Jaa


ifm

 

Applies To: Windows Server 2008, Windows Server 2012, Windows 8

Creates installation media for writable (full) domain controllers, read-only domain controllers (RODCs), and instances of Active Directory Lightweight Directory Services (AD LDS).

This is a subcommand of Ntdsutil and Dsdbutil. Ntdsutil and Dsdbutil are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. Ntdsutil is available if you have the Active Directory Domain Services (AD DS) or AD LDS server role installed. Dsdbutil is available if you have the AD LDS server role installed. These tools are also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (https://go.microsoft.com/fwlink/?LinkID=177813).

To use either of these tools, you must run them from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

Before you run ifm, you must set an active instance of a directory that Ntdsutil is to use. You can either specify "ntds" to set AD DS as the active instance or you can specify the name of an AD LDS instance. For more information about how to set an active instance, see Ntdsutil.

For more information, see Installing AD DS from Media (https://go.microsoft.com/fwlink/?LinkID=132630).

For examples of how to use this command, see Examples.

Syntax

ifm {create full %s | create full nodefrag %s | create rodc %s | create sysvol full %s | create sysvol full nodefrag %s | create sysvol rodc %s} [quit]

Parameters

Parameter

Description

create full %s

Creates installation media for a writable Active Directory domain controller or an AD LDS instance in the %s folder. You can specify only this parameter for an AD LDS instance.

create full nodefrag %s

Creates installation media without defragmentation for a writable Active Directory domain controller or an AD LDS instance in the %s folder. You can specify only this parameter for an AD LDS instance.

create rodc %s

Creates installation media for an RODC in the %s folder. You can use this command only with AD DS.

Create Sysvol Full %s 

In order for the additional domain controller to use the SYSVOL folder on the IFM media as a replication source during the installation, you must run this command on a domain controller that runs Windows Server 2008 with SP2 or later or Windows Server 2008 R2.

Creates installation media for a writable domain controller with SYSVOL in the %s folder.

Create Sysvol Full Nodefrag %s

Creates installation media without defragmentation for a writable domain controller with SYSVOL in the %s folder.

Create Sysvol RODC %s 

In order for the additional domain controller to use the SYSVOL folder on the IFM media as a replication source during the installation, you must run this command on a domain controller that runs Windows Server 2008 with SP2 or later or Windows Server 2008 R2.

Creates installation media for an RODC with SYSVOL in the %s folder.

quit

Returns to the prior menu.

Help

Displays Help for this command.

?

Displays Help for this command.

Remarks

  • For more about generating installation media and using it to install an additional domain controller, see Installing an Additional Domain Controller by Using IFM (https://go.microsoft.com/fwlink/?LinkId=185231).

  • You can run the ifm subcommand on a writable domain controller to create installation media for an RODC. Ntdsutil removes any cached secrets, such as passwords, from RODC installation media. You can also create installation media for an RODC by running the ifm subcommand on another RODC in that domain. However, to generate installation media for a writable domain controller, you must use another writable domain controller as the source of the installation media.

  • You cannot run the ifm subcommand on a domain controller that runs Windows Server 2003. You cannot use a domain controller that runs Windows Server 2003 to create installation media for a domain controller that runs Windows Server 2008, or the reverse.

  • You can use a 32-bit domain controller that runs Windows Server 2008 to generate installation media for a 64-bit domain controller that runs Windows Server 2008, and the reverse.

  • If the folder name contains spaces, enclose the path to the folder within quotation marks.

  • The full AD DS installation media includes the registry.

  • The AD LDS installation media includes only the Adamntds.dit file in the specified folder.

  • When you create installation media for a domain controller, the ifm subcommand stores the installation media in a subfolder named Active Directory after the subcommand completes. You must specify this same subfolder name when you install AD DS on another domain controller.

  • The IFM process creates a temp database in the %TMP% folder. You need at least 110% of the size of the AD DS or AD LDS database free on the drive where the %TMP% folder is in order for the operation to succeed. You can redirect the %TMP% folder to another disk on the server in order to use more space.

  • Ntdsutil does not correctly handle special characters, such as the apostrophe character ('), that you can enter at the ntdsutil: prompt at the command line. In some situations, there may be an alternative workaround. For more information, see local roles.

Examples

The following example creates RODC installation in a folder named Installation Media on drive C:

create rodc "C:\Installation Media"

The following example creates writable domain controller installation media in a folder named InstallationMedia on drive C:

create full C:\InstallationMedia

The following example creates writable domain controller installation media without defragmentation in a folder named InstallationMedia on drive C:

create full nodefrag C:\InstallationMedia

Additional references

Command-Line Syntax Key

Dsdbutil

Ntdsutil

authoritative restore

configurable settings

DS behavior

files

group membership evaluation

LDAP policies

local roles

metadata cleanup

partition management

roles

security account management

semantic database analysis

set DSRM password

snapshot