Identity with Windows Server 2016:Microsoft 70-742 MCSA Exam Guide
上QQ阅读APP看书,第一时间看更新

Installing a domain controller from Install from Media (IFM)

Sometimes, the network connection between two sites can be slow or unreliable. Bad network connectivity can cause issues with user authentication and reduce productivity. In this case, the best solution is to deploy an additional domain controller to the secondary site. The domain controller on the site will improve the authentication process, but before you add an additional domain controller to the domain, you need to avoid bad network issues during the initial AD DS replication, because the complete AD DS database and SYSVOL folder need to be replicated to the additional domain controller. Using the Install from Media (IFM) option, you will significantly reduce the amount of network traffic during the initial replication. To install the domain controller by IFM, you basically need to create a backup of AD DS and save the data to a USB drive or shared location.

The process starts on a read-write domain controller. RODC isn't a candidate for IFM, because you can't perform AD DS backup on a read-only database. You need to use the ndtsutil command-line tools to create an AD DS backup, which will be used later to promote an additional domain controller:

Ntdsutil
Activate instance ntds
Ifm
create SYSVOL full C:\IFM

The whole process will last less than one minute, and then you can find all the necessary files in the provided folder. Once you have the AD DS backup on a local drive, you need to copy all the files to a new domain controller using a USB or external drive. The process of promoting a new domain controller using IFM is the same as the standard way, with only one difference. If you use the GUI wizard, on the Additional Setting tab, you just need to check the Install from Media checkbox and browse to the local folder where the AD DS backup files are stored.

The files will be verified automatically. If everything is fine with the AD DS backup, you will be able to go on to the next tab:

If the path isn't correct, you'll receive an error message:

If you use PowerShell to promote a new domain controller, you just need to add one more switch in the PowerShell command. You need to add a few more switches, so the command will look as follows:

Import-Module ADDSDeployment
Install-ADDSDomainController -DomainName "mcsacertguide.local" -CriticalReplicationOnly:$false -InstallationMediaPath "C:\IFM" -CreateDnsDelegation:$false -ForestMode "WinThreshold" -DomainMode "WinThreshold" -DomainNetbiosName "MCSACERTGUIDE" -InstallDns:$true -SiteName "Default-First-Site-Name" -DatabasePath "C:\Windows\NTDS" -LogPath "C:\Windows\NTDS" -SysvolPath "C:\Windows\SYSVOL" -NoRebootOnCompletion:$false -Force:$true

After initial replication using IFM, the new domain controller will replicate the other domain controllers using multi-master replication, the standard replication method.