Solved

Best way to setup an active directory test environment in windows azure from 2008 r2 domain

Posted on 2014-12-10
5
625 Views
Last Modified: 2015-01-13
Experts,

I set up a sandbox in windows azure with a new forest with 4 domains for the purposes of testing a migration plan.  None of these domains exist in our live environment yet, so I just created several new 2008 r2 VM's and promoted them to domain controllers as I went.  

I would also like to have a copy of our actual  live single domain created on the same virtual network which is totally isolated from our live environment. This domain  would be in it's own forest and then I would create trusts between it and the new forest I created and use the ADMT tool for testing.

Truth be told, I have never had to do a full restore of active directory before, and with the added challenge of this being through windows azure where I won't actually have access to the console, I am unsure how to proceed.  

Suggestions?
0
Comment
  • 3
  • 2
5 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40491962
In your scenario, azure doesn't really change things9 from a management perspective. You are working with VMs on hyper-V. Azure just means they sit on servers you don't own in a data center you don't directly control.

The restore process, however, is more problematic. Because you want full isolation, the easiest method of stretching your network into azure and adding a new DC is not available to you. Instead, I think the best path for you is to start with an isolated on-premises hyper-V network. Back up the love machines you want and then restore them to new hyper-V VMs (where you do have access to the console) and then you can either stretch the new isolated network to azure (so they are linked, but isolated from your live network) or upload the VHDs into azure where the VMs can then run directly in azure.

While the process isn't overly difficult, neither is it truly one-click restoring either. Unfortunately an easier path has not come to mind.
0
 

Author Comment

by:BostonSemiEquipment-IT
ID: 40492006
Firstly,  I should note we are not using hyper-v at all on-premises but a mix of physical and vmware.  

If I understand you correctly you are saying that I could use a backup/restore utilizing what, windows server backup on 2008? and then spin up a hyper-v VM on premises but isolated from the other DC's.  From that point I would just shut down the VM and upload the VHD file to azure?

Any articles or step by steps for a hyper-v beginner?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40492018
Windows server backup would definitely do the job, and does support backing up AD as part of the system state.

As far as finding an article, I am mobile at the moment so don't have my notes readily available nor search. But I know the azure team has written blog posts on uploading VHDs and custom images. A quick search should churn them up. I'll follow up tomorrow if I get some time and if you haven't found them yet.
0
 

Author Comment

by:BostonSemiEquipment-IT
ID: 40492152
I have one other idea I thought I would run by you and the other experts.  I already have a DC in azure that is in a virtual network which has site-to-site VPN with our physical network.  If I were to create a new 2008 r2 VM in that virtual network, wait for replication to occur then shut the machine down, delete the vm using the "keep the attached disk" option,  I could create a new VM in the isolated sandbox virtual network but use the image from the deleted VM.

Thoughts?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40492185
There'd be some cleanup from the replication and missing DCs. But that is effectively doing the VHD process I already mentioned. It should work.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now