Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.
Requirement of creating a new Active Directory severs from an existing one
I have one AD-DNS server (Windows 2008 R2 based) running in my production system.This AD-DNS server is having 10 Nos of sites connected to it under one forest.The forest is having 1 no. of domain under it.
It is having more than 100 nos of group policies and more than 100 OUs configured in it and more than 300 users.
I require to set up a test platform of the same configuration.But, I do not require all the sites, all the OUs and all the users to be configured in the Test System.
The test AD-DNS server is required for only user authentication and client application running purpose.I am running client applications which authenticate through the domain accounts.
I like to know what bare minimum requirement should I have in the sample test AD-DNS server so that I can run my test platform. If I have to create a new AD-DNS (via DC promo), what steps should I follow to meet my requirement.
It is having more than 100 nos of group policies and more than 100 OUs configured in it and more than 300 users.
I require to set up a test platform of the same configuration.But, I do not require all the sites, all the OUs and all the users to be configured in the Test System.
The test AD-DNS server is required for only user authentication and client application running purpose.I am running client applications which authenticate through the domain accounts.
I like to know what bare minimum requirement should I have in the sample test AD-DNS server so that I can run my test platform. If I have to create a new AD-DNS (via DC promo), what steps should I follow to meet my requirement.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If you want to setup new domain the whole process is quite simple - run dcpromo on new server, choose to create a new domain i a new forest, type the name of new domain, check for this new DC to be DNS and global catalog server and that's it. All necessary roles will be added automatically. It is also a good practice to configure this DC to sync its time with external time source. If necessary you may configure 2-way trust between your old and new (test) domain. Depending on your current DHCP config you may need to manually configure test client computers DNS settings to be able to join then to new domain.
Would you like to run this domain in separate isolated environment or in the same network?
Would you like to run this domain in separate isolated environment or in the same network?
I have one Active directory DNS server (Win server 2008 R2 based) and it is having one forest named abcd1234 and a domain pqrs.com under it. There are 7 RODC sites associated with the domain.There are > 100 GPOs and a lot of policies attached with GPOs.
There are almost 300 users defined in the AD.This is running in production environment in Network A.
Now I want to have a replica of the same in a separate identical server with a few GPOs and 15 users defined in it. I do not require any site for replication from it.This will be created in a totally isolated network named Network B. Network A does not have any relation in any with Network B.
What is the way to achieve this? There are 2 option. I can create and AD (with dc promo) or I can restore the backup of the existing running production system in a separate identical server.
In both the cases can you tell me what steps I need to follow. I require the steps only.Details of how to do I will search and find out.
There are almost 300 users defined in the AD.This is running in production environment in Network A.
Now I want to have a replica of the same in a separate identical server with a few GPOs and 15 users defined in it. I do not require any site for replication from it.This will be created in a totally isolated network named Network B. Network A does not have any relation in any with Network B.
What is the way to achieve this? There are 2 option. I can create and AD (with dc promo) or I can restore the backup of the existing running production system in a separate identical server.
In both the cases can you tell me what steps I need to follow. I require the steps only.Details of how to do I will search and find out.
The new domain option I've already outlined in my first post. It's just a few clicks and in my opinion it would be the simplest ans safest approach.
The second option - is any of your current domain controllers virtualized? If yes then simply clone it to new machine. Then connect to separate network sieze all FSMO roles to it and do a metadata cleanup to get rid of all domain controllers this one would not be able to contact. If your pdc is virtualized then you can clone it and then FSMO sieze will not be necessary. But metadata cleanup will still be necessary. Then you can do any AD related tasks on it. You'll have all accounts, gpo's already present.
But remember to never connect this clonned machine to production network.
The second option - is any of your current domain controllers virtualized? If yes then simply clone it to new machine. Then connect to separate network sieze all FSMO roles to it and do a metadata cleanup to get rid of all domain controllers this one would not be able to contact. If your pdc is virtualized then you can clone it and then FSMO sieze will not be necessary. But metadata cleanup will still be necessary. Then you can do any AD related tasks on it. You'll have all accounts, gpo's already present.
But remember to never connect this clonned machine to production network.
No, do NOT clone a domain controller. using normaly cloning routines. Microsoft have a new system to allow cloning, using the 'Clonable Domain Controllers' group and a DCCloneConfig.xml file. See the step by step instructions here:
https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012/
https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012/
I think clonning dc is ok as long as you assure it will never get connected to production network. Also this procedure is for 2012 dc or newer. Author mentioned he has 2008 r2 domain controller. But anyhow the simplest and safest method is to create separate active directory.
I like to know what bare minimum requirement should I have in the sample test AD-DNS server so that I can run my test platform.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- Dariusz Tyka (https:#a42348255)
-- Peter Hutchison (https:#a42348965)
-- Shaun Vermaak (https:#a42349043)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- Dariusz Tyka (https:#a42348255)
-- Peter Hutchison (https:#a42348965)
-- Shaun Vermaak (https:#a42349043)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
Premium Content
You need an Expert Office subscription to comment.Start Free Trial