How to use Install from Media to restore a domain controller

Of course, when you are restoring a domain controller or global catalog you only have option two. In addition to using precious bandwidth for an extended period of time in large deployments, it creates an ongoing maintenance problem.

Since Exchange 2000 relies on the global catalog for its Global Address List (GAL), global catalog servers must be deployed in more sites than would be required by Active Directory requirements alone. Further, if that GC becomes unavailable for a period of time, it will impact Exchange performance -- as a remote GC will have to service that site. Thus, if you have to rebuild a global catalog (especially in a multiple domain environment), it can take a significant amount of time before it is available again. In addition, this live replication increases the bandwidth demand on the WAN and virtually makes the sourcing domain controller unavailable during this time. It also initiates a full Vvjoin of File Replication service (FRS) replicas.

Windows 2003 and Windows 2000 beginning in SP3 offer a new feature called "Install from Media". Install from Media offers a DCpromo option to source the Active Directory from local media rather than another domain controller. To take advantage of this feature, you must back up a domain controller's system state (which contains the AD) and restore it to a media source such as a CD, DVD, disk or tape. On a server that's to be promoted, run DCpromo from the command line with the /adv switch:

dcpromo /adv

This switch will produce a dialog not offered during normal exe

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Active Directory Backup and Restore How to build redundancy in Active Directory replication An alternate strategy for DNS server backup Diamonds are forever, but not Active Directory backups How do I add a backup domain controller in Windows NT? Tools for quick recovery of deleted Active Directory objects Active Directory disaster recovery: Protecting the enterprise from the administrator Creating Active Directory replicas from backup tapes Chapter of the Week: Active Directory Cookbook for Windows Server 2003 and Windows 2000 -- Chapter 16, 'Backup, recovery, DIT maintenance and deleted objects' Unable to restore critical information after moving user accounts via LDIF Tips for Active Directory DC backups Active Directory Administration Using Active Directory to manage Macs in a Windows environment Troubleshooting poor Windows logon performance in Active Directory environments Common Active Directory security oversights Scripting domain controller installations: A must for Server Core Taming the LSASS.exe process for Active Directory performance and security Troubleshooting Active Directory database errors Active Directory database basics: Performing an offline defrag Branch office security: Pros and cons of read-only domain controllers Tips for Windows domain controller optimization How to rebuild the SYSVOL tree when none exists in Active Directory

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

cution of the DCpromo wizard, shown in Figure 1.

[IMAGE]
Figure 1. The dialog produced by the DCpromo /adv option lets you choose the domain information location.

This offers the administrator the option of specifying the location of restored system state files to source the Active Directory from. DCpromo will then source from the restored system state rather than an active domain controller. Once the initial sourcing is complete, replication with an active domain controller will update the new doman controller with any changes since the media was created.

Thus you could provide immediate disaster recovery of a domain controller or global catalog by maintaining a current system state backup of any domain controller in the domain and restore it to some media such as CD, DVD, tape or disk that can be viewed as local media by the server being promoted.

Hewlett-Packard, one of the first companies to adopt Windows Server 2003 in a production environment, used Install from Media as one of the critical reasons to upgrade from Windows 2000. In the Windows 2000 environment, it took HP between 3 to 5 days to rebuild a GC due to the size of the ndts.dit and the network speed (varied, of course). In Windows 2003, using Install From Media, that same rebuild takes 20 to 30 minutes. This is a huge savings in terms of downtime and performance especially for Exchange users.

Note: This doesn't eliminate the tombstone problem. If the media is more than "tombstonelifetime" days old, new media must be created and used. One administrator suggested he would post the restore files on an FTP site for download and periodically update the FTP site.

In addition, DCpromo can use an answer file with additional options provided by Windows 2003 to include commands to accommodate Install from Media.

How to use Install from Media to promote a server to a domain controller

Preparation:
Procedure:

This process will backup a domain controller in the Company.com domain, restore it to the local disk of the member server, then run DCpromo on the member server using an answer file to make the promotion an unattended process.

[IMAGE]
[IMAGE]Disaster Recovery Planning for Active Directory
[IMAGE]
[IMAGE] Part 1: How creating an AD replication lag site minimizes disasters
[IMAGE] Part 2: How to build redundancy in Active Directory replication
[IMAGE] Part 3: How to restore a domain controller from backup in AD
[IMAGE] Part 4: How to use Install from Media to restore a domain controller

Gary Olsen is a systems software engineer for Hewlett-Packard in Global Solutions Engineering. He wrote Windows 2000: Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers. Olsen is a Microsoft MVP for Windows Server-File Systems.