asked on Domain Controller IFM (Install From Media): Is it worth it?
How big does AD have to be (and how slow does the link need to be) to justify installing a new domain controller in a regional office using the IFM (Install From Media) method?
I think we'll have a 50 mbps symmetrical site-to-site VPN.
Our NTDS folder is 375 megs in size.
Should I use IFM or just do it the regular way?
I'm no pro so picking the easy method is very much preferable.
Reading about IFM here:
https://social.technet.microsoft.com/wiki/contents/articles/8630.step-by-step-guide-to-install-an-additional-domain-controller-by-using-ifm.aspx
I became concerned reading this passage:
"Important :
The next steps are required to change the SYSVOL folder security settings. These steps change the file hash, which will become the same file hash as in the IFM. If you use DFS Replication, SYSVOL will keep the presided data only if the file hash on the source domain controller and the destination server are the same
On the destination server, right-click the SYSVOL folder, and then click Properties.
Click the Security tab, and then click Advanced.
Click the Auditing tab, and then click Edit.
Clear the Include inheritable auditing entries from this object’s parent check box, and then select it again.
Click Apply, and then click OK.
"
The existing domain controllers are Server 2012 and the new one will be Server 2016. The functional level will remain at Server 2008 R2
I think we'll have a 50 mbps symmetrical site-to-site VPN.
Our NTDS folder is 375 megs in size.
Should I use IFM or just do it the regular way?
I'm no pro so picking the easy method is very much preferable.
Reading about IFM here:
https://social.technet.microsoft.com/wiki/contents/articles/8630.step-by-step-guide-to-install-an-additional-domain-controller-by-using-ifm.aspx
I became concerned reading this passage:
"Important :
The next steps are required to change the SYSVOL folder security settings. These steps change the file hash, which will become the same file hash as in the IFM. If you use DFS Replication, SYSVOL will keep the presided data only if the file hash on the source domain controller and the destination server are the same
On the destination server, right-click the SYSVOL folder, and then click Properties.
Click the Security tab, and then click Advanced.
Click the Auditing tab, and then click Edit.
Clear the Include inheritable auditing entries from this object’s parent check box, and then select it again.
Click Apply, and then click OK.
"
The existing domain controllers are Server 2012 and the new one will be Server 2016. The functional level will remain at Server 2008 R2
VPNSecurityActive DirectoryWindows 10Azure
Last Comment
mike2401
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks!
-Mike
-Mike
Look at the numbers simply. You'll need to transfer about 375MB of data over a 50Mb link. That indicates about 60 seconds of raw transfer time. Of course, it will take longer with overhead and other things, but that's still a very short time.
I'd use the traditional method and keep the process simple.