How to restore active directory???

i have a brand new server for R&D that i want to place my current active directory on in order to have an up to date R&D network.  i used ntbackup to backup the system state on the production server.  how do i restore this to my new R&D server??
amoosAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

amoosAuthor Commented:
do i go ahead and run dcpromo and make it a domain controller and then restore the backup of AD??  also the server name, ip, etc are exactly the same as the production server
0
Mike KlineCommented:
I'm not following,  you have a production environment and a R&D environment.  
Are you trying to get a copy of your production AD into your R&D environment?
Thanks
Mike
0
amoosAuthor Commented:
yes i am trying to make my R&D enviornment the same as my production enviornment.  sorry to confuse you.  the two enviornments are completely separated so there will be no interference with anything in production
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Mike KlineCommented:
Ok that is what I thought you were trying to do.
You could dcpromo the box in production like you said.  Then you take it off and put that in the R&D test lab.
Since you won't be demoting that box gracefully out of your production you would have to run a metadata cleanup for that box in your production domain (that will remove the DC)
http://support.microsoft.com/kb/216498
In the lab you will also want to seize the FSMO roles
http://support.microsoft.com/kb/255504
 Thanks
Mike
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
amoosAuthor Commented:
ok i am a little confused.  the server that i have that is completely new is not on the production network.  it is a stand alone box.  the only thing on it right now is server 2003 R2 enterprise edition and all the updates.  the backup that i have from ntbackup is the backup of the system state from the primary domain controller that is in production.

can i run dcpromo on the new server and then run ntbackup and restore AD through the backup that i made on the production server??
0
Mike KlineCommented:
Is it the same hardware as your current DC in production?
0
amoosAuthor Commented:
no the production DC is an IBM server and the R&D server is dell.  the hardware is different on both.  does this mean i cannot restore active directory to the R&D server??
0
Mike KlineCommented:
It just makes it much harder
http://technet.microsoft.com/en-us/library/bb727048.aspx
See section: Considerations for restoring onto different hardware  
See #2 in this thread http://www.petri.co.il/forums/showthread.php?t=4628 that is what I was also saying.
Thanks
Mike
 
0
amoosAuthor Commented:
thank you for the links.  i have read them both.  i am just confused on what to do or what process to follow.  i have heard that you can run dcpromo and then run ntbackup and restore AD that way, i have heard that you can use backup exec and restore AD that way, i have read the microsoft support docks and their way is different.  i do not know which one to follow to get it right.

i honestly did not think that it would be that hard to do.  is there anyway you could give me a process to follow to restore AD to my R&D server??

thank you so much for your help
0
Mike KlineCommented:
It's just the different hardware that is the issue.
What I'd do is what Guy suggested (seems long but not that bad)
 
 dcpromo a new DC in production
- make the new DC a GC
- install DNS on the new DC
- disconnect the new DC from production network
- clean up the DC's metadata in production environment

- put the disconnected DC in a separate VLAN
- seize the FSMO roles
- in the test environment perform metadata cleanup to remove the production DCs from test environment.
- update the sites&subnets info to reflect the new test subnet layout



 
0
amoosAuthor Commented:
the only thing that bothers me is that i have not done a restore this way and i do not want to introduce a new server into my production enviornment and then have problems, because i do not know how to clean up the metadata or seize the FSMO roles.

any other ideas??

thank you so much for your help
0
uryausVice President / ISCommented:
amoos,

Just a clarification.
For AD data, you do not backup & restore like shared document files.
The reason mklink71 suggests the long way over "backup restore" is that AD data will be automatically shared once a server is promoted (dcpromo) to a DC.
This is why mklink71 suggests above to connect your new server to the production environment and promote to a DC.
This gets the AD data transferred to the new server.
Of course, in order for the server to stand independent in R&D network, you have to follow his other steps to add/remove functions.

I think the confusion was how AD data is stored.
I hope this helps.

    Urya
0
Mike KlineCommented:
...and another clarification you would be seizing the roles in the lab, no seizing in production
Thanks
Mike
 
0
snusgubbenCommented:
Just a shot from the hips:

Is your production DC a 2003 R2 server? If not you have to extend the schema if you follow Mike's suggestion (that's the easiest way to go). Also you can't run a system state backup from a 2003 server and restore it to a 2003 R2 server.


SG
0
amoosAuthor Commented:
can i run system state backup from a 2003 R2 enterprise edition server and restore it to a 2003 R2 enterprise edition server???

awesome help

let me explain what i am trying to as a whole.  i have 2 R&D servers, one is a domain controller that is 100% the same as the production one right now except i need the copy od AD from production and i have one exchange server that is 100% the same as the production exchange server minus the production database.

what i need to do is restore a exchange database from the past onto the R&D server so i can see inside a mailbox for security purposes.  that is what my overall goal is
0
snusgubbenCommented:
>can i run system state backup from a 2003 R2 enterprise edition server and restore it to a 2003 R2 enterprise edition server???

Yes you can as long as both are R2.

>awesome help

Please...

From what I've read you have one IBM and one Dell with different HW components. You can take a system state from the prod DC and restore it to your stand alone. You don't have to run dcpromo before restoring, but I would do that because then you'll run the restore from DSRM.

You will run into problems with different HAL's that you'll have to deal with. That's Mike's clue and recomends you to just add the new server as an additional DC to your production and let the automatic replication service do the "restore" job for you. When the replication is finished, it takes less then 30 minutes to remove the traces of it.
0
amoosAuthor Commented:
this might be a dumb question.  but can i take the Hal.dll file from the ibm server and put it on the dell server??
0
amoosAuthor Commented:
ok i want to do this the way that mike said to do this.  i do not know exactly how to do this.  is there anyway that one of you could give me step by step instructions on how to do this the way that mike said to??  this is what he suggested. i put my questions in parenthesis of what i need help on

 dcpromo a new DC in production
- make the new DC a GC
- install DNS on the new DC
- disconnect the new DC from production network
- clean up the DC's metadata in production environment (how do i clean up the metadata??)

- put the disconnected DC in a separate VLAN
- seize the FSMO roles (how do i seize the FSMO roles??)
- in the test environment perform metadata cleanup to remove the production DCs from test environment. ( how do i do this on disconnected DC???)
- update the sites&subnets info to reflect the new test subnet layout (i just want to put it on another switch that is a baseline and not in production, do i have to still update the sites and subnets?? if so how??)

you guys are wonderful.  thank you so much
0
amoosAuthor Commented:
ok i looked at the support links that mike gave me and in them it is stating that i have to do the metadata cleanup while the new server is still in production.  is this true??  i thought i did that after it was out of production.
0
Mike KlineCommented:
No, it doesn't have to be online
Another good link that may be easier to follow
http://msmvps.com/blogs/ad/archive/2008/12/17/how-to-remove-a-failed-or-offline-dc.aspx
So I'm guessing that exchange mailbox or specific mail that you are looking for is long gone from production and that is why you need all this.
Thanks
Mike
0
amoosAuthor Commented:
thank you for the link.  yes it is easier to follow.  and yes i need all of this so i can get into one mailbox.  in the link that you gave me do i have to run this on both servers??  the new one and the production one???

can i run this on the new one once it is no longer connectted to the production network??

do i have to run this on the production network while the new one is still online??

if i do this will i mess up my production network by doing this??

great help thank you
0
snusgubbenCommented:
You have to run a metadata cleanup on both servers.

1. You run it on the new one after you have moved it to the test VLAN
2. You run it on the prod after the new one is moved away
3. It will not mess up the production environment, but take a system state backup before you add the new DC. You manually have to delete the "new DC object" from Sites and Services.

When you have moved the new one to the test VLAN, sieze the FSMO from the "offline" role holder, the prod.DC: http://www.petri.co.il/seizing_fsmo_roles.htm


SG



0
amoosAuthor Commented:
what about doing a csvde export from active directory and then doing a csvde import into the active directory on the new server??
0
Mike KlineCommented:
A csvde export/imort will add the accounts to your new AD but if you are taking the DC from production into the lab you won't need that becasue the accounts will be there.
Thanks
Mike
0
amoosAuthor Commented:
ok i am going to try what you suggested.  i will post back soon.  thank you so much for your help.  it is greatly appreciated
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.