Preparing a Server Computer for Shipping and Installation from Backup Media
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The specific guidelines for installing Active Directory from backup media are provided in the topic Installing a Domain Controller in an Existing Domain Using Restored Backup Media. Be sure to read that topic before performing the procedures that are specified in this topic.
When you want to ship theserver to a remote site and install Active Directory by restoring from backup media in the remote site, you must make certain choices regarding the method that you use to restore the backup. You must also decide whether to use removable media or ship the backup on the server that will become the additional domain controller. You can use the information in this topic to make these decisions and to prepare the server for shipping. Use the information in Installing a Domain Controller in an Existing Domain Using Restored Backup Media to perform the actual backup, restore, and Active Directory installation procedures.
Preparing a computer for installation in a remote site by using restored backup media requires that you perform the following tasks:
Begin by backing up system state on a domain controller in the domain into which you are installing the domain controller according to the recommendations and requirements in Installing a Domain Controller in an Existing Domain Using Restored Backup Media.
Determine whether to restore the system state backup onto the computer that will be promoted or use removable media to ship the backup files separately from the computer.
Determine the volume on which to restore the backup media. If you have a large Ntds.dit file, this decision can affect the amount of time necessary for Active Directory installation. If you have a large SYSVOL, this decision can affect whether full replication of SYSVOL occurs during Active Directory installation. The ability to use the backup media to source SYSVOL depends on various factors. If you want to avoid full replication of SYSVOL, additional preparation is required, as described later in this section.
Before you ship the server, enable Remote Desktop access on the server so that you can install the domain controller and manage it remotely. You can also enable Remote Desktop remotely by using the registry, but this method should be used only as a fallback measure if, through some oversight, Remote Desktop is not enabled prior to shipping.
If you are installing a domain controller that is running Windows Server 2003 with Service Pack 1 (SP1) in a forest that has a forest functional level of Windows Server 2003 or Windows Server 2003 interim and you want to include application directory partitions in the installation media, you can do so by creating an answer file that contains the location of the restored backup media and then running an unattended installation of Active Directory.
Restore the Backup to the Promotion Computer or Ship Removable Media
When you back up system state for the purpose of creating restored backup media for domain controller installation, you can use various methods to create the media for shipment and installation. You can:
Before you ship the server, restore the backup directly to a volume on the server that you are shipping. When the server arrives at the remote site, it is ready for installation with no further preparation.
Copy the .bkf file onto removable media before restoration. Ship the media to the remote site, and then restore the backup from the removable media to an alternate location on each domain controller that you want to install. The advantage of this method is that you retain the potential for SYSVOL to be sourced from the backup media.
Restore the backup to any location on any server and then copy the restored backup to removable media, such as a CD, DVD, or portable hard drive. The advantage of using this method is that you restore the backup only once; you can install as many domain controllers as necessary from the same media. The disadvantage is that copying the restored files loses the SYSVOL data that is required for sourcing SYSVOL from the restored backup. For more information about ensuring that SYSVOL is sourced from the restored backup, see "Seeding the SYSVOL tree from restored files during IFM promotion" in article 311078, "How to use the Install from Media feature to promote Windows Server 2003–based domain controllers," on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=37924).
Determine the Restore Volume
The volume on which you restore the system state backup has implications for both Active Directory files and SYSVOL files. For faster restore, it is recommended that you restore the backup to the volume that you will designate to host the Ntds.dit file when you run Dcpromo, if space permits. Otherwise, restore the backup to a volume that has sufficient free space. Restoring the backup to the volume that will store Ntds.dit, as opposed to a different volume, affects how files are managed by the system during and after Active Directory installation, as follows:
Active Directory files. The volume to which you restore the Ntds.dit and NTDS log files determines how long installation will take and whether you must delete copied files following installation:
If you restore the system state to a location on the same volume (drive letter) that will ultimately host the Ntds.dit and NTDS log files, when you designate the path for the Ntds.dit and NTDS log files during installation, the Active Directory Installation Wizard will move the Ntds.dit and NTDS log files from the restored location to their installed location. Moving the files is much faster than copying the files.
If you restore the system state to a different volume than the volume that will ultimately host the Ntds.dit and NTDS log files, the Active Directory Installation Wizard will copy the Ntds.dit and NTDS log files to their final location during installation. In the case of a large Ntds.dit file, the copy process can add significantly to the installation time. In this case, you must manually delete the remaining files and folders in the restored folder after a successful installation. As a best practice, we recommend that you always delete the folder that you use to receive the restored backup, regardless of whether files are copied or moved.
SYSVOL replication. The volume to which you restore the system state backup also determines whether the File Replication service (FRS) can use the restored files as the source for SYSVOL on the new domain controller or whether FRS replicates a new copy of SYSVOL from a different domain controller in the domain. To be able to use the installation media as the source for the SYSVOL data, you must restore the system state backup to the same volume as the drive that you specify in the Active Directory Installation Wizard to host the SYSVOL tree. In addition, you must perform preliminary procedures to pre-seed the SYSVOL data on the installation server. Otherwise, the data will be sourced over the network from a domain controller that is in the same domain as the new domain controller.
If you store the SYSVOL shared folder on a different volume from the Active Directory files, consider the effect of copying Active Directory files, as described earlier in this topic, as opposed to the effect of replicating the entire contents of the SYSVOL shared folder. If avoiding replication of the SYSVOL shared folder is a goal of the remote installation, restore the backup to a location that is on the same volume as the drive that will contain the SYSVOL share and perform the preliminary SYSVOL pre-seeding procedures.
In addition to the requirement that you restore the backup to the volume where SYSVOL is to be installed, successful pre-seeding of SYSVOL from the installation media also requires that SYSVOL has been replicated. If only one domain controller is installed in the domain (SYSVOL has not replicated at least once between two domain controllers in the domain), you must configure another domain controller in the domain to prepare the SYSVOL before you perform the system state backup.
Note
It is recommended that you deploy at least two domain controllers in each domain for redundancy and failover.
For complete instructions for how to ensure that SYSVOL is sourced from the restored backup, see "Seeding the SYSVOL tree from restored files during IFM promotion" in article 311078, "How to use the Install from Media feature to promote Windows Server 2003–based domain controllers," on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=70809). To assess the effect of replication, as opposed to additional configuration to source SYSVOL from the backup media, test both procedures in a lab environment that mirrors your production environment in terms of wide area network (WAN) speed and replication latency.
Enable Remote Desktop
You can use Remote Desktop to connect to the domain controller and manage it as if you were sitting at the console. Remote Desktop is disabled by default in Windows Server 2003 operating systems. To install Active Directory, you must have Domain Admins credentials in the domain into which you are adding the domain controller. This level of service administration might not be available in the remote site. In any case, you will want to be able to install and manage the domain controller from the hub site.
Create a Domain Controller Installation Answer File
If you want to include application directory partitions in the restored backup media that you use as the source for an Active Directory installation, you must create a domain controller installation answer file and perform an unattended Active Directory installation. Dcpromo uses the answer file for installation instructions, including the location of restored backup media and instructions to use these files as the source for the installation.
If you are installing a domain controller in a remote site that will also be a DNS server, you might want to include application directory partitions in the installation media rather than replicating them. You can include application directory partitions in the installation media if the following conditions apply:
The forest has a functional level of Windows Server 2003 or Windows Server 2003 interim.
The domain controller that you back up and the server that you are installing are both running Windows Server 2003 with SP1.
For creating a DNS server, your forest uses Active Directory-integrated DNS (DNS zone data is stored in application directory partitions on DNS servers in the forest).
The domain controller that you back up stores the application directory partitions that you want to include.
Instructions for performing this type of installation are included in this task.
Task requirements
The following tools are necessary to complete this task:
Ntbackup.exe
System Control Panel
Dcpromo.exe
Ref.chm on the Windows Server 2003 installation CD (for unattended installations only)
To complete this task, perform the following procedures:
Back up system state on a domain controller in the domain into which you are installing the additional domain controller. The following requirements apply for the backup domain controller and the target server:
The backup domain controller and target server must be running the same version of Windows Server 2003. For example, if the domain controller that you back up is running Windows Server 2003 with SP1, you cannot use this backup media to install Active Directory on a server that is running Windows Server 2003 with no service pack installed.
The backup domain controller and target server must be running on the same hardware platform (32-bit or 64-bit).
To install a domain controller that is a global catalog server, you must back up system state on a global catalog server.
To install a domain controller that is a DNS server (that is, a server that stores the DomainDNSZones and ForestDNSZones application directory partitions), you must back up system state on a DNS server that stores these directory partitions.
Restore system state to an alternate location. This location can be on the target server or in a different location, from which the backup files can be copied to removable media and then shipped to the remote site separately from the target server. Follow the guidelines described in "Determine the Restore Volume" earlier in this topic.
As an alternative, you can copy the unrestored .bkf file to removable media and then ship the media to the remote site, where it can be restored to a location on the target server.
When you restore, you must run Ntbackup on the server that has the alternate location. Therefore, if you are restoring to an alternate location that is not on the server on which the .bkf file is stored, before you run Ntbackup, do the following:
Share the folder that contains the .bkf file.
Map a connection to it from the computer on which you are running Ntbackup.
Enable Remote Desktop on the target server.
If you are installing a DNS server or a domain controller that will store any application directory partitions, Create an answer file for domain controller installation.
Ship the domain controller and any prepared removable media and answer file to the remote site. Ship these items separately and securely.
When the server is running in the remote site, install the domain controller as follows:
Create a Remote Desktop Connection to the remote server.
If you are installing a domain controller that does not require application directory partitions to be included in the installation, Install Active Directory from restored backup media.
If you are installing a domain controller that will be a DNS server or that requires other application directory partitions to be included in the installation media, perform the procedure to Include application directory partitions in an Active Directory installation from backup media.
If the domain controller is to be a DNS server, Install the DNS Server service after Active Directory has been installed.
See Also
Concepts
Installing a Domain Controller in an Existing Domain Using Restored Backup Media