Re: How to make an AD clone without replication
- From: pdx <pdx@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 5 Jul 2007 22:36:00 -0700
Ken,
I did this and I'm having issues. I restored all servers from backup using
NetBackup 5.1. The restore included
Shadow Copy Components/System State for all servers.
After the restore things look ok but I'm having problems. I can logon with
my domain account on the DCs but not the member servers. Receive the error,
"The system cannot log you on because the domain < > is not avaiable".
In ADUC on DCs user and computer accounts are present but no machines seem
to have connectivity with others. Some examples:
- If I run "w32tm /monitor" on any machine - including the DCs - I receive,
"GetDcList failed with error code: 0x80070057"
- I can ping all servers from all over servers using ip, netbios name and
fqdn.
- Occasionally when I attempt to logon to a DC I recv the error, "Naming
information cannot be located because the specified domain either does not
exist or could not be contacted". This error condition eventually goes away
and then I'm able to logon to a DC.
I'm going to run netdiag and dcdiag and see if they tell me anything
tomorrow but I'm wondering if you have any insight. I have to get this
working by 7pm PST tomorrow and I'm getting a bit anxious.
Thanks
"Ken Aldrich" wrote:
The easiest way to do this is to give your Backup solution a run for its.
money.
It also helps make sure your backups are working and you actually know how
to restore a DC from tape if it ever comes down to it.
I used to just take my most recent backup tapes, bring them into my test
lab, and restore the DCs. Now I've got a test copy, I don't need to have it
replicate or touch my production environment in any way, and I know my
disaster recovery procedures work.
Its a win-win.
--
Ken Aldrich
DSRAZOR for Windows
Visual Click Software, Inc.
www.visualclick.com
"goldfinger" <goldfinger@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:842F1A94-3E7C-4381-ACC6-C6A21A097B85@xxxxxxxxxxxxxxxx
We want to clone a w2k3 active directory contents from a production
environment to a test environment.
For security reasons the new domain must have a other name and further
it's
not allowed to replicate the AD to a new DC, separate it and transfer the
FSMO roles
and rename the domain.
Now I guess which will be the best way to make an AD copy?
After having this restictions I think exporting the AD contents, modify it
and import to a new domain is one way to do this.
Is there a way for cloning to preserves attibutes like GUIDs, SID's and
passwords and to clone all three AD partitions (configuration, schema and
domain name).
What is the right tool for this task? (LDIFDE, ADTM or ???)
- Prev by Date: Auditing and checking the file which have delete by user
- Next by Date: Re: How to uncheck Password cannot change Flag in ActiveDirectory
- Previous by thread: Auditing and checking the file which have delete by user
- Next by thread: Re: Clean Migration from NT to 2003
- Index(es):
Relevant Pages
|
