Requirement of creating a new Active Directory severs from an existing one
I have one AD-DNS server (Windows 2008 R2 based) running in my production system.This AD-DNS server is having 10 Nos of sites connected to it under one forest.The forest is having 1 no. of domain under it.
It is having more than 100 nos of group policies and more than 100 OUs configured in it and more than 300 users.
I require to set up a test platform of the same configuration.But, I do not require all the sites, all the OUs and all the users to be configured in the Test System.
The test AD-DNS server is required for only user authentication and client application running purpose.I am running client applications which authenticate through the domain accounts.
I like to know what bare minimum requirement should I have in the sample test AD-DNS server so that I can run my test platform. If I have to create a new AD-DNS (via DC promo), what steps should I follow to meet my requirement.
It is having more than 100 nos of group policies and more than 100 OUs configured in it and more than 300 users.
I require to set up a test platform of the same configuration.But, I do not require all the sites, all the OUs and all the users to be configured in the Test System.
The test AD-DNS server is required for only user authentication and client application running purpose.I am running client applications which authenticate through the domain accounts.
I like to know what bare minimum requirement should I have in the sample test AD-DNS server so that I can run my test platform. If I have to create a new AD-DNS (via DC promo), what steps should I follow to meet my requirement.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The new domain option I've already outlined in my first post. It's just a few clicks and in my opinion it would be the simplest ans safest approach.
The second option - is any of your current domain controllers virtualized? If yes then simply clone it to new machine. Then connect to separate network sieze all FSMO roles to it and do a metadata cleanup to get rid of all domain controllers this one would not be able to contact. If your pdc is virtualized then you can clone it and then FSMO sieze will not be necessary. But metadata cleanup will still be necessary. Then you can do any AD related tasks on it. You'll have all accounts, gpo's already present.
But remember to never connect this clonned machine to production network.
The second option - is any of your current domain controllers virtualized? If yes then simply clone it to new machine. Then connect to separate network sieze all FSMO roles to it and do a metadata cleanup to get rid of all domain controllers this one would not be able to contact. If your pdc is virtualized then you can clone it and then FSMO sieze will not be necessary. But metadata cleanup will still be necessary. Then you can do any AD related tasks on it. You'll have all accounts, gpo's already present.
But remember to never connect this clonned machine to production network.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think clonning dc is ok as long as you assure it will never get connected to production network. Also this procedure is for 2012 dc or newer. Author mentioned he has 2008 r2 domain controller. But anyhow the simplest and safest method is to create separate active directory.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks all for the valuable feed back.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- Dariusz Tyka (https:#a42348255)
-- Peter Hutchison (https:#a42348965)
-- Shaun Vermaak (https:#a42349043)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- Dariusz Tyka (https:#a42348255)
-- Peter Hutchison (https:#a42348965)
-- Shaun Vermaak (https:#a42349043)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
ASKER
There are almost 300 users defined in the AD.This is running in production environment in Network A.
Now I want to have a replica of the same in a separate identical server with a few GPOs and 15 users defined in it. I do not require any site for replication from it.This will be created in a totally isolated network named Network B. Network A does not have any relation in any with Network B.
What is the way to achieve this? There are 2 option. I can create and AD (with dc promo) or I can restore the backup of the existing running production system in a separate identical server.
In both the cases can you tell me what steps I need to follow. I require the steps only.Details of how to do I will search and find out.