Paul
Mon Feb 18 05:39:23 PST 2008
Well I have an article on creating a test domain from your production that
would pretty much cover everything you would need to know.
See if this helps (Create a Test AD Domain)
http://www.pbbergs.com/windows/articles.htm
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Fritz" <fritz@dontbite.com> wrote in message
news:uxkZYU$bIHA.1208@TK2MSFTNGP05.phx.gbl...
> The old site is being phased out completely. Instead of doing proper
> demotion of the old DC's, etc. first... I would like to have a way of
> testing everything at the new site before the actual cut-over date. So
> the short answer is: the two sites will never talk to each other again.
>
> Here's the full story:
> We're ditching one hosting service in favor of another. Both the new and
> the old site have 4 servers in them (App/Web server, Exchange server, SQL
> server and a dedicated DC's - one of the other systems doubles as a backup
> DC). We need to migrate the 4 machines by a specific date. I would like
> to have pretty much everything (except SQL data and Exchange mail,
> obviously) transferred over before the cut over data. The AD data won't
> change until then so I can take care of that first. Once that's done,
> I'll make a backup of Exchange and restore it at the new site. I have
> that procedure almost working in a test environment (still working out a
> few kinks) with RUS not generating e-mail addresses for the restored
> mailbox recipients. The web server and SQL migration will follow.
>
>
> "Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
> news:O8sGys0bIHA.4344@TK2MSFTNGP02.phx.gbl...
>> Are you trying to carve out a dc from the system? Basically a company is
>> divesting itself of a division, etc... Yes you can do this but there
>> are inherent dangers. For one Microsoft will NOT support it, if the two
>> should ever talk again, Microsoft would tell you to rebuild both from
>> scratch. I have done this before, but I understood that the two can
>> NEVER talk to one another again. This is an absolute must. It would be
>> best if you could post what exactly you want to accomplish.
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>>
>>
http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Fritz" <fritz@dontbite.com> wrote in message
>> news:eOH1fc0bIHA.5712@TK2MSFTNGP04.phx.gbl...
>>> That's not going to work for me.
>>> What do you think of the following procedure?
>>> VPN in to the old site with a prospective DC in the new site, add the
>>> VPN'ed system as a DC in the old AD (configure AD DNS and WINS and make
>>> it a GC), wait for AD data to fully propagate to the new DC, disconnect
>>> the VPN, seize the old DC's from AD and take it from there?
>>>
>>> Thank you!
>>>
>>> "Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
>>> news:eeRiDtxbIHA.5208@TK2MSFTNGP04.phx.gbl...
>>>> No
>>>>
>>>> You could run something like csvde to export user id's and then import
>>>> them, but then you will lose all of your security credentials.
>>>>
>>>>
http://www.ss64.com/nt/csvde.html
>>>>
>>>> --
>>>> Paul Bergson
>>>> MVP - Directory Services
>>>> MCT, MCSE, MCSA, Security+, BS CSci
>>>> 2003, 2000 (Early Achiever), NT
>>>>
>>>>
http://www.pbbergs.com
>>>>
>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> "Fritz" <fritz@dontbite.com> wrote in message
>>>> news:%23tcQ2qxbIHA.536@TK2MSFTNGP06.phx.gbl...
>>>>> Hi Paul,
>>>>> Building the trust between the forests can be problematic. Is there a
>>>>> way to do this by backing up the data in one forest and restoring it
>>>>> another (I'm greatly simplifying the process here, of course)?
>>>>>
>>>>> Thank you! :)
>>>>>
>>>>> "Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
>>>>> news:Ozxn2GxbIHA.748@TK2MSFTNGP04.phx.gbl...
>>>>>> If you are building a new forest you can use the Active Directory
>>>>>> Migration Toolkit, that is free from Microsoft. This requires you to
>>>>>> build a trust between the source and destination forest.
>>>>>>
>>>>>> ADMT
>>>>>>
http://support.microsoft.com/default.aspx?scid=kb;en-us;326480
>>>>>>
>>>>>> Download
>>>>>>
http://www.microsoft.com/downloads/details.aspx?FamilyId=6F86937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en
>>>>>>
>>>>>> Webcast
>>>>>>
http://support.microsoft.com/?kbid=325393
>>>>>>
>>>>>> Trusts
>>>>>>
>>>>>> To start would have to establish dns connectivity both ways, usually
>>>>>> the easiest thing to do would be to create secondary's of each others
>>>>>> primary.
>>>>>>
http://expertanswercenter.techtarget.com/eac/knowledgebaseAnswer/0,295199,sid63_gci1104911,00.html
>>>>>>
>>>>>> Once established you can then go and create your external trust, I
>>>>>> wouldn't create a forest trust this established a two trust.
>>>>>>
>>>>>> Creating an External Trust
>>>>>>
http://technet2.microsoft.com/WindowsServer/en/library/b30ef067-746e-4453-b879-804259aafdd31033.mspx?mfr=true
>>>>>>
>>>>>> You would then look at running exmerge if you are looking at moving
>>>>>> mailboxes across
>>>>>>
>>>>>> Download ExMerge
>>>>>>
http://www.microsoft.com/downloads/details.aspx?FamilyID=429163ec-dcdf-47dc-96da-1c12d67327d5&DisplayLang=en
>>>>>>
>>>>>> ExMerge Details
>>>>>>
http://support.microsoft.com/kb/174197
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Paul Bergson
>>>>>> MVP - Directory Services
>>>>>> MCT, MCSE, MCSA, Security+, BS CSci
>>>>>> 2003, 2000 (Early Achiever), NT
>>>>>>
>>>>>>
http://www.pbbergs.com
>>>>>>
>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>>> rights.
>>>>>>
>>>>>> "Fritz" <fritz@dontbite.com> wrote in message
>>>>>> news:uMgmP5nbIHA.1376@TK2MSFTNGP02.phx.gbl...
>>>>>>>I need to find the least painless way to migrate active directory
>>>>>>>with about 20,000 users and an Exchange server to a new set of
>>>>>>>servers at a new location. What's the best way to do this? I need
>>>>>>>to test the procedure before the actual move?
>>>>>>>
>>>>>>> Thank you! :)
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>