Windows 7 / Getting Started

Installing AD DS from Media

When you add domain controllers to a forest, data from existing directory partitions are replicated to the new DC. In an environment with a large directory or where bandwidth is constrained between a new DC and a writable DC from which to replicate, you can install AD DS more efficiently by using the IFM option. Installing from media involves creating installation media-a specialized backup of Active Directory that can be used by the Active Directory Domain Services Installation Wizard as a data source for populating the directory on a new DC. Then the new DC will replicate only updates from another writable DC, so if the installation media is recent, you can minimize the impact of replication to a new DC.

Remember that it is not only the directory that must be replicated to a new DC but SYSVOL as well. When you create your installation media, you can specify whether to include SYSVOL on the installation media.

Using IFM also allows you to control the timing of impact to your network bandwidth. You can, for example, create installation media and transfer it to a remote site during off hours, and then create the domain controller during normal business hours. Because the installation media is from the local site, the replication burden on the network is reduced, and only updates are replicated over the link to the remote site.

To create installation media:

  1. Open an elevated Command Prompt on a writable domain controller, running Windows Server 2008 R2.
    The installation media can be used to create both writable and read-only DCs.
  2. Type ntdsutil.exe, and then press Enter.
  3. At the ntdsutil prompt, type activate instance ntds, and then press Enter.
  4. Type ifm, and then press Enter.
  5. At the ifm: prompt, type one of the following commands, based on the type of installation media you want to create:
    • create sysvol full Path: Creates installation media with SYSVOL for a writable domain controller in the folder specified by Path
    • create full Path: Creates installation media without SYSVOL for a writable domain controller or an Active Directory Lightweight Directory Services (AD LDS) instance in the folder specified by Path
    • create sysvol rodc Path: Creates installation media with SYSVOL for a read-only domain controller in the folder specified by Path
    • create rodc Path: Creates installation media without SYSVOL for a read-only domain controller in the folder specified by Path

When you run the Active Directory Domain Services Installation Wizard, select the Use Advanced Mode Installation check box, and you will be presented with the Install From Media page later in the wizard. Choose Replicate Data From Media At The Following Location. You can use the ReplicationSourcePath installation option in an answer file or on the Dcpromo.exe command line.

Removing a Domain Controller

You can remove a domain controller by using Dcpromo.exe, either by launching the Active Directory Domain Services Installation Wizard or from a command prompt, specifying options at the command line or in an answer file. When a domain controller is removed while it has connectivity to the domain, it updates the forest metadata about the domain controller so that the directory knows the DC has been removed.

To use an answer file, provide the following options and values:

[DCINSTALL]
UserName=DOMAIN\username (in Administrators group of the domain)
UserDomain=FQDN of user specified by UserName
Password=password for user specified by UserName
AdministratorPassword=password will be assigned to local Administrator
RemoveApplicationPartitions=yes
RemoveDNSDelegation=yes
DNSDelegationUserName=DOMAIN\username with permissions to remove DNS delegation
DNSDelegationPassword=password for the account

Run Dcpromo.exe with the /unattend:"answer file path" and the /UninstallBinaries options, as in the following example:

dcpromo /uninstallbinaries /unattend:"c:\rodcanswer.txt"

All the options just shown in the answer file can also be specified or overridden directly on the command line. Just type a command similar to the following:

dcpromo /unattend /uninstallbinaries
    /UserName:google\dan /password:* /administratorpassword:Pa$$w0rd

If a domain controller must be demoted while it cannot contact the domain, you must use the /forceremoval option of Dcpromo.exe. Type dcpromo /forceremoval, and the Active Directory Domain Services Installation Wizard takes you through the process. Warnings appear related to any roles that the domain controller hosts. Read each warning and, after you have mitigated or accepted the impact of the warning, click Yes. You can suppress warnings by using the demotefsmo:yes option of Dcpromo.exe. After removing the DC, you must manually clean up the forest metadata.

[Previous] [Contents] [Next]

In this tutorial:

  1. Administering Domain Controllers
  2. Deploying Domain Controllers
  3. Unattended Installation Options and Answer Files
  4. Installing a New Windows Server 2008 R2
  5. Installing Additional Domain Controllers in a Domain
  6. Installing an Additional Domain Controller
  7. Installing a New Windows Server 2008 Child Domain
  8. Staging the Installation of an RODC
  9. Installing AD DS from Media
  10. Managing Operations Masters
  11. Domain-Wide Operations Master Roles
  12. Optimizing the Placement of Operations Masters
  13. Transferring Operations Master Roles
  14. Seizing Operations Master Roles
  15. Configuring DFS Replication of SYSVOL
  16. Understanding Migration Stages