Creating a test lab

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello,
I am trying to create a test lab that replicates our production
environment as much as possible. Can I take a backup of the production domain
controller and restore it to the lab to get started? We do use AD-integrated
DNS so that's not a problem. I am concerned that the DC is not the root DC
and is just a PDC emulator and doesn't hold enough roles to get the lab
started. Thanks.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:155FE245-26EC-4EFF-BDDF-BCAD3F2C30C5@microsoft.com,
Mizzleman <Mizzleman@discussions.microsoft.com> made this post, which I then
commented about below:
> Hello,
> I am trying to create a test lab that replicates our production
> environment as much as possible. Can I take a backup of the
> production domain controller and restore it to the lab to get
> started? We do use AD-integrated DNS so that's not a problem. I am
> concerned that the DC is not the root DC and is just a PDC emulator
> and doesn't hold enough roles to get the lab started. Thanks.

Usually restoring the system state as a non-authoratative restore will do
the trick. But you are saying it is not the "root" DC? Does that mean the DC
is in a child domain or is it not the first DC created in your domain,
assuming the only domain in the forest?

Normally the first server created in a forest holds all five FSMO roles,
including being a GC (which is not a FSMO role, but rather a service running
on a DC). If you were to recreate it in a test environment as the only DC,
you would need to forcibly transfer all the FSMO roles to this one machine
so it will properly operate, which may or may not be critical, depending on
the role and what functions are attempted to perform on it.

You can also use Ghost to transfer an image of the machine. Either way, you
would have to manually update any changes to mimic the productiion
environment.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks for the reply Ace. You are correct, this DC is not the first in the
domain. I have restored from the production domain and when I try to start AD
Users and Computers I get a cannot locate or contact domain. Could this be a
DNS issue?

"Ace Fekay [MVP]" wrote:

> In news:155FE245-26EC-4EFF-BDDF-BCAD3F2C30C5@microsoft.com,
> Mizzleman <Mizzleman@discussions.microsoft.com> made this post, which I then
> commented about below:
> > Hello,
> > I am trying to create a test lab that replicates our production
> > environment as much as possible. Can I take a backup of the
> > production domain controller and restore it to the lab to get
> > started? We do use AD-integrated DNS so that's not a problem. I am
> > concerned that the DC is not the root DC and is just a PDC emulator
> > and doesn't hold enough roles to get the lab started. Thanks.
>
> Usually restoring the system state as a non-authoratative restore will do
> the trick. But you are saying it is not the "root" DC? Does that mean the DC
> is in a child domain or is it not the first DC created in your domain,
> assuming the only domain in the forest?
>
> Normally the first server created in a forest holds all five FSMO roles,
> including being a GC (which is not a FSMO role, but rather a service running
> on a DC). If you were to recreate it in a test environment as the only DC,
> you would need to forcibly transfer all the FSMO roles to this one machine
> so it will properly operate, which may or may not be critical, depending on
> the role and what functions are attempted to perform on it.
>
> You can also use Ghost to transfer an image of the machine. Either way, you
> would have to manually update any changes to mimic the productiion
> environment.
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
> Infinite Diversities in Infinite Combinations.
> =================================
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:433D7204-FC6A-40AE-B6BF-8C430B03C9CA@microsoft.com,
Mizzleman <Mizzleman@discussions.microsoft.com> made this post, which I then
commented about below:
> Thanks for the reply Ace. You are correct, this DC is not the first
> in the domain. I have restored from the production domain and when I
> try to start AD Users and Computers I get a cannot locate or contact
> domain. Could this be a DNS issue?
>

It may be more than a DNS issue, but let's start there. Is DNS on the
machine you restored in the lab? If so, it should only point to itself in
DNS. If this is the only DC in the test environment, did you make suree it's
holding all the FSMOs roles? Is it a GC too?

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Yes it has AD-integrated DNS. It is a GC but doesn't hold any FSMO roles when
I took the backup in production.

"Ace Fekay [MVP]" wrote:

> In news:433D7204-FC6A-40AE-B6BF-8C430B03C9CA@microsoft.com,
> Mizzleman <Mizzleman@discussions.microsoft.com> made this post, which I then
> commented about below:
> > Thanks for the reply Ace. You are correct, this DC is not the first
> > in the domain. I have restored from the production domain and when I
> > try to start AD Users and Computers I get a cannot locate or contact
> > domain. Could this be a DNS issue?
> >
>
> It may be more than a DNS issue, but let's start there. Is DNS on the
> machine you restored in the lab? If so, it should only point to itself in
> DNS. If this is the only DC in the test environment, did you make suree it's
> holding all the FSMOs roles? Is it a GC too?
>
> Ace
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:92C7FC8B-1E2B-46AB-BD11-62383E67BFA8@microsoft.com,
Mizzleman <Mizzleman@discussions.microsoft.com> made this post, which I then
commented about below:
> Yes it has AD-integrated DNS. It is a GC but doesn't hold any FSMO
> roles when I took the backup in production.

Ok, if the DC you have in your test lab that you restored from backup of the
production DC doesn't hold any of the FSMO roles, (as you indicated in your
original post), and I'm assuming you've checked all five roles, it would be
a good idea to seize the all the roles to this machine in order for it to
function properly. I'm providing a few links (below) to explain the roles
(197132) and how to transfer them (255690), and how to seize them using
ntdsutil (255504) in case there are any questions with the steps involved.
You can also use the GUI (255960) to seize them as well, but it appears to
'time-out' when you do it that way. I would suggest the ntdsutil method, but
either way it will work. Post back once completed and let us know how you've
made out.

197132 - Windows 2000 Active Directory FSMO Roles:
http://support.microsoft.com/?id=197132

234790 - HOW TO How to Find FSMO Role Holders:
http://support.microsoft.com/?id=234790

255690 - HOW TO View and Transfer FSMO Roles in the Graphical User
Interface:
http://support.microsoft.com/?id=255690

255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller:
http://support.microsoft.com/?id=255504

Chapter 7 - Managing Flexible Single-Master Operations:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/distrib/dsbl_fsm_DJNW.asp

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks for info. It may be a little while before I work on it, as I'm in the
middle of putting out some fires. I'll post back later.

"Ace Fekay [MVP]" wrote:

> In news:92C7FC8B-1E2B-46AB-BD11-62383E67BFA8@microsoft.com,
> Mizzleman <Mizzleman@discussions.microsoft.com> made this post, which I then
> commented about below:
> > Yes it has AD-integrated DNS. It is a GC but doesn't hold any FSMO
> > roles when I took the backup in production.
>
> Ok, if the DC you have in your test lab that you restored from backup of the
> production DC doesn't hold any of the FSMO roles, (as you indicated in your
> original post), and I'm assuming you've checked all five roles, it would be
> a good idea to seize the all the roles to this machine in order for it to
> function properly. I'm providing a few links (below) to explain the roles
> (197132) and how to transfer them (255690), and how to seize them using
> ntdsutil (255504) in case there are any questions with the steps involved.
> You can also use the GUI (255960) to seize them as well, but it appears to
> 'time-out' when you do it that way. I would suggest the ntdsutil method, but
> either way it will work. Post back once completed and let us know how you've
> made out.
>
> 197132 - Windows 2000 Active Directory FSMO Roles:
> http://support.microsoft.com/?id=197132
>
> 234790 - HOW TO How to Find FSMO Role Holders:
> http://support.microsoft.com/?id=234790
>
> 255690 - HOW TO View and Transfer FSMO Roles in the Graphical User
> Interface:
> http://support.microsoft.com/?id=255690
>
> 255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
> Controller:
> http://support.microsoft.com/?id=255504
>
> Chapter 7 - Managing Flexible Single-Master Operations:
> http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/distrib/dsbl_fsm_DJNW.asp
>
> Ace
>
>
>
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:C67C1AD4-C35D-4CC1-A689-38865EC99E40@microsoft.com,
Mizzleman <Mizzleman@discussions.microsoft.com> made this post, which I then
commented about below:
> Thanks for info. It may be a little while before I work on it, as I'm
> in the middle of putting out some fires. I'll post back later.

Ok. Looking forward to your results.

Ace