We help IT Professionals succeed at work.

Domain Controller IFM (Install From Media): Is it worth it?

How big does AD have to be (and how slow does the link need to be) to justify installing a new domain controller in a regional office using the IFM (Install From Media) method?

I think we'll have a 50 mbps symmetrical site-to-site VPN.

Our NTDS folder is 375 megs in size.

Should I use IFM or just do it the regular way?

I'm no pro so picking the easy method is very much preferable.

Reading about IFM here:
https://social.technet.microsoft.com/wiki/contents/articles/8630.step-by-step-guide-to-install-an-additional-domain-controller-by-using-ifm.aspx

I became concerned reading this passage:

"Important :
The next steps are required to change the SYSVOL folder security settings. These steps change the file hash, which will become the same file hash as in the IFM. If you use DFS Replication, SYSVOL will keep the presided data only if the file hash on the source domain controller and the destination server are the same
On the destination server, right-click the SYSVOL folder, and then click Properties.
Click the Security tab, and then click Advanced.
Click the Auditing tab, and then click Edit.
Clear the Include inheritable auditing entries from this object’s parent check box, and then select it again.
Click Apply, and then click OK.
"

The existing domain controllers are Server 2012 and the new one will be Server 2016.  The functional level will remain at Server 2008 R2
Comment
Watch Question

CERTIFIED EXPERT

Commented:
I've never used IFM before, so let's hope someone else with more experience can offer advice.

Look at the numbers simply.  You'll need to transfer about 375MB of data over a 50Mb link.  That indicates about 60 seconds of raw transfer time.  Of course, it will take longer with overhead and other things, but that's still a very short time.

I'd use the traditional method and keep the process simple.
Senior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019
Commented:

You do not need it.


I have worked with 4GB NTDS on over-saturated 1 Mbps links and IFM was helpful with these installs.


I do use IFM for password audit though

https://www.experts-exchange.com/articles/29569/How-to-extract-hashes-from-IFM-backup.html


Author

Commented:
Thanks!

-Mike