DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 311078 - Last Review: February 9, 2009 - Revision: 9.1

This article was previously published under Q311078

On This Page

SUMMARY

With the Install from Media (IFM) feature in the Active Directory Installation Wizard, you can use a restored system state backup as the data source when you promote a Microsoft Windows Server 2003-based domain controller in an existing domain. When you use IFM to promote a domain controller, you gain important advantages over network-based promotions. These advantages include:
  • Reduced use of network resources when new domain controllers are promoted in an existing domain.
  • Faster sourcing of Active Directory directory service and global catalog data to a new domain controller.
  • Improved recovery of Windows Server 2003-based domain controllers after a hardware or a software failure.

INTRODUCTION

IFM promotions include the following four steps:
  1. Installing a Windows Server 2003-based domain controller in each domain where you will be performing IFM promotions.
  2. Performing a system state backup from a Windows Server 2003-based domain controller in each domain where you will be performing IFM promotions.
  3. Restoring the system state backup to the local drive of each Windows Server 2003-based computer that you want to promote. The restored system state backup must be from a domain controller in the same domain that the new domain controller will be promoted in.
  4. Promoting the domain controllers that you installed in step 1 by using the Active Directory Installation Wizard.
This article describes how to create and to restore system state backups for IFM promotions and how to perform an IFM promotion.

Notes
  • You must have administrative credentials to perform IFM promotions.
  • To promote an R2 domain controller, the backup must be taken from the Windows Server 2003 with SP2 domain controller, or from the Windows Server 2003 R2 domain controller. If you try to promote an R2 domain controller with media from an SP1 domain controller, you will receive the following error message:
    The operation failed because: Active Directory could not be restored, because the backup files were taken on a different build of the operating system.

MORE INFORMATION

Installing a new domain controller

Install a Windows Server 2003-based domain controller in each domain where you will be performing IFM promotions. If you want IFM-promoted replica domain controllers to source global catalog partitions during promotion, make the Windows Server 2003-based domain controller that will be used to create system state backups a global catalog server.

Backing up the system state

  1. Log on to a Windows Server 2003-based domain controller in the domain where you will be performing IFM promotions. You must be a member of the Domain Admins security group or the Backup Operators security group to back up the system state. If you want IFM-promoted domain controllers to source the global catalog during IFM promotion, log on to a Windows Server 2003-based domain controller that also hosts the global catalog.
  2. Make sure that each domain controller whose system state backup will be used during IFM promotions hosts a complete copy of the global catalog.

    Note Event ID 1119 appears in the directory service event log after full replication of a newly-promoted global catalog.
  3. Click Start, click Run, type ntbackup, and then click OK. (If the Backup utility starts in wizard mode, click the Advanced Mode hyperlink.)
  4. From the Backup tab, click to select the System State check box in the left pane. Do not back up the file system part of the SYSVOL tree separately from the system state backup.
  5. In the Backup media or file name box, specify the drive, path, and file name of the system state backup.

    We recommend that you use a file name for the .bkf file that includes the following information:
    • The fully qualified computer name that includes the domain name of the domain controller where the backup was performed.
    • Whether the domain controller is a global catalog server.
    • Whether the backup domain controller contains MD5 checksum data to source the SYSVOL tree.
    • The date that the backup was performed.
    You might use a file name format that is similar to the following:
    X:\Fully_Qualified_Computer_Name.Build_Number.Service_Pack_Revision.[No]GC.[No]MD5.TSL.YYYYMMDD.bkf
    where
    • Fully_Qualified_Computer_Name is the host name and the domain name of the domain controller. This must be the domain name of the domain where the system state was backed up.
    • Build Number is the build number of the operating system that was backed up.
    • Service_Pack_Revision is the service pack build number and the service pack version for the operating system that was backed up.
    • [No]GC indicates whether the backup originated from a global catalog or not.
    • [No]MD5 indicates whether the system state backup contains MD5 checksum data for the files and folders in the SYSVOL tree.
    • TSL is the value in days for the tombstoneLifetime attribute when the backup was performed. (The default is 60 days.)
    • YYYYMMDD is the year, month, and day that the backup was performed.
    Consider this scenario: You create a system state backup of a global catalog domain controller on July 1, 2004. The domain controller is in the CONTOSO.COM domain, and its name is DC1. The tombstoneLifetime attribute for the forest determines both the useful life of a system state backup and how frequently the garbage collection routines are run. (Garbage collection routines remove items that were previously marked for deletion.) In this scenario, you might use a file name that is similar to the following:
    DC1.CONTOSO.COM.3790.SP0.GC.MD5.60.2004.07.01.BKF
    A system state backup that you make of DC1 on July 1, 2004, remains valid until July 29, 2004. For the next 60 days, you can use the backup to source the schema, the configuration, the CONTOSO.COM domain partition, and the global catalog on IFM-promoted replica domain controllers in the CONTOSO.COM domain.

    You may save the .bkf file to a local volume or to a network share. The network share can be on the domain controller that will be promoted in the same domain.
  6. Click Start Backup, and then click Advanced. Click to clear the Automatically backup System Protected Files with the System State check box. Click OK, and then click Start Backup. System protected files are not used for IFM promotions. These files decrease the size of the .bkf file by several hundreds of megabytes.
  7. In Backup Progress, click Report... to see the skipped files. Any files in the SYSVOL tree that were skipped by the backup process will not be sourced from the installation media when the media is used for promotion. Instead, the skipped files will be replicated over the network. If replication from the system state is critical, break any file locks, and then back up a new system state. You may receive a message that is similar to the following
    "Warning: Unable to open "<Drive>:\<PATH>\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory"
    if the File Replication Service (FRS) is running. This error may be ignored, and the FRS can continue to run when the system state backup is performed.
Note
  • The domain controller that was used to back up the system state must be running Windows Server 2003. When you try to use a system state backup from a Microsoft Windows 2000-based domain controller to source a Windows Server 2003-based domain controller in the same target domain, you may receive the following error message:
    The operation failed because:
    Active Directory could not be restored, because the backup files were taken on a different build of the operating system. User Action. Use a backup of the same build of the operating system and retry the restore operation. "A local error has occurred." This server has been disjoined from domain <domain name>
  • To source the global catalog partition during IFM promotion, you must back up the system state on the global catalog domain controller in the domain that contains the new domain controller.
  • You can perform system state backups locally or over a Terminal Services connection.
  • To reduce the size of the system state backup and the time to back up and to restore the system state, click to clear the Automatically backup System Protected Files with the System State check box that is mentioned in step 6 of the "Backing up the system state" section.

Restoring the system state backup

  1. Log on to the Windows Server 2003-based computer that you want to promote. You must be a member of the local administrators group on this computer.
  2. Click Start, click Run, type ntbackup, and then click OK. (If the Backup utility starts in wizard mode, click the Advanced Mode hyperlink.)
  3. In the Backup utility, click the Restore and Manage Media tab. In the Tools menu, click Catalog a backup file..., and then locate the .bkf file that you created earlier. Click OK.
  4. Expand the contents of the .bkf file, and then click to select the System State check box.
  5. In Restore files to:, click Alternate Location. To restore the system state, type the logical drive and the path. We suggest that you type X:\Ntdsrestore. In this command, X is the logical drive that will ultimately host the Active Directory database when the member computer is promoted. The final location for the Active Directory database is selected when you run the Active Directory Installation Wizard. This folder must be different from the folder that contains the restored system state.

    Note Use the Alternate Location option in the Backup utility to put the system state backup in a different folder from its original location. If the Alternate Location option is not used, and the Active Directory database and SYSVOL tree are located in their default paths under the %systemroot% folder, a system state restore may overwrite critical system and configuration files on the computer where you are restoring the system state.

    Note Only Windows Server 2003-based domain controllers can restore the system state to an alternative location while you are running in Active Directory mode. Windows 2000-based domain controllers must be booted in DSREPAIR mode to restore the system state to an alternative location. Note that in DSREPAIR mode, client computers may receive an "Access denied" error message when they try to access Distributed File System (DFS) root information or DFS link information on the server. This behavior is expected.

    The primary goal of an IFM promotion is to optimally source Active Directory. The volume that system state backups are restored to determines whether the Active Directory Ntds.dit and NTDS log files are moved or copied to their final location during IFM promotion.

    If the system state is restored to the same volume as the drive that will ultimately host the Ntds.dit and NTDS log files, the IFM promotion process will move the Ntds.dit and NTDS log files from the restored location to their final location.

    If you restore the system state to a different volume than the volume that will ultimately host the Ntds.dit and NTDS log files, the Active Directory Installation Wizard will copy the Ntds.dit and NTDS log files to their final location. You must manually delete the remaining files and folders in the restored folder after a successful promotion.

    To source the SYSVOL data from the restored backup, you must restore SYSVOL data in the system state backup to the same volume as the drive that you specified in the Active Directory Installation Wizard to host the SYSVOL tree. Otherwise, the data will be sourced over the network from a domain controller that is in the same domain as the new domain controller. For more information about how to source files and folders in the SYSVOL tree during IFM promotion, see the "Seeding the SYSVOL tree from restored files during IFM promotion" section.

    For the fastest sourcing of Active Directory, restore the system state to the same volume that will ultimately host the Active Directory database. This volume is defined when you run the Active Directory Installation Wizard.
  6. Click Start Restore, and then click OK to bypass the Not all system state data will be restored when re-directed to an alternative location option. Click OK to start restoring data. Click Close when the restore is completed.
Note The useful life for a system state backup of a domain controller is defined by the tombstoneLifetime attribute in Active Directory. By default, the setting is 60 days. To use a system state backup for IFM promotion, you must perform the backup in the number of days that are specified by the tombstoneLifetime attribute. You must not adjust system clocks forward or backward to satisfy date requirements in the Active Directory Installation Wizard. Similarly, you must not increase the value of the tombstoneLifetime attribute to extend the useful life of the backup media or of the restore media. Out of date backups create inconsistencies in Active Directory objects and attributes for different domain controllers in the same domain or in the same forest. You must reconcile these inconsistencies. When you use an out of date backup for an IFM promotion, you may receive an error message that is similar to the following:
The operation failed because:

The attempt to restore Active Directory failed because the restored copy of Active Directory is too old.

Restored Active Directory age (days): XX
Maximum restored age (days): 60 (by default)

"A local error has occurred."

You need to restore the Active Directory backup files again and restore the wizard in order to attempt the operation again.

Promoting an additional domain controller

  1. Verify that the domain controller that is to be promoted has DNS name resolution and network connectivity to existing domain controllers in the domain controller's target domain.
  2. Click Start, click Run, type dcpromo /adv, and then click OK.
  3. Click Next to bypass the Welcome to the Active Directory Installation Wizard and Operating System Compatibility dialog boxes.
  4. On the Domain Controller Type page, click Additional domain controller for an existing domain, and then click Next.
  5. On the Copying Domain Information page, click From these restored backup files:, and then type the logical drive and the path of the alternative location where the system state backup was restored. Click Next.
  6. In Network Credentials, type the user name, the password, and the domain name of an account that is a member of the domain administrators group for the domain that you are promoting in.
  7. Continue with the remainder of the Active Directory Installation Wizard pages as you would with the standard promotion of an additional domain controller.
  8. After the SYSVOL tree has replicated in, and the SYSVOL share exists, delete any remaining restored system files and folders.

Notes
  • IFM promotions are supported only to create additional domain controllers. IFM promotions are not supported to create the first domain controller in a new child domain or in a new tree that is in an existing Active Directory forest.
  • IFM-promoted domain controllers must have name resolution and network connectivity to existing domain controllers in the target domain and forest.
  • Application partitions may or may not be sourced during an IFM promotion, depending upon the service pack level of the server being promoted. The original released version of Windows Server 2003 application partitions, such as domain-wide and forest-wide DNS application partitions, or custom application partitions that are defined by administrators or by applications, are not sourced during IFM promotions unless Windows Server 2003 Service Pack 1 is installed, and the forest function level is Windows Server 2003.
  • System state backups that are used for IFM promotion must be restored to a local drive that has been assigned a drive letter on the computer that you are promoting. Restore the system state to removable drives or to removable media, such as a CD or a DVD. IFM promotions over mapped paths and over Universal Naming Convention (UNC) network paths are not supported.
  • We do not support or recommend cross-platform IFM promotions. Using a system state backup of a 32-bit DC to IFM promote a 64-bit DC or vise-versa is not supported.
Do not install Windows Server 2003 domain controllers that do not have Service Pack 1 (SP1) by using the Install replica From Media (IFM) method if the backup is taken from a Windows Server 2003 SP1 domain controller.

Advanced topics

Promoting the system state backup by using a CD, a DVD, or other removable media

System state backups may be restored or "burned" on to read-only removable media, such as a CD or a DVD. If you store your system state backup on removable media, you have an efficient and an inexpensive way to promote many domain controllers or to recover failed domain controllers. All the rules that apply to backing up, restoring, and performing IFM promotions apply. When you use removable media for IFM promotions, you have the following options:
  • Burn the .bkf file directly onto removable media.
  • Restore the .bkf file to an alternative location, and then burn the expanded image to a hard disk.
Each option has its advantages.

To burn the .bkf file on to the removable media, follow these steps:
  1. Back up the system state by following the steps in "Backing up the system state."
  2. Burn the .bkf file directly to the writable CD or DVD.
  3. Restore the .bkf file from the system state backup to the logical drive that will host the Ntds.dit file.
  4. Click Start, click Run, type dcpromo /adv, and then click OK. Specify the path of the system state backup that you restored in step 3.
To burn the .bkf file to a CD, you must also restore the system state to an alternative location on the computer that is being promoted. This method protects MD5 checksum data for the files and folders in the SYSVOL tree. Therefore, the FRS can source the SYSVOL tree by using locally-restored files instead of by using the files across the network. Additionally, the .bkf file may be compressed to fit on the CD or on the DVD.

To restore the .bkf file to an alternative location, follow these steps:
  1. Back up the system state by following the steps in the "Backing up the system state" section. Click to clear the Automatically backup System Protected Files with the System State check box that is described in step 5 of the "Backing up the system state" section to reduce the size of the system state tree.
  2. Restore the system state to an alternative location on a local volume of a Windows Server 2003-based computer that has a CD or a DVD writer installed. Specify an Alternate Location in the Backup utility to put the system state backup in a different folder. Otherwise, the system state from the computer that was backed up will be applied to the %systemroot% folder of the computer that performed the restore. This scenario may cause critical system and configuration files to be overwritten.

    Note Only Windows Server 2003-based domain controllers can restore the system state tree to an alternative location while you run in Active Directory mode.
  3. Specific files may be removed from the expanded system state tree in the \Ntdsrestore folder if disk size is an issue. See the "Reducing the size of system state backups" section for more information.
  4. Burn all the files and folders in the \Ntdsrestore folder that you restored in step 2 onto the removable media. See the "Reducing the size of system state backups" section for more information.
  5. Run the dcpromo /adv command, and then specify the path of the system state backup that is located on the removable media.
Restoring the .bkf file to an alternative location is convenient because the IFM promotion can be performed from removable media. With this option, you do not have to restore the .bkf file to an alternative location. The disadvantage of this option is that when you copy the expanded system state image to removable media, the MD5 checksum data for files in the SYSVOL tree is lost. Therefore, the contents of the SYSVOL tree must be sourced over the network.

Reducing the size of system state backups

When a domain controller is located in a domain, or in a forest, that has many objects, the size of the default system images from the domain controller may be more than the 650-megabyte (MB) capacity of CDs or the 4-gigabyte-plus capacity of DVDs. A system state backup of an Active Directory domain controller has five elements:
  • Active Directory
  • The SYSVOL tree
  • The Boot.ini file
  • The COM+ class registration database
  • The registry
Administrators may delete unnecessary elements in the system state backup if the removable media or the partition that hosts the restored backup does not contain sufficient free disk space. A system state backup that is restored to an alternative location has a matching folder name for each element of the system state backup. The following list indicates whether a system state backup element is required or whether it can be removed to reduce the backup on-disk footprint:
  • Active Directory is required.
  • The SYSVOL tree may be optionally removed. (A specific configuration is required to source the SYSVOL tree during IFM promotion. )
  • The Boot.ini file may be removed.
  • The COM+ class registration database may be removed.
  • The registry folder is required. Registry components are required as follows:
    • The Default file in the \Registry folder may be removed.
    • The SAM file is required.
    • The SECURITY folder is required.
    • The SOFTWARE file may be removed.
    • The SYSTEM file is required.
If disk space is still an issue, perform an offline defragmentation of the Ntds.dit file on the domain controller that is used to back up the system state, and then back up a new system state if appropriate. Alternatively, back up the system state from a domain controller in the appropriate domain that is not a global catalog server.

Performing unattended IFM promotions

You can perform unattended IFM promotions by using the dcpromo /answer:filename command. In this command, filename points to a Notepad file that contains a completed version of the following template:
[DCINSTALL]
UserName=SAM account name with domain admin credentials in the target domain
Password=The password for the account name
UserDomain=The domain name for the account name
DatabasePath=%systemroot%\ntds
LogPath=%systemroot%\ntds
SYSVOLPath=%systemroot%\SYSVOL
SafeModeAdminPassword=The password for an offline administrator account
CriticalReplicationOnly=no
SiteName=The name of the Active Directory site that this domain controller will reside in. This site must be created in advance in the Dssites.msc snap-in.
ReplicaOrNewDomain=Replica
ReplicaDomainDNSName=The fully qualified domain name
ReplicationSourceDC=An existing domain controller in the domain
ReplicateFromMedia=yes
ReplicationSourcePath=The local drive and the path of the backup
RebootOnSuccess=yes
For more information about the [DCINSTALL] section of the answer file, visit the following Microsoft Web site:
http://technet2.microsoft.com/WindowsServer/en/library/9639f180-c7fe-41c6-8c3d-92389023f0e71033.mspx (http://technet2.microsoft.com/WindowsServer/en/library/9639f180-c7fe-41c6-8c3d-92389023f0e71033.mspx)

Sourcing DNS application partitions during IFM promotion

You can include application directory partitions in the backup media that you use to install Active Directory. To do this, increase the forest functional level, and then install Windows Server 2003 SP1 on the domain controller that you back up and on any servers that you intend to install as domain controllers. To include application directory partitions in an Active Directory installation from backup media, follow these steps:
  1. Create the standard answer file that is required to install an additional domain controller in the domain.
  2. To include application directory partitions that are contained in the system state backup, type the following entry at the end of the answer file:
    ApplicationPartitionsToReplicate=
  3. Enter a value for "ApplicationPartitionsToReplicate" as follows:
    • If you want to include all application directory partitions, type * as the value.
    • If you want to include specific application directory partitions, type the distinguished name of each directory partition. Enclose each distinguished name in quotation marks, and separate each name by one space. For example, type the following:
      ApplicationPartitionsToReplicate="dc=app1,dc=contoso,dc=com" "dc=app2,dc=contoso,dc=com"
  4. In the "ReplicationSourcePath=" entry, type the path of the folder that contains the restored system state backup files on the installation computer.
  5. If you do not want the Active Directory Installation Wizard (Dcpromo.exe) to prompt the user for passwords, follow these steps:
    1. Type the password in the "Password" entry for the account that you will use to install the domain controller.
    2. Type the password in the "SafeModeAdminPassword" entry that you will use to provide access to Directory Services Restore Mode
    3. Save the answer file.
  6. At the command prompt, type the following command, and then press ENTER:
    dcpromo /adv /answer:"Path_of_the_Answer_File_Name"
    Active Directory installation automatically occurs. If you left passwords blank in the answer file, Active Directory Installation Wizard prompts you for your administrative password and for the Directory Services Restore Mode password. If you specified "no" for the "RebootOnSuccess" entry in the answer file, the wizard prompts you to restart the server after installation.

Seeding the SYSVOL tree from restored files during IFM promotion

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows


The FRS can source files and folders from the restored system state on the first restart after an IFM promotion if you meet the strict dependencies that the FRS requires. The system state backup must contain MD5 checksum data that is used by the FRS to determine if a restored file or folder is the same as the file versions on existing domain controllers in the domain. Additionally, the SYSVOL part of the system state backup must be restored to the same volume that is selected to host the SYSVOL tree when you run the Active Directory Installation Wizard. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
266679  (http://support.microsoft.com/kb/266679/ ) Pre-staging the File Replication service replicated files on SYSVOL and Distributed file system shares for optimal synchronization
To use IFM promotion to back up the SYSVOL tree, follow these steps:
  1. Confirm that MD5 checksums exist on the backup server.

    FRS must have constructed MD5 checksum data for the files in the SYSVOL tree. For MD5 checksums to exist, files and folders in the SYSVOL tree must have been replicated at least one time after there were two or more domain controllers in the domain. To achieve this outcome, modify every file in the SYSVOL tree before you back up the system state. (Two or more domain controllers must exist in the domain.) You can validate the existence of MD5 checksums by using the Ntfrsutil.exe tool to generate the contents of the Windows NT FRS IDTABLE.

    Any files that have a null MD5 checksum, or that have changed after you performed the backup, will be replicated over the network from an upstream partner after the promotion.
  2. Back up the system state.

    Locate an existing Windows Server 2003-based domain controller in the domain that you want to promote additional domain controllers into. This domain controller should host a complete copy of the global catalog. Its FRS database must contain MD5 values for files in the SYSVOL tree. When you modify existing files or create new files in a SYSVOL tree that contains two or more domain controllers, MD5 checksums are automatically computed.

    To back up the system state, follow these steps:
    1. Start the Backup program on the console of the domain controller that meets the backup criteria.
    2. Click to select the following nodes that are displayed in the Backup program:
      • The System State drive under My Computer.
      • X:\ParentFolder\Sysvol\Domain

        NoteX:\ParentFolder is the path that contains the SYSVOL shared folder. The default path for the SYSVOL root directory is C:\Windows\Sysvol\Domain or C:\Winnt\Sysvol\Domain. However, the root directory may be placed on another path or local NTFS volume.
    3. Type a valid name for the .bkf file in the Backup media or file name field.
    4. Click Start Backup.
    5. In Backup Job Information, click Advanced, click to clear the Automatically backup System Protected Files with the System State check box, and then click OK.
    6. Click Start Backup.
  3. Restore the system state backup.

    You can seed files and folders in the SYSVOL tree from a restored backup of either the system state folder or the Sysvol\Netlogon folders, but it is difficult to do. MD5 checksum information must have been present on the restored files and folders that were located when you backed up the SYSVOL tree.

    To restore the system state backup, follow these steps:
    1. Log on to the console of the domain controller that is being promoted. Use administrator credentials on the local computer.
    2. Start the Backup program.
    3. Catalog the backup as needed.
    4. In the left pane of the Backup program, click to select the check box that restores the System State part of the backup file.
    5. In Restore File to, click Alternate Location.
    6. In the Alternate Location box, type X:\ntdsrestore. X is the volume that the administrator will designate to host the Ntds.dit file when the computer is promoted by using the Active Directory Installation Wizard.
    7. Click Start Restore, and then let the restore process finish.
    8. If the SYSVOL tree will be hosted on a different volume than the Ntds.dit file, start the Backup program, repeat steps 3c, 3e, 3f, and 3g to restore the X:\ParentFolder\Sysvol\domain folder that you backed up in step 2b. Restore to the Y:\Ntds_sysvol folder. Y is the volume that the administrator will designate to host the SYSVOL when the computer is promoted by using the Active Directory Installation Wizard.
  4. Investigate the staging folder size.

    If the current or expected size of the SYSVOL tree will be more than 650 MB, increase the size of the staging folder on all current and future domain controllers in the domain to 1.5 times the current or the expected size in MB. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    329491  (http://support.microsoft.com/kb/329491/ ) Configuring correct staging area space for replica sets
  5. Identify the helper domain controller.

    In a network-based promotion, a new NTDS setting object and a new computer account is created or modified on a helper domain controller. The helper domain controller also has the first opportunity to source the contents of the SYSVOL share to the new domain controller.

    If the SYSVOL tree is being sourced from a locally-restored copy of the system state during an IFM-based promotion, MD5 checksums of locally-restored files are compared with the files in the SYSVOL tree of the helper domain controller.

    If the helper domain controller is running Windows 2000 Service Pack 3 or later, or Windows Server 2003, and the helper domain controller has replicated all the files that are currently in the SYSVOL tree in the last seven days, the IFM-promoted domain controller will replicate the contents of the SYSVOL tree over the network. This scenario occurs even if the system state restore contained a system state that was restored to the correct volume and that contained matching MD5 checksum data.

    To move locally-restored files with matching MD5 checksums to the SYSVOL folder, the outbound log of the helper domain controller must be trimmed.

    Note Trimming the outbound log eliminates an important performance optimization feature. This feature caches recent changes to FRS-replicated files in the outbound log and in the staging folder for immediate replication to new domain controllers that are added to the domain.

    To identify the ideal helper domain controller, locate a domain controller that has a low number of inbound and outbound connections. This domain controller must not be a significant originator or forwarder of change orders to downstream partners in SYSVOL or FRS-replicated DFS replica sets.
  6. Trim the outbound log of the helper domain controller.
    1. Changes the Outlog Change History In Minutes value in the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters
      For more information, click the following article number to view the article in the Microsoft Knowledge Base:
      221111  (http://support.microsoft.com/kb/221111/ ) Description of FRS entries in the registry
    2. Restart the FRS on the helper domain controller.
    3. List the contents of the helper domain controller outbound log by using the ntfrsutl outlog command. The contents of the current outbound log must contain only files that have been modified after you changed the registry and restarted the FRS.
  7. Run an unattended dcpromo command to source Active Directory from the helper domain controller.

    For the new domain controller to perform its MD5 checksum compare with the domain controller whose outbound log has been changed, you must specify the name of the helper domain controller in the "ReplicationSourceDC=" parameter of the unattended dcpromo answer file. Include the path of the restored system state backup where you restored Active Directory in the "ReplicationSourcePath=" parameter. See the "Unattended answer file" section for command syntax. Type dcpromo /answer:filename. In this command, filename is the name of your unattended dcpromo answer file.

    To determine whether files in the SYSVOL tree are being moved in from the pre-staged folder on the local computer or are being replicated over the network from an upstream partner, set the registry value for Debug Log Severity to 4 on the computer that you are promoting. Check the registry value before you run the dcpromo command. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    221111  (http://support.microsoft.com/kb/221111/ ) Description of FRS entries in the registry
    To find all the files that were replicated from an upstream partner, type:
    findstr /I “RcsReceivingStageFile" NtFrs_000?.log

    To find all files that were sourced from the pre-staged system state backup, type:
    Findstr /I “(218)” NTFRS_000?.log
    The number of "(218)" strings that are found in the debug logs must match the number of files and folders in the SYSVOL replica set if this member has performed no other joins.

    You can use the List.exe tool in the Windows Server 2003 Resource Kit to view the output of the FRS debug logs.
  8. After the SYSVOL tree has replicated in and after the SYSVOL share exists, delete any remaining restored system files and folders.
  9. Reset the Outlog Change History In Minutes registry type back to the seven-day default on the helper domain controller.

Analyzing the Dcpromo.log and Dcpromoui.log files

IFM promotions can be identified in the Dcpromo.log and Dcpromoui.log files that are located in the %systemroot%\debug folder. This excerpt from a Dcpromo.log file shows an IFM promotion where the system state was restored to the C:\Ntdsrestore folder and then later sourced from the %systemroot%\debug folder.
MM/DD HH:MM:SS [INFO] Configuring the local domain controller to host Active Directory
MM/DD HH:MM:SS [INFO] Copying restored Active Dir.. files from C:\ntdsrestore\Active Dir...\ntds.dit to D:\WINDOWS\NTDS\ntds.dit…
MM/DD HH:MM:SS [INFO] Copying restored Active Dir..files from C:\ntdsrestore\Active Dir...\edb00002.log to D:\WINDOWS\NTDS\edb00002.log…
MM/DD HH:MM:SS [INFO] Active Dir.. is initializing the restored database files. This might take several minutes.
The following excerpt from a Dcpromoui.log file is less interesting, but the excerpt shows that an IFM promotion was performed.
dcpromoui 6D8.104 0452     Enter State::ReplicateFromMedia true

REFERENCES

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
832942  (http://support.microsoft.com/kb/832942/ ) You receive a "File Not Found" error message when you use DCPROMO /ADV to restore a system state

APPLIES TO
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Keywords: 
kbinfo KB311078
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support