Like This Blog 3

Added by Rick Trader January 7, 2013

In this blog we will explore how to add a Windows Server 2012 replica Domain Controller using Install From Media (IFM) method. 

For More see:
Establishing an AD DS Forest
Adding a replica Domain Controller to an existing AD DS Domain

When we promote a server to become a replica domain controller, it will require connectivity to another domain controller to copy the active directory database from.  If the server that is being promoted is located in a remote location the database will be copies of the WAN link. If the link is slow and the database is large this could take a long time. To minimize WAN traffic the database can be made available through removable media and then used by the server during the promotion process. 

Using Microsoft’s best practices the Domain Name System (DNS) has been configured to support our domain. The following steps have been accomplished:

• DNS has been installed
• A new Forward Lookup and Reverse Lookup Zones allowing both Secure and Non-Secure Dynamic Updates were created.
• A static IP Address was configured with the DNS entry pointing to the corporate DNS.
• The new server has been renamed and joined to the domain.
• Verify the first DC has registered the Service Records in DNS for the Domain. (see diagram below)

Note: Before backing up the database to removable media use REPADMIN to ensure the domain controller has finished replication.

Using NTDSUtil.exe to back up the NTDS.DIT database and the SYSVOL folder on the source domain controller.

1. Open the command prompt as an administrator.
2. To enter the NTDS Utility command prompt, type NTDSUTIL press enter.

3. Set the active instance to NTDS by typing Activate Instance NTDS.

4. Typing help at any point will display the options for the specific area of the NTDS Utility you are currently in.

5. Type IFM to enter into the menu area to create the IFM media, followed by help to display the options to create the IFM media.

6. To create the IFM media to include both NTDS.DIT database and the SYSVOL folder type Create Sysvol Full E:\IFM.

Note: E:\IFM is a folder on a removable media.

7. Type quit twice to exit the NTDS Utility
8. The IFM media is complete. Eject the removable media and insert it in the server to be promoted.

To install AD DS to the replica.

1. Use Server Manager to add the Active Directory Domain Services Role to install the Binaries to support the server becoming a Domain Controller. Launch Server Manager, select Add roles and features.

2. Review the Before You Begin page, Click Next.
3. On the Select installation type page ensure Role-based or feature-based installation radial button is selected, click Next.

4. On the Select destination server page Select the desired server from the Server Pool.

        Note: The 2012 Server Manager allows roles and features to be installed remotely.

5. Click on the Active Directory Domain Services box.

6. The Add features that are required for Active Directory Domain Service dialog box pops up, select Add Features, click Next.

7. Do not add any features on the Select features page, click Next.

8. Review the Active Directory Domain Services information page, click next.

9. On the Confirm installation selections page, check the Restart the destination server automatically if required box, click Yes on the confirm dialog box, click Install.

 10. The AD DS Binaries are now being installed, click Close to close the Installation progress dialog box.

 11. If you close the above window you can click on the notification flag to check on installation status.

Note: The Binaries are now installed on the server to support this server becoming a Domain Controller. Use DCPROMO to promote this computer to a Domain Controller.

Using Server Manager to make this server a Domain Controller and install the replica domain controller.

1. In previous versions of Windows Server you used DCPROMO to create the first Domain Controller. On Window Server 2012 running DCPROMO will result in the following dialog box. DCPROMO is still supported for unattended installations.

2. In Server Manager Title bare click on the yellow triangle to perform post-deployment configuration of promote the server to a Domain Controller.

3. Click on Promote this server to a domain controller to start the promotion wizard.

4. On the Deployment Configuration page, select the Add a domain controller to an existing domain radial button, fill in the Domain name box with your desired AD DS Domain Name, verify the credentials change if needed, click Next.

5. On the Domain Controller Options page De-select DNS or GC during this installation, Enter a desired DSRM Password, click Next.

Note: If the domain controller were located in a different site, the site name would have been pre-selected for that site if defined in AD DS.

6. On the Additional Options page, check Install from media. Click the … box, browse to the location of the IFM files.  Click Next

7. On the Paths page verify the desired locations of the Database, Log files and SYSVOL folders, change the locations is required, click Next.

8. On the Review Options page, click Next

Note: If a Unattended PowerShell installation script is desired, click view script and then save from the file drop down menu.

9. The AD DS Configuration Wizard will perform and Prerequisite check before the installation can continue. After the check is completed successfully click Install

 10. The server will restart once the configuration has completed, the server is now a domain controller for the newly formed domain.

Verifying the installation of AD DS

1. Logon to the Domain Controller hosting DNS.
2. Launch the DNS console and verify the creation of Service Records for the newly established domain controller.

AD DS is now installed.  In the next part we will examine creating a replica domain controller using cloning. Until then, RIDE SAFE!

Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ