RE: [ActiveDir] Migrating AD to a lab

[Brian Desmond]

This won’t work. The IFM process requires communicating with and replicating deltas from a live DC as part of the IFM promotion process…   Thanks, Brian Desmond [EMAIL PROTECTED]   c - 312.731.3132     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, March 15, 2006 1:07 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migrating AD to a lab   Thanks for the pointer’s everyone. How about this as a technique?   1.) Install NTbackup on on of my Operational DC’s 2.) Backup the System State/AD directory to a file 3.) Get that data into the lab and DCPROMO the lab DC using the read from media option 4.) Seize the FSMO roles to the lab dc 5.) NTDSUTIL the old DC info out. Not critical as the lab is going to exist for +/- 7 days   Regards Peter Johnson   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: 13 March 2006 21:35 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migrating AD to a lab   I find that it’s much better to add DNS afterward. Metadata clean up is not too bad these days and should get even better. DNS cleanup is a royal pain in the backside especially if you have a large number of sites. Scavenging can help if you have the time to let it kick in, but if you want to get up and running as fast as possible, it’s much cleaner to create a fresh version of the relevant zones and let auto registration occur naturally.   Wook   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: Saturday, March 11, 2006 2:52 PM To: ActiveDir@mail.activedir.org Subject: RE : [ActiveDir] Migrating AD to a lab   Hello Phil,   I'm interested about your method.. When u put this VM into test environnement, how do u deal with DNS ? Can dns be installed *after*  the introduction of the DC/GC VM ?   Thanks for clarificaition,   Yann   De: [EMAIL PROTECTED] de la part de Phil Renouf Date: sam. 11/03/2006 21:23 À: ActiveDir@mail.activedir.org Objet : Re: [ActiveDir] Migrating AD to a lab The way I like to deal with this (and I think it's been suggested by someone else here before) is to bring up a VM into production, promote it to be a DC/GC then turn it off. Make a copy of the VM and put that into the lab, then bring the original VM back online and DCPromo it back to a member server so that it cleans itself out of AD.   Also, I like to reset all the passwords of all the accounts if possible; scripting this is a good way to do it. At the very least change the admin/service accounts.   Phil   On 3/11/06, Ulf B. Simon-Weidner <[EMAIL PROTECTED]> wrote:  Hello Peter,   it depends on what you intend to test in your lab. Since lab security is usually more relaxed than production security (e.g. external employees getting domain admin access to test scripts or whatever) I wouldn't want my user-accounts (and worse - service and admin accounts) in the lab with their real passwords. If you just want the structure you can use the scripts provided with GPMC, and export/import user data without passwords using csvde. I'd just put the stuff in the lab you need there, e.g. if you just want to test GPOs the OU-Structure and some test accounts would be sufficient, if you want to test scripting for modifying users or provisioning you might need some more data.   Pulling some backup / introducing another DC / pulling drives of a RAID-mirror are valid solutions if you need production data. I'd do a imaging-backup or pulling/replacing a drive if I have the same hardware. Also keep in mind that virtualisation is a valid solution, you can use P2V in VMWare or Virtual Server Migration Tool in VS. Virtualisation also provides you with the logical splitting of the production network to the test network, while still being able to access the test environment from any production machine. I've started to like to put my test-environment in the datacenter (well protected) and access it of my workplace.   This is another important point: I've also found that I was lazily considering if I should go in the room with the test equipment when I knew I have to be back at my workplace soon or expected some important emails. Being able to access the test environment from the desk enables me more often to use the test environment when testing a script or something. If the test environemnt is physical I was sometimes putting a RDP-enabled workstation with two legs in between, so I was able to RDP to the workstation and then RDP into the test environment. And multimonitor at the primary desk also provides a great gain in productivity - e.g. RDP Fullscreen on the second monitor.   Just my 0,02€   Gruesse - Sincerely, Ulf B. Simon-Weidner   MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz   Weblog: http://msmvps.org/UlfBSimonWeidner   Website: http://www.windowsserverfaq.org   Profile:    http://mvp.support.microsoft.com/profile="">        From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Peter Johnson Sent: Saturday, March 11, 2006 4:57 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Migrating AD to a lab   Hi all I was wondering, after finally got management buy in to build a lab, what the easist way is to get my domain info migrated into the lab for the purposes of testing dev etc? Do I simply Dcpromo a new box and then cut it off from the domain and NTDSUTIL it out or do I do  a state recoverey from my Tivoli backups? Anyone got any ideas/pointers etc. Thanks & greetings from a chill server room in Johannesburg South Africa. Peter Johnson