IT tutorials
 
Technology
 

Active Directory 2008 : Deploying Domain Controllers (part 4) - Installing AD DS from Media, Removing a Domain Controller

9/13/2013 2:10:52 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

8. Installing AD DS from Media

When you add domain controllers to a forest, data from existing directory partitions are replicated to the new DC. In an environment with a large directory or where bandwidth is constrained between a new DC and a writable DC from which to replicate, you can install AD DS more efficiently by using the IFM option. Installing from media involves creating installation media—a specialized backup of Active Directory that can be used by the Active Directory Domain Services Installation Wizard as a data source for populating the directory on a new DC. Then the new DC will replicate only updates from another writable DC, so if the installation media is recent, you can minimize the impact of replication to a new DC.

Remember that it is not only the directory that must be replicated to a new DC but SYSVOL as well. When you create your installation media, you can specify whether to include SYSVOL on the installation media.

Using IFM also allows you to control the timing of impact to your network bandwidth. You can, for example, create installation media and transfer it to a remote site during off hours, and then create the domain controller during normal business hours. Because the installation media is from the local site, the replication burden on the network is reduced, and only updates are replicated over the link to the remote site.

To create installation media:

  1. Open an elevated Command Prompt on a writable domain controller, running Windows Server 2008 R2.

    The installation media can be used to create both writable and read-only DCs.

  2. Type ntdsutil.exe, and then press Enter.

  3. At the ntdsutil prompt, type activate instance ntds, and then press Enter.

  4. Type ifm, and then press Enter.

  5. At the ifm: prompt, type one of the following commands, based on the type of installation media you want to create:

    • create sysvol full Path Creates installation media with SYSVOL for a writable domain controller in the folder specified by Path

    • create full Path Creates installation media without SYSVOL for a writable domain controller or an Active Directory Lightweight Directory Services (AD LDS) instance in the folder specified by Path

    • create sysvol rodc Path Creates installation media with SYSVOL for a read-only domain controller in the folder specified by Path

    • create rodc Path Creates installation media without SYSVOL for a read-only domain controller in the folder specified by Path

When you run the Active Directory Domain Services Installation Wizard, select the Use Advanced Mode Installation check box, and you will be presented with the Install From Media page later in the wizard. Choose Replicate Data From Media At The Following Location. You can use the ReplicationSourcePath installation option in an answer file or on the Dcpromo.exe command line.

9. Removing a Domain Controller

You can remove a domain controller by using Dcpromo.exe, either by launching the Active Directory Domain Services Installation Wizard or from a command prompt, specifying options at the command line or in an answer file. When a domain controller is removed while it has connectivity to the domain, it updates the forest metadata about the domain controller so that the directory knows the DC has been removed.

To use an answer file, provide the following options and values:

[DCINSTALL]
UserName=DOMAIN\username (in Administrators group of the domain)
UserDomain=FQDN of user specified by UserName
Password=password for user specified by UserName
AdministratorPassword=password will be assigned to local Administrator
RemoveApplicationPartitions=yes
RemoveDNSDelegation=yes
DNSDelegationUserName=DOMAIN\username with permissions to remove DNS delegation
DNSDelegationPassword=password for the account

Run Dcpromo.exe with the /unattend:“answer file path” and the /UninstallBinaries options, as in the following example:

dcpromo /uninstallbinaries /unattend:"c:\rodcanswer.txt"

All the options just shown in the answer file can also be specified or overridden directly on the command line. Just type a command similar to the following:

dcpromo /unattend /uninstallbinaries
   /UserName:contoso\dan /password:* /administratorpassword:Pa$$w0rd

If a domain controller must be demoted while it cannot contact the domain, you must use the /forceremoval option of Dcpromo.exe. Type dcpromo /forceremoval, and the Active Directory Domain Services Installation Wizard takes you through the process. Warnings appear related to any roles that the domain controller hosts. Read each warning and, after you have mitigated or accepted the impact of the warning, click Yes. You can suppress warnings by using the demotefsmo:yes option of Dcpromo.exe. After removing the DC, you must manually clean up the forest metadata.

Practice Deploying Domain Controllers

Practice Deploying Domain Controllers

In this practice, you perform the steps required to install an additional domain controller in the contoso.com domain. You install AD DS and configure an additional DC, using the Active Directory Domain Services Installation Wizard. You will not complete the installation. Instead, you save the settings as an answer file and use the settings to perform an unattended installation, using the Dcpromo.exe command with installation options.

To perform this exercise, you need a second server running Windows Server 2008 full installation. The server must be named SERVER02, and it should be joined to the contoso.com domain. Its configuration should be as follows:

  • Computer Name: SERVER02

  • Domain Membership: contoso.com

  • IPv4 address: 10.0.0.12

  • Subnet Mask: 255.255.255.0

  • Default Gateway: 10.0.0.1

  • DNS Server: 10.0.0.11

EXERCISE 1 Create an Additional DC with the Active Directory Domain Services Installation Wizard

In this exercise, you use the Active Directory Domain Services Installation Wizard (Dcpromo.exe) to create an additional domain controller in the contoso.com domain. You do not complete the installation, however. Instead, you save the settings as an answer file, which will be used in the next exercise.

  1. Log on to SERVER02 as CONTOSO\Administrator.

  2. Click Start, click Run, type Dcpromo.exe, and then press Enter.

    Active Directory binaries are installed.

  3. Click Next.

  4. On the Operating System Compatibility page, review the warning about the default security settings for Windows Server 2008 R2 domain controllers, and then click Next.

  5. On the Choose A Deployment Configuration page, select Existing Forest, select Add A Domain Controller To An Existing Domain, and then click Next.

  6. On the Network Credentials page, type contoso.com in the text box, select My Current Logged On Credentials, and then click Next.

  7. On the Select A Domain page, select contoso.com and click Next.

  8. On the Select A Site page, select Default-First-Site-Name and click Next.

    The Additional Domain Controller Options page appears. DNS Server and Global Catalog are selected by default.

  9. Clear the Global Catalog and DNS Server check boxes, and then click Next.

    An Infrastructure Master Configuration Conflict warning appears.

  10. Click Do Not Transfer The Infrastructure Master Role To This Domain Controller, I Will Correct The Configuration Later.

  11. On the Location For Database, Log Files, And SYSVOL page, accept the default locations for the database file, the directory service log files, and the SYSVOL files and click Next.

    The best practice in a production environment is to store these files on three separate volumes that do not contain applications or other files not related to AD DS. This best practices design improves performance and increases the efficiency of backup and restore.

  12. On the Directory Services Restore Mode Administrator Password page, type a strong password in both the Password and Confirmed Password boxes. Click Next.

    Do not forget the password you assigned to the Directory Services Restore Mode Administrator.

  13. On the Summary page, review your selections.

    If any settings are incorrect, click Back to make modifications.

  14. Click Export Settings.

  15. Click Browse Folders.

  16. Select Desktop.

  17. In the File Name box, type AdditionalDC and click Save.

    A message appears, indicating that settings were saved successfully.

  18. Click OK.

  19. On the Active Directory Domain Services Installation Wizard Summary page, click Cancel.

  20. Click Yes to confirm that you are cancelling the installation of the DC.

EXERCISE 2 Add a Domain Controller from the Command Line

In this exercise, you examine the answer file you created in Exercise 1, “Create an Additional DC with the Active Directory Domain Services Installation Wizard.” You use the installation options in the answer file to create a Dcpromo.exe command line to install the additional domain controller.

  1. Open the AdditionalDC.txt file you created in Exercise 1.

  2. Examine the answers in the file. Can you identify what some of the options mean?

    Tip: Lines beginning with a semicolon are comments or inactive lines that have been commented out.

  3. Open a command prompt.

    You will be building a command line, using the options in the answer file. Position the windows so you can see both Notepad and the command prompt, or print the answer file for reference.

  4. Determine the command line to install the domain controller with the configuration contained in the answer file.

    Parameters on the command line take the form /option:value, whereas in the answer file they take the form option=value.

  5. Type the following command and press Enter:

    dcpromo /unattend /replicaornewdomain:replica
        /replicadomaindnsname:contoso.com /sitename:Default-First-Site-Name
        /installDNS:No /confirmGC:No /CreateDNSDelegation:No
        /databasepath:"C:\Windows\NTDS" /logpath:"C:\Windows\NTDS"
        /sysvolpath:"C:\Windows\SYSVOL" /safemodeadminpassword:password
        /transferimroleifnecessary:no

    where password is a complex password.

  6. Installation completes, and the server reboots.

EXERCISE 3 Create Installation Media

You can reduce the amount of replication required to create a domain controller by promoting the domain controller, using the IFM option. IFM requires that you provide installation media, which is, in effect, a backup of Active Directory. In this exercise, you create the installation media.

  1. Log on to SERVER01 as Administrator.

  2. Open a command prompt.

  3. Type ntdsutil and press Enter.

  4. Type activate instance ntds and press Enter.

  5. Type ifm and press Enter.

  6. Type ? and press Enter to list the commands available in IFM mode.

  7. Type create sysvol full c:\IFM and press Enter.

    The installation media files are copied to C:\Ifm.
 
Others
 
- Active Directory 2008 : Deploying Domain Controllers (part 3) - Installing a New Windows Server 2008 Child Domain, Staging the Installation of an RODC
- Active Directory 2008 : Deploying Domain Controllers (part 2) - Installing Additional Domain Controllers in a Domain
- Active Directory 2008 : Deploying Domain Controllers (part 1) - Installing a Domain Controller with the Windows Interface
- SQL Server 2012 : Demystifying Hardware - Processor Vendor Selection
- SQL Server 2012 : Demystifying Hardware - How Workload Affects Hardware and Storage Considerations
- BlackBerry Bold 9700 and 9650 Series : Using Your Bookmarks to Browse the Web, Searching with Google
- BlackBerry Bold 9700 and 9650 Series : Setting Your Browser Start Page
- BlackBerry Bold 9700 and 9650 Series : Copying or Sending the Web Page You Are Viewing, Setting and Naming Bookmarks
- SQL Server 2008 : SQL Server Profiler (part 5) - Deadlock diagnosis, Blocked process report, Correlating traces with performance logs
- SQL Server 2008 : SQL Server Profiler (part 4) - RML utilities
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us