I have a Win2000 AD in a parent/child configuration, and I use VMware ESX. I have a VM of a DC for both the parent and child domains. What I'd like to do is make a private version of my domains, and use it to test things with (specifically, to test upgrading to Win2003, then Win2008). And I'd like to be sure I'm not missing a prep step ..
(I'll list out what I did, in case someone reading this wants to do the same) I have created a new vSwitch, and new Port Groups (cleverly called "Testing Domain" ...). These are not bound to any physical NICs, so they are completely private. I have created a new VLAN for this new vSwitch. Created a new VM, and assigned it's NIC to this new Port Group. Changed the VM IP address range to something other than my production range (i.e., I used 172.16, whereas our production uses a different non-routing subnet). Overkill, perhaps, but makes logical separation clearer. Now, I plan on cloning the 2 VM DCs, and re-assigning the NICs on the new VMs to be part of the new Port Group. That should isolate the 2 VMs completely. Then I will be manually seizing the other FSMO roles using NTDSUTIL (per <http://support.microsoft.com/kb/255504>, "Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller"), and do that for both parent and child domain. So then the VM DC has all the roles for their respective domains. Then I will clean up the AD by removing the references to the other physical DCs that won't be existing in this virtual domain (per <http://support.microsoft.com/kb/216498>, "How to remove data in Active Directory after an unsuccessful domain controller demotion") That should leave me with (effectively) a cloned copy of both of my production domains, with references to all non-VM DCs removed. Have I missed anything so far? Prep questions: Since there will be no DNS / DHCP / WINS in the virtual domain (since those functions are not being provided by VMs in the production domain), I'm guessing it would behoove me to install DNS on the VM DCs before cloning them, so that the virtual domain has working DNS. Since the virtual domain will be very small (a few test workstations), I won't need to bother about DHCP/WINS. But DNS is crucial. I will also need to add a new subnet in "Sites and Services", for this new 172.16 range I am using. Will I/should I delete the other sites and subnets that won't be needed in the virtual domain? Or will that not matter? What am I missing? Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
