Re: Cloning a Win 2003 DC

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

bill wrote:
Our network has four domain controllers. We plan to use an "image"
software package to stamp an image of our master DC into a test
environemt (off the network). Assuming the image is good, I'm
concerned that when the image starts up it will "freak out" because
it won't see the other DC's that it did when it was part of our real
network.

Any ideas what to expect or

Same thing that would happen if your "master" DC booted up and was unable to
find the other DCs on your real network. Not a problem in the short term. In
the longer term you will need to do some things to keep housekeeping tidy.

Incidentally, keep in mind that there is no such thing as a "Master DC"; all
DCs are created equal, with the ones holding the FSMO roles being slightly
more equal than others.

better yet, what to do about it?

In the test environment, don't worry too much if its a fairly short term
test *and* the test isn't dependent on AD behaviour. If you don't take my
suggestion #1 below then you'll probably want to make sure all the FSMO
roles are seized by the test environment DC once its up and running in the
lab.

Ensure you take into account things like WINS and DNS as part of your image
move!

In the longer terms, you'll want to either -

1) image the other DCs for the test environment (preferred option imo:
whats the point of doing tests if those tests have no relationship to the
real world?), possibly using virtualisation to keep the costs down.

or

2) Remove the redundant DCs from the test AD, seize any missing FSMO roles
on the test DC, generally make sure no errors show up in event viewer
talking about the other servers...

In either case, and this is obvious but I just want to make sure - you can't
re-introduce any "test lab" images back onto your real network once you
start this.


--
--
Rob Moir, MS MVP
Blog Site - http://www.robertmoir.com
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
I'm always surprised at "professionals" who STILL have to be asked "Have you
checked (event viewer / syslog)".


.

Relevant Pages

  • Re: Mshome is not accessible
    ... Browser: Unable to determine master for network \device\1: 2 ... Unable to get Master: The system cannot find the file specified. ... Master browser name is: HOM200OF002 ... Decided to uninstall Norton Internet Security 2007. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Reinforcement Learning
    ... build its own modules in response to its environment ... cease functioning when you, acting as the designer, ... stop pressing the reward button. ... The brain is clearly some kind of network or family ...
    (comp.ai.philosophy)
  • Re: 50 years later, Marvin Minsky still doesnt get it
    ... environment merely by observing the neural "code" and knowing the ... The first step would in effect be decoding raw sensory data into ... The first half I called the input network. ... For example, when we see a dog, and know that it's a dog, it's not because ...
    (comp.ai.philosophy)
  • Re: Usefulness of Network Intrusion Detection Systems
    ... >track of application data sent over the network as well ... Different applications and protocols present different ... You're forgetting that the IDP may stop the exploit attempting to ... in a university environment where we basically have 15,000 home ...
    (Focus-IDS)
  • Re: Privilege-escalation attacks on NT-based Windows are unfixable
    ... >>> a well secured network. ... >> So you're basically saying that local privilege escalation doesn't ... > environment, this weakness is well behind other, like user writing down ... > security facilities ...
    (comp.os.ms-windows.nt.admin.security)