?
Solved

AD Test Environment

Posted on 2013-12-09
4
Medium Priority
?
251 Views
Last Modified: 2013-12-13
Experts,

My company was sold and we are migrating off their network to a new one.

I have created a new AD Forest (Win2008R2) in the same subnet and our servers and desktops have migrated successfully. This exists happily in the old subnet along with the old company's live AD domain we moved away from. With a little tweaking we have accounts and shares working pretty well. We now have to switch subnets away from them to a NAT one, 192.168.100.xxx. I'd like to test this move in advance.


I'd like to test in advance by moving a "disposable" DC that will be wiped after the test to a different physical network and use the NAT network. I'd bring over a couple "disposable" workstations and a "disposable" server. This will be using a different WAN connection and would be connected to the internet separately from the old network.

I took my "disposable" DC over to the NAT network but DNS and DHCP will not start. I assume because it doesn't see the GC, have the FSMO roles, or other needed pieces.

Is there an outline of steps I would want to perform to do this test, without taking down the two live DCs on the old subnet before I'm ready?


Thoughts?
0
Comment
Question by:bschatzman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39707334
When you move a DC's (PDC or BDC) to a total isolated network/environment, you need to Seize the roles to this machine in question...

Seizing domain roles...
http://support.microsoft.com/kb/255504

Once you have done this you also need to do a metadata cleanup
http://www.msserverpro.com/metadata-cleanup-using-ntdsutil-in-windows-server-2008-r2/

Make sure that your SRV records do not associate with your other domain controllers from your production network. You can simply go do the following...
- open DNS manager
- expand domain.com
- expand _msdcs
- expand the folders and delete any entries for old DC's that are not in your "test" environment. You do this for all SRV locations Kerberos, LDAP, GC etc

Will.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39708171
Ensure that correct dns setting is configured once the DC is moved to new network.
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Once the IP address is changed reboot the server for registration to take place corretly.You need to seize the fsmo role once done.Check the AD sites and services are set correctly as per n/w subnet.Verify the health of DC by dcdiag /q .You also need to remove the instances of other live DC which are not move else replication failure will occur.
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39708894
i am trying to understand your question, but i think you might need to configure sites and services and for DHCP you might need to configure DHCP relay agent
0
 

Author Closing Comment

by:bschatzman
ID: 39717626
This was exactly what I needed to do, and it was a success. The links were great. I'll be shutting down the test network and doing the real migration tonight. Thanks!

Bob
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month11 days, 5 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question