Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
Requirement of creating a new Active Directory severs from an existing one
I have one AD-DNS server (Windows 2008 R2 based) running in my production system.This AD-DNS server is having 10 Nos of sites connected to it under one forest.The forest is having 1 no. of domain under it.
It is having more than 100 nos of group policies and more than 100 OUs configured in it and more than 300 users.
I require to set up a test platform of the same configuration.But, I do not require all the sites, all the OUs and all the users to be configured in the Test System.
The test AD-DNS server is required for only user authentication and client application running purpose.I am running client applications which authenticate through the domain accounts.
I like to know what bare minimum requirement should I have in the sample test AD-DNS server so that I can run my test platform. If I have to create a new AD-DNS (via DC promo), what steps should I follow to meet my requirement.
It is having more than 100 nos of group policies and more than 100 OUs configured in it and more than 300 users.
I require to set up a test platform of the same configuration.But, I do not require all the sites, all the OUs and all the users to be configured in the Test System.
The test AD-DNS server is required for only user authentication and client application running purpose.I am running client applications which authenticate through the domain accounts.
I like to know what bare minimum requirement should I have in the sample test AD-DNS server so that I can run my test platform. If I have to create a new AD-DNS (via DC promo), what steps should I follow to meet my requirement.
Asked:
3-
2
- +2
3 Solutions
I have one Active directory DNS server (Win server 2008 R2 based) and it is having one forest named abcd1234 and a domain pqrs.com under it. There are 7 RODC sites associated with the domain.There are > 100 GPOs and a lot of policies attached with GPOs.
There are almost 300 users defined in the AD.This is running in production environment in Network A.
Now I want to have a replica of the same in a separate identical server with a few GPOs and 15 users defined in it. I do not require any site for replication from it.This will be created in a totally isolated network named Network B. Network A does not have any relation in any with Network B.
What is the way to achieve this? There are 2 option. I can create and AD (with dc promo) or I can restore the backup of the existing running production system in a separate identical server.
In both the cases can you tell me what steps I need to follow. I require the steps only.Details of how to do I will search and find out.
There are almost 300 users defined in the AD.This is running in production environment in Network A.
Now I want to have a replica of the same in a separate identical server with a few GPOs and 15 users defined in it. I do not require any site for replication from it.This will be created in a totally isolated network named Network B. Network A does not have any relation in any with Network B.
What is the way to achieve this? There are 2 option. I can create and AD (with dc promo) or I can restore the backup of the existing running production system in a separate identical server.
In both the cases can you tell me what steps I need to follow. I require the steps only.Details of how to do I will search and find out.
The new domain option I've already outlined in my first post. It's just a few clicks and in my opinion it would be the simplest ans safest approach.
The second option - is any of your current domain controllers virtualized? If yes then simply clone it to new machine. Then connect to separate network sieze all FSMO roles to it and do a metadata cleanup to get rid of all domain controllers this one would not be able to contact. If your pdc is virtualized then you can clone it and then FSMO sieze will not be necessary. But metadata cleanup will still be necessary. Then you can do any AD related tasks on it. You'll have all accounts, gpo's already present.
But remember to never connect this clonned machine to production network.
The second option - is any of your current domain controllers virtualized? If yes then simply clone it to new machine. Then connect to separate network sieze all FSMO roles to it and do a metadata cleanup to get rid of all domain controllers this one would not be able to contact. If your pdc is virtualized then you can clone it and then FSMO sieze will not be necessary. But metadata cleanup will still be necessary. Then you can do any AD related tasks on it. You'll have all accounts, gpo's already present.
But remember to never connect this clonned machine to production network.
No, do NOT clone a domain controller. using normaly cloning routines. Microsoft have a new system to allow cloning, using the 'Clonable Domain Controllers' group and a DCCloneConfig.xml file. See the step by step instructions here:
https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012/
https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012/
I think clonning dc is ok as long as you assure it will never get connected to production network. Also this procedure is for 2012 dc or newer. Author mentioned he has 2008 r2 domain controller. But anyhow the simplest and safest method is to create separate active directory.
I like to know what bare minimum requirement should I have in the sample test AD-DNS server so that I can run my test platform.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- Dariusz Tyka (https:#a42348255)
-- Peter Hutchison (https:#a42348965)
-- Shaun Vermaak (https:#a42349043)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- Dariusz Tyka (https:#a42348255)
-- Peter Hutchison (https:#a42348965)
-- Shaun Vermaak (https:#a42349043)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
Would you like to run this domain in separate isolated environment or in the same network?