T
Trust No One®
Hi Folks,
I'm trying to create a new forest which is a essentially a snapshot of our
existing production forest. The plan is to use this as a development forest
for acceptance testing AD applications, scripts, schema updates etc before
rollout to the live forest.
I have done something similar in the past, but in this case the dev forest
was on an isolated lab network. Cloning in this case was adding additional
domain controllers (1 per domain) in the production forest, moving them to
the isolated dev network (keeping the same names)and doing appropriate
cleanups in the production forest.
In this case however the new "dev" forest will be on the same network as the
production forest. This means that server, domain names, dns zone names and
forest names will need to be different for the dev forest.
Has anyone been there done it? If so could you offer any tips on strategy?
Our production forest has a root domain with 3 child domains.
Ideas I have been musing on:
1) Add temporary DCs to each domain in the existing forest. Move these
temporary DCs to an _isolated_ network and bring up a duplicate copy of the
production forest. Change the domain/forest functional levels to Windows
2003 server and rename all the domain controllers and the forest domains.
Return the "renamed" forest to the production network and setup new DNS
zones as appropriate to support the new forest.
2) Create a new forest on the production network, with a similar domain
structure as the production forest. Use ADMT to copy user accounts and
groups from the production forest to the "dev" forest. Use scripts to copy
subnet objects sites/subnets, etc.
Could anyone comment as to the feasibility of these strategies. I haven't
really looked into domain rename, but I assume it can do what I'm proposing
in idea 1?
Any thoughts, comments, suggestions appreciated.
I'm trying to create a new forest which is a essentially a snapshot of our
existing production forest. The plan is to use this as a development forest
for acceptance testing AD applications, scripts, schema updates etc before
rollout to the live forest.
I have done something similar in the past, but in this case the dev forest
was on an isolated lab network. Cloning in this case was adding additional
domain controllers (1 per domain) in the production forest, moving them to
the isolated dev network (keeping the same names)and doing appropriate
cleanups in the production forest.
In this case however the new "dev" forest will be on the same network as the
production forest. This means that server, domain names, dns zone names and
forest names will need to be different for the dev forest.
Has anyone been there done it? If so could you offer any tips on strategy?
Our production forest has a root domain with 3 child domains.
Ideas I have been musing on:
1) Add temporary DCs to each domain in the existing forest. Move these
temporary DCs to an _isolated_ network and bring up a duplicate copy of the
production forest. Change the domain/forest functional levels to Windows
2003 server and rename all the domain controllers and the forest domains.
Return the "renamed" forest to the production network and setup new DNS
zones as appropriate to support the new forest.
2) Create a new forest on the production network, with a similar domain
structure as the production forest. Use ADMT to copy user accounts and
groups from the production forest to the "dev" forest. Use scripts to copy
subnet objects sites/subnets, etc.
Could anyone comment as to the feasibility of these strategies. I haven't
really looked into domain rename, but I assume it can do what I'm proposing
in idea 1?
Any thoughts, comments, suggestions appreciated.