Deploying Domain Controllers in Remote Locationsby Mitch Tulloch, author of Windows Server Hacks
WAN links often represent bottlenecks for networks running Active Directory because of their relatively low bandwidth compared with LANs. This can be a problem when you need to deploy a domain controller in a remote location. For example, if you promote a member server to the role of domain controller at a remote site that belongs to the same domain as company headquarters, the new domain controller has to replicate the entire Active Directory database from an existing domain controller at headquarters. That can swamp the WAN link for hours, causing problems for people who need to use the link for other purposes.
Windows Server 2003 offers a solution: deploying Active Directory from backup media, a method Microsoft calls "install from media." This involves backing up an existing domain controller, burning the backup file to a CD or DVD and taking it to the remote site, and then using that backup to deploy a new domain controller with a full copy of the Active Directory database. That way, no replication of AD information needs to take place over the WAN link, with the exception of any changes that may have occurred between making the backup and restoring it at the remote site.
Specifically, deploying a domain controller using backup media involves three steps:
I'll walk through these steps using two Windows Server 2003 machines, specifically:
Both of these machines belong to the same Active Directory domain named TESTTWO (testtwo.local). But before we start, a few caveats:
Start the Backup utility on TEST220 by choosing Start -> Run -> ntbackup and selecting Advanced Mode. Switch to the Backup tab and select the check box for backing up the System State on the machine:
|Figure 1. Backing up the System State on domain controller TEST220|
Save the backup as a file named
D:\ADmedia.bkf or something similar, and start the backup in the usual way. Once the backup file has been created, burn it to a CD or DVD and take it to the remote location where TEST210 is located.
Insert the disc containing the backup of the System State of TEST220 into the drive of TEST210, and once again start the Backup utility in Advanced Mode. Switch to the Restore and Manage Media tab, select Tools -> Catalog a Backup File, and type the full path to the .bkf file you want to restore:
|Figure 2. Opening the backup file|
Click on OK and select System State for what you want to restore:
|Figure 3. Restoring the System State of TEST220 onto TEST210|
Under the option "Restore files to," select "Alternate location" and specify an empty folder on a local fixed (not removable) hard drive of TEST210 as the restore location:
|Figure 4. Restoring to an alternate location|
Now start the restore, and the System State info for TEST220 will be copied to the folder you specified on TEST210.
A few more tips:
Now start the Active Directory Installation Wizard in Advanced Mode on TEST210 by choosing Start -> Run -> dcpromo /adv and walking through the screens of the wizard in the usual way, selecting "Additional domain controller for an existing domain." When the Copying Domain Information page appears, specify the location of the restored System State info from the source machine:
|Figure 5. Installing AD from the restored backup media|
If your source machine was a Global Catalog server, then the next screen will offer you the option of making your target machine a Global Catalog server too:
|Figure 6. Decide whether the new DC will host the Global Catalog|
Continue with the wizard by specifying Domain Admins credentials for the domain; a location for the AD database, the log files, and the SYSVOL folder; a Restore Mode password for your new domain controller; and so on until you reach the end of the wizard and the promotion begins. Once the machine reboots, you should have a fully functional domain controller at your remote site.
Here's a final tip: Occasionally when I've used this procedure and rebooted, I've gotten a message saying "One or more services failed to start." I've found, however, that when I reboot the machine a second time, the message doesn't recur, but it's always a good idea to check the System, Directory, and File Replication logs in the Event viewer afterward for any unusual events.
Note: You can also create an answer file and use
dcpromo /answer to perform the unattended deployment of domain controllers using install from media. See Knowledge Base article 311078 for more info. This Knowledge Base article also contains additional advanced information on installing domain controllers from backup media, and it's worth thoroughly reviewing the article before you attempt such installations.
Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.
Return to WindowsDevCenter.com.
Copyright © 2009 O'Reilly Media, Inc.