The point is, try not to let this happen.  We want to save replication time, not add to it.
Okay enough talking, lets start IFM-ing!
The following steps have been accomplished:
+ DNS has been installed
+ A new Forward Lookup and Reverse Lookup Zones allowing both Secure and Non-Secure Dynamic Updates were created.
+ A static IP Address was configured with the DNS entry pointing to the corporate DNS.
+ The new server has been renamed and joined to the domain.
+ Verify the first DC has registered the Service Records in DNS for the Domain.


Model Solutions


Using NTDSUtil.exe to back up the NTDS.DIT database and the SYSVOL folder on the source domain controller.
1.        Open the command prompt as an administrator.
2.        To enter the NTDS Utility command prompt, type NTDSUTIL press enter.


3.        Set the active instance to NTDS by typing Activate Instance NTDS.
4.        Typing help at any point will display the options for the specific area of the NTDS Utility you are currently in.


5.        Type IFM to enter into the menu area to create the IFM media, followed by help to display the options to create the IFM media.


6.        To create the IFM media to include both NTDS.DIT database and the SYSVOL folder type Create Sysvol Full C:\IFM. (Note: C:\IFM is a folder on a removable media.)


7.        Type quit twice to exit the NTDS Utility.
8.        The IFM media is complete. Eject the removable media and insert it in the server to be promoted.


II. To install AD DS to the replica (ADCSrv2012).


1.        Join domain msita.local.

2.        Use Server Manager to add the Active Directory Domain Services Role to install the Binaries to support the server becoming a Domain Controller. Launch Server Manager, select Add roles and features.






3.        Review the Before You Begin page, Click Next.

4.        On the Select installation type page ensure Role-based or feature-based installation radial button is selected, click Next.






5.        On the Select destination server page Select the desired server from the Server Pool.









6.        Click on the Active Directory Domain Services box.








7.        Do not add any features on the Select features page, click Next.




8.        Review the Active Directory Domain Services information page, click next.



9.        On the Confirm installation selections page, check the Restart the destination server automatically if required box, click Yes on the confirm dialog box, click Install.



10.        The AD DS Binaries are now being installed, click Close to close the Installation progress dialog box.



11.        If you close the above window you can click on the notification flag to check on installation status.



Note: The Binaries are now installed on the server to support this server becoming a Domain Controller. Use DCPROMO to promote this computer to a Domain Controller.

III. Using Server Manager to make this server a Domain Controller and install the replica domain controller (on ADCSrv2012).

1.        In Server Manager Title bare click on the yellow triangle to perform post-deployment configuration of promote the server to a Domain Controller. Click on Promote this server to a domain controller to start the promotion wizard.



2.        On the Deployment Configuration page, select the Add a domain controller to an existing domain radial button, fill in the Domain name box with your desired AD DS Domain Name, verify the credentials change if needed, click Next.



3.        On the Domain Controller Options page select DNS and GC during this installation, Enter a desired DSRM Password, click Next. (Note: If the domain controller were located in a different site, the site name would have been pre-selected for that site if defined in AD DS.)



4.        On the Additional Options page, check Install from media. Click the … box, browse to the location of the IFM files.  Click Next.


5.        On the Paths page verify the desired locations of the Database, Log files and SYSVOL folders, change the locations is required, click Next.



6.        On the Review Options page, click Next.



          Note: If a Unattended PowerShell installation script is desired, click view script and then save from the file drop down menu.

7.        The AD DS Configuration Wizard will perform and Prerequisite check before the installation can continue. After the check is completed successfully click Install.



8.        The server will restart once the configuration has completed, the server is now a domain controller for the newly formed domain.


IV. Verifying the installation of AD DS.

1.        Logon to the Domain Controller hosting DNS.
2.        Launch the DNS console and verify the creation of Service Records for the newly established domain controller.




      ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
                                            ► Download this video, lesson for FREE
                                            ► MP4 link: updating...
                                            ► PDF link: http://fas.li/g7Uda
                                            ► Youtube:  updating...
                                            ► Alternate link: http://adf.ly/1n3zhc
                                        ► Alternate link: http://viid.me/qWYSbn
                                        ► Alternate link: http://linkshrink.net/7psGSt
                                        ► Alternate link: http://www.linkbucks.com/BDAmc
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
                                                    


Posted by at
Labels: , , ,
Location: Las Vegas, Nevada, Hoa Kỳ

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)