• Windows Server

By default, when you add a domain controller to an existing domain to ensure high availability of your Active Directory domain or to reduce access times to your Active Directory infrastructure, the data is initially replicated over the network.
However, if the 2 domain controllers are very far apart or the bandwidth is limited between them, it will be preferable to transfer the initial copy by using an USB support.

Note that this tutorial is deliberately shortened to not re-explain the same as in our previous tutorial.
If you have never added a domain controller to an Active Directory domain, refer to our tutorial "Add a domain controller to an existing AD domain" for detailed explanations.

  1. Create an IFM media
  2. Install a new domain controller from IFM media

1. Create an IFM media

To get started, plug an external hard drive or an USB key into your source domain controller.

Warning : read-only domain controllers (RODC) cannot be used as a source for the creation of this IFM media.

Then, launch a command prompt as administrator and type :

Batch

NTDSUtil
Activate instance NTDS
ifm
Create SYSVOL full E:

As you can see, this will create a snapshot of the Active Directory configuration of your domain controller used as a source.

When the backup is complete, you will see the message "IFM media created successfully in E:\" displayed in the command prompt.

On your USB support, you will find 3 folders :

  • Active Directory
  • registry
  • SYSVOL

In the "Active Directory" folder, you will find

  • ntds.dit : the Active Directory database
  • ntds.jfm : a "Flush Map Files" type file used since the anniversary update of Windows 10 and its 2016 server version as protection against write errors

In the "registry" folder, you will find 2 files "SECURITY" and "SYSTEM".
These 2 files represent 2 parts of your server registry.

In the "SYSVOL" folder, you will find a folder named with your domain name and contains :

  • Policies : group policies defined on your Active Directory domain
  • scripts : any startup and shutdown, opening and logoff, ... scripts

2. Install a new domain controller from IFM media

To install a new domain controller from IFM media, you must first install the "Active Directory Domain Services" role on your new server.
In our case, we are going to install this role on our DC3 server.

Click Next at each step, then click Install.

Once the installation of the "Active Directory Domain Services" role is complete, click on the "Promote this server to a domain controller" link.

Select "Add a domain controller to an existing domain", then click on the "Select" button.
Specify the credentials of the administrator for the domain to join, then select the domain to join (in our case : informatiweb.lan).

Then, click on Next.

In the "Additional Options" step, you will have the option of installing this domain controller from media (IFM).
Connect your USB support to this new server, check the "Specify Install from media (IFM) Options" box and click on the "..." button.

Select your USB support from the list and click OK.

By default, the wizard automatically checks the selected USB support.
The "Check" button is therefore unnecessary.

Once the verification is complete, you will need to select from which domain controller changes to this domain should be replicated in the future.

In other words, the initial replication will be made from the USB support, but future changes will be replicated over the network from the domain controller selected here.

As usual, you can choose the location of the different folders (NTDS / SYSVOL).

A summary of the configuration appears.

As indicated at the beginning of the summary, the data will be copied mainly from your USB support.

Wait while checking the system requirements.
You can ignore these warnings, but for more information on them, refer to our tutorial "Create an Active Directory domain controller on Windows Server 2016".

Wait while the domain controller is installed.

After the domain controller is installed, the server will restart.

Once the server has restarted, you will see it appear in the "Active Directory Users and Computers" console.

To see also

Comments

You must be logged in to post a comment

Share your opinion

Pinned content

Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.