Solved

AD Test Environment

Posted on 2013-12-09
4
250 Views
Last Modified: 2013-12-13
Experts,

My company was sold and we are migrating off their network to a new one.

I have created a new AD Forest (Win2008R2) in the same subnet and our servers and desktops have migrated successfully. This exists happily in the old subnet along with the old company's live AD domain we moved away from. With a little tweaking we have accounts and shares working pretty well. We now have to switch subnets away from them to a NAT one, 192.168.100.xxx. I'd like to test this move in advance.


I'd like to test in advance by moving a "disposable" DC that will be wiped after the test to a different physical network and use the NAT network. I'd bring over a couple "disposable" workstations and a "disposable" server. This will be using a different WAN connection and would be connected to the internet separately from the old network.

I took my "disposable" DC over to the NAT network but DNS and DHCP will not start. I assume because it doesn't see the GC, have the FSMO roles, or other needed pieces.

Is there an outline of steps I would want to perform to do this test, without taking down the two live DCs on the old subnet before I'm ready?


Thoughts?
0
Comment
Question by:bschatzman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39707334
When you move a DC's (PDC or BDC) to a total isolated network/environment, you need to Seize the roles to this machine in question...

Seizing domain roles...
http://support.microsoft.com/kb/255504

Once you have done this you also need to do a metadata cleanup
http://www.msserverpro.com/metadata-cleanup-using-ntdsutil-in-windows-server-2008-r2/

Make sure that your SRV records do not associate with your other domain controllers from your production network. You can simply go do the following...
- open DNS manager
- expand domain.com
- expand _msdcs
- expand the folders and delete any entries for old DC's that are not in your "test" environment. You do this for all SRV locations Kerberos, LDAP, GC etc

Will.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39708171
Ensure that correct dns setting is configured once the DC is moved to new network.
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Once the IP address is changed reboot the server for registration to take place corretly.You need to seize the fsmo role once done.Check the AD sites and services are set correctly as per n/w subnet.Verify the health of DC by dcdiag /q .You also need to remove the instances of other live DC which are not move else replication failure will occur.
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39708894
i am trying to understand your question, but i think you might need to configure sites and services and for DHCP you might need to configure DHCP relay agent
0
 

Author Closing Comment

by:bschatzman
ID: 39717626
This was exactly what I needed to do, and it was a success. The links were great. I'll be shutting down the test network and doing the real migration tonight. Thanks!

Bob
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question