Requirement of creating a new Active Directory severs from an existing one

I have one AD-DNS server (Windows 2008 R2 based) running in my production system.This AD-DNS server is having 10 Nos of sites connected to it under one forest.The forest is having 1 no. of domain under it.

It is having more than 100 nos of group policies and more than 100 OUs configured in it and more than 300 users.

I require to set up a test platform of the same configuration.But, I do not require all the sites, all the OUs and all the users to be configured in the Test System.

The test AD-DNS server is required for only user authentication and client application running purpose.I am running client applications which authenticate through the domain accounts.

I like to know what bare minimum requirement should I have in the sample test AD-DNS server so that I can run my test platform. If I have to create a new AD-DNS (via DC promo), what steps should I follow to meet my requirement.
Member_2_7964709Senior EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dariusz TykaICT Infrastructure Specialist Senior Commented:
If you want to setup new domain the whole process is quite simple - run dcpromo on new server, choose to create a new domain i a new forest, type the name of new domain, check for this new DC to be DNS and global catalog server and that's it. All necessary roles will be added automatically. It is also a good practice to configure this DC to sync its time with external time source. If necessary you may configure 2-way trust between your old and new (test) domain. Depending on your current DHCP config you may need to manually configure test client computers DNS settings to be able to join then to new domain.
Would you like to run this domain in separate isolated environment or in the same network?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Member_2_7964709Senior EngineerAuthor Commented:
I have one Active directory DNS server (Win server 2008 R2 based) and it is having one forest named abcd1234 and a domain pqrs.com under it. There are 7 RODC sites associated with the domain.There are > 100 GPOs and a lot of policies attached with GPOs.
There are almost 300 users defined in the AD.This is running in production environment in Network A.

Now I want to have a replica of the same in a separate identical server with a few GPOs and 15 users defined in it. I do not require any site for replication from it.This will be created in a totally isolated network named Network B. Network A does not have any relation in any with Network B.

What is the way to achieve this? There are 2 option. I can create and AD (with dc promo) or I can restore the backup of the existing running production system in a separate identical server.
In both the cases can you tell me what steps I need to follow. I require the steps only.Details of how to do I will search and find out.
Dariusz TykaICT Infrastructure Specialist Senior Commented:
The new domain option I've already outlined in my first post. It's just a few clicks and in my opinion it would be the simplest ans safest approach.
The second option - is any of your current domain controllers virtualized? If yes then simply clone it to new machine. Then connect to separate network sieze all FSMO roles to it and do a metadata cleanup to get rid of all domain controllers this one would not be able to contact. If your pdc is virtualized then you can clone it and then FSMO sieze will not be necessary. But metadata cleanup will still be necessary. Then you can do any AD related tasks on it. You'll have all accounts, gpo's already present.
But remember to never connect this clonned machine to production network.
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Learn More!
Peter HutchisonSenior Network Systems SpecialistCommented:
No, do NOT clone a domain controller. using normaly cloning routines. Microsoft have a new system to allow cloning, using the 'Clonable Domain Controllers' group and a DCCloneConfig.xml file. See the step by step instructions here:

https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012/
Dariusz TykaICT Infrastructure Specialist Senior Commented:
I think clonning dc is ok as long as you assure it will never get connected to production network. Also this procedure is for 2012 dc or newer. Author mentioned he has 2008 r2 domain controller. But anyhow the simplest and safest method is to create separate active directory.
Shaun VermaakTechnical SpecialistCommented: 
I like to know what bare minimum requirement should I have in the sample test AD-DNS server so that I can run my test platform.

Open in new window

It should be like-for-like otherwise it will always be "but it works on my computer/environment"
Member_2_7964709Senior EngineerAuthor Commented:
Thanks all for the valuable feed back.
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- Dariusz Tyka (https:#a42348255)
-- Peter Hutchison (https:#a42348965)
-- Shaun Vermaak (https:#a42349043)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Pber
Experts-Exchange Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.