Installing AD DS from Media

Installing AD DS from Media

Updated: June 13, 2008

You can use Ntdsutil.exe to create installation media for additional domain controllers that you are creating in a domain. By installing from media, you can minimize the replication of directory data over the network. This helps you install additional domain controllers in remote sites more efficiently.

Ntdsutil.exe can create the two types of installation media as described in the following table.

Note:

Although you can run ntdsutil with an option to include the SYSVOL shared folder in the installation media, the SYSVOL folder will not be used when you create the additional domain controller. The SYSVOL folder from the installation media is not used because SYSVOL must be absent when the Active Directory Domain Services server role starts on a server running Windows Server 2008.

To create installation media for a full (or writable) domain controller, you must run the ntdsutil ifm command on a writable domain controller.

To create installation media for an RODC, you can run the ntdsutil ifm command on either a writable domain controller or an RODC that runs Windows Server 2008. For RODC installation media, ntdsutil removes any cached secrets, such as passwords.

Type of installation media	Parameter	Description
Full (or writable) domain controller	Create Full %s	Creates installation media for a writable domain controller or an Active Directory Lightweight Directory Services (AD LDS) instance into folder %s
Read-only domain controller	Create RODC %s	Creates installation media for an RODC into folder %s

You cannot run the ifm command on a domain controller that runs Windows Server 2003. However, you can create a backup of a Windows Server 2003 domain controller and then use the dcpromo /adv command to create a Windows Server 2003 domain controller.

You can use a 32-bit domain controller to generate installation media for a 64-bit domain controller, and vice-versa.

You can use the following procedure to create AD DS installation media.

Administrative credentials

To create installation media, you must be able to log on to a domain controller interactively and be able to make a backup.

On a writable domain controller, this means that you must be a member of the Builtin Administrators, Server Operators, Domain Admins, or the Enterprise Admins groups to perform the following procedure.

On an RODC, a delegated user can create the installation media, but you can only create RODC installation media (not installation media for a writable domain controller) on an RODC.

To create installation media

1. Click Start, right-click Command Prompt, and then click Run as administrator to open an elevated command prompt. 2. Type the following command, and then press ENTER: ntdsutil 3. At the ntdsutil prompt, type the following command, and then press ENTER: activate instance ntds 4. At the ntdsutil prompt, type the following command, and then press ENTER: ifm 5. At the ifm: prompt, type the command for the type of installation media that you want to create, and then press ENTER. For example, to create RODC installation media, type the following command: Create rodc C:\InstallationMedia Where: C:\InstallationMedia is the path to the folder where you want the installation media to be created. You can save the installation media to a network shared folder or to any other type of removable media.

When you create additional domain controllers in the domain, you can refer to the shared folder or removable media where you store the installation media—on the Install from Media page in the Active Directory Domain Services Installation Wizard or by using the /ReplicationSourcePath parameter during an unattended installation.

The wizard installs AD DS using the data in the installation media, which eliminates the need to replicate every object from a partner domain controller. However, objects that were modified, added, or deleted since the installation media was created must be replicated. If the installation media was created recently, the amount of replication that is required is considerably less than the amount of replication that is required for a regular AD DS installation.

Note that the entire SYSVOL data must be replicated from another domain controller.