Jan 02

Powershell Script: Create Install From Media (IFM) Set for DCPromo /ADV IFM Option

If you want to really speed up a DCPromo, there’s not much you can do once it has starts. However, you can use the DCPromo /adv Install From Media (IFM) option.  Using the IFM option when promoting a new DC in the same domain (has to be the same domain since this effectively takes a snapshot of the domain partition & SYSVOL if selected) speeds up to promotion process since all the domain data is local. Any new data added to the AD domain after the IFM media set was created will automatically be pulled by the new DC as part of AD replication. This is a great option for promoting DCs with low bandwidth (though it doesn’t help with the Global Catalog).

NOTE: The IFM media set has to be used before the tombstone lifetime age is reached. This means that if the AD domain’s tombstone lifetime is 180 days, the IFM media set is only good for ~180 days after it is created.

Make sure you create the IFM media set on a DC with the same OS and service pack level as the new one you are installing (run ntdsutil ifm on a Windows Server 2008 R2 DC when promoting a new Windows Server 2008 R2 server to be a DC). This will prevent general weirdness…

The first step in this is, obviously, to create the IFM media set. Here’s a Powershell script to do this for you.

$Mode = "Full" ## Set to this when promoting to a fully writable DC
$Mode = "RODC" ## Set to this when promoting to a Read Only DC

$IFMPath = "c:\temp\IFM" ## This is where the IFM media set will be created

write-output "Creating the IFM media set..." `r
write-output "This process can take about 15 minutes" `r

$IFMResult = ntdsutil "activate instance ntds" ifm "create sysvol $Mode $IFMPath" q q q

write-output "Creation of the IFM media set is complete..." `r
write-output "The result of this operation is:" `r

IF ($IFMResult -like "*IFM media created successfully*")
{ ## OPEN IF IFMResult was successful
write-output "The script successfully created the IFM Media Set and will now copy it to the specified network destination." `r
$Success = "True"
} ## CLOSE IF IFMResult was successful

You can remove “sysvol” from the $IFMResult line if you don’t want the IFM media set to include SYSVOL data. If you do remove SYSVOL data from the IFM, the new DC will have to pull all SYSVOL data from a replication partner across the network.

Once this has completed successfully, run DCPromo /ADV and then when the wizards asks select Replicate data from media and enter the IFM file location ($IFMPath).


1 comment

  1. Dmitry

    Hi Sean.

    Good script, thank you.
    It works fine for me after I removed explicit ‘q’ in following line:
    ‘$IFMResult = ntdsutil “activate instance ntds” ifm “create sysvol $Mode $IFMPath” q q q’


Comments have been disabled.