Me too! I've used the method described here quite a lot... After you remove the "lab" DC from your production domain, make sure you remove all traces of it... Microsoft has a .vbs script that can help with this -- it's called "metacleaner.vbs"...
Good luck! Kenny Morris, MCSDB, MCSE 2000/NT, MCSA, MCP+I, A+ Manager of Network Services CRC Insurance Services, Inc. 205-414-2366 -----Original Message----- From: Don Guyer [mailto:[email protected]] Sent: Wednesday, January 28, 2009 8:42 AM To: Active Directory Admin Issues Subject: RE: Copy of the production Active Directory from a live DC to a tes DC I've done the promote/isolate method many times. You'll get to know ADSIedit and ntdsutil very well. :^) Don Guyer Systems Engineer Information Services Prudential Fox Roach/ Trident 431 W. Lancaster Avenue Devon, PA 19333 Ph: (610) 993-3299 Fax: (610) 650-5306 www.prufoxroach.com [email protected] -----Original Message----- From: Brown, Ken F. [mailto:[email protected]] Sent: Wednesday, January 28, 2009 9:37 AM To: Active Directory Admin Issues Subject: RE: Copy of the production Active Directory from a live DC to a tes DC Saw other posts about this... If you replicate a DC (by whatever method) - make sure it has DNS on it...and after it is in the isolated environment, seize all the roles. If you can't make a 'snap shot' of an existing DC (using whatever method you prefer) then you can always fall back to the tried-and-true method (I've done these high-level steps with physical hardware {desktop's running server OS} and virtual technology): Build the server OS (make sure it has DNS on it!) Promote it to become a DC Mark is as a global catalog server Let it replicate all the data (AD/SYSVOL/GC data) Take it off the production network Clean up production (metadata cleanup - see technet articles) In the ISOLATED environment (NEVER ever let it come back into production - use separate, physical network gear!): Boot the OS Logon (using the administrator account) Configure the IP address as appropriate Point it to itself for DNS Reboot Seize all the FSMO roles Good luck! -----Original Message----- From: Ian Roche [mailto:[email protected]] Sent: Wednesday, January 28, 2009 4:22 AM To: Active Directory Admin Issues Subject: Copy of the production Active Directory from a live DC to a tes DC Just wondering if anyone has any tips for this one before I do it. Lots on the web about it was looking at following the link below. If its the way to go let me know. All I want to do is to get a test domain controller up and running on a segregated network as one of our departments in hear need to test application changes which uses LDAP authentication . http://www.pbbergs.com/windows/articles/TestDomain.html ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ NOTICE: You cannot bind, alter or cancel coverage without speaking to an authorized representative of CRC/Southern Cross. Coverage cannot be bound without written confirmation from an authorized representative of CRC/Southern Cross. This email and any files transmitted with it are not encrypted and may contain privileged or other confidential information and is intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or entity, or believe that you may have received this email in error, please reply to the sender indicating that fact and delete the copy you received. In addition, you should not print, copy, retransmit, disseminate, or otherwise use this information. Thank you. ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
