Active Directory

How to Create the IFM Image

Last Updated: May 6, 2023
2,580

Hello All,

Hope this post finds you in good health and spirit.

How to Create the IFM Image

Many of administrators not aware about IFM image so today we are going to explain about IFM(Install From Media). When we can use or promote the domain controller by using this option.in simple word, If your NTDS database size above 5 GB then you can use this feature as in my organization, The size of NTDS is 20 GB and its getting increasing day to day. We always install the domain controllers by unattended along with IFM image.

Windows Server 2008 and Windows Server 2008 R2 include an improved version of the Ntdsutil tool that you can use to create installation media for an additional domain controller. You can use Ntdsutil.exe to create installation media for additional domain controllers that you are creating in a domain. The IFM method uses the data in the installation media to install AD DS, which eliminates the need to replicate every object from a partner domain controller.

Features of using IFM to install a domain controller in a remote site

  • You can reduce the replication traffic that is initiated during the installation of an additional domain controller in an Active Directory domain. Reducing the replication traffic reduces the time that is necessary to install the additional domain controller.
  • You can install many domain controllers from a single source of installation media.
  • You do not have to disconnect a functioning domain controller from the replication topology. Therefore, you can avoid the disadvantages that are associated with a domain controller that does not replicate.
  • You can avoid having to either replicate the entire Active Directory replica over a wide area network (WAN) link or disconnect an existing domain controller while it is being shipped to the remote site.
  • If you enable Remote Desktop on the server before you ship it, you do not have to employ an administrator with Domain Admins credentials in the remote site. You can also use Remote Server Administration Tools (RSAT) to manage AD DS remotely.

IFM Prerequisites

  • You cannot use IFM to create the first domain controller in a domain. A Windows Server 2008–based domain controller must be running in the domain before you can perform IFM installations.
  • The media that you use to create additional domain controllers must be taken from a domain controller in the same domain as the domain of the new domain controller.
  • If the domain controller that you are creating is to be a global catalog server, the media for the installation must be created on an existing global catalog server in the domain.
  • To install a domain controller that is a Domain Name System (DNS) server, you must create the installation media on a domain controller that is a DNS server in the domain.
  • To create installation media for a full (writable) domain controller, you must run the ntdsutil ifm command on a writable domain controller that is running Windows Server 2008 or Windows Server 2008 R2.
  • To create installation media for a read-only domain controller (RODC), you can run the ntdsutil ifm command on either a writable domain controller or an RODC that runs Windows Server 2008 or Windows Server 2008 R2. For RODC installation media, Ntdsutil removes any cached secrets, such as passwords
  • You can use a 32-bit domain controller to generate installation media for a 64-bit domain controller; the reverse is also true. The ability to mix processor types for IFM installations is new in Windows Server 2008 and Windows Server 2008 R2.
  • The IFM process creates a temp database in the %TMP% folder. You need at least 110% of the size of the ADDS or ADLDS database free on the drive where the %TMP% folder is in order for the operation to succeed. You can redirect the %TMP% folder to another disk on the server in order to use more space.

To create the file, we will use the NTDSUtil command-line tool. By typing help at each of the following commands, you can see the available options that you can use.

IFM Creation steps

Open the command prompt with administrator privileges, type the ntdsutil command and press Enter.

Type Activate instance NTDS and press Enter.

Type IFM and press Enter.

To create media for a writable DC, type create full <-path>
To create media for an RODC, type create rodc <-path>
To create media with SYSVOL for a writable DC, type create sysvol full <-path>
To create media with SYSVOL for an RODC, type create sysvol rodc <-path>

Where <-path> type the location of the folder to create the file.

At this point, you will need to wait until the file creation is complete and see the message IFM media created successfully in C: \ IFM.

After this, press quit and then Enter to exit the NTDSUtil environment.

IFM Image

Open the IFM folder to confirm that the file is there.

IFM Image File Location

Then transfer the folder to the branch anyway you want, even with a removable disk.

Recommended content

RODC Installation Guide- Step by step guide to install read only domain controller

RODC Filtered Attribute Set

Installing and configuring a RODC in Windows Server-2012

How to find the GUID of Domain Controller

Understanding Group Policy Preferences

Group Policy Verification Tool GPOTool Exe

Group Policy Health Check on Specific Domain Controller

Netlogon Folder in Active Directory

Custom Attributes in Active Directory

Tombstone Lifetime of My Active Directory Forest

Computers AD Site From the Command Line

Active Directory Database Integrity

Disabling and Enabling the Outbound Replication

DFS Replication Service Stopped Replication

Strict Replication Consistency

The replication operation failed because of a schema mismatch between the servers involved

Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers

Replication information in txt file

Repadmin Replsummary

Enabling the outbound replication

Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo
Tags
Last Updated: May 6, 2023
2,580
Photo of Vipan Kumar

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno
Back to top button