Announcement

Collapse
No announcement yet.

AD Dupe Subnet and Repair

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Dupe Subnet and Repair

    Good evening I have finally run out of places to look or I am not fitting the puzzle pieces together correctly.

    Senario: Okay I am trying to repair a really screwed up AD forest which anyone in their right mind would say drop the DC and make a new on from scrath thats how bad it is. Do to it beeing a ticking timebomb I do not want to resurect AD in production but rather create a new subnet spin up a new DC clone the current DC then break the trusts so nobody authenticates to it with the exception of a few who are beeing subjected to a test group.

    With that beeing said I have never done this before and are semi lost when I say semi lost I men I understand the scope of what needs to be done I believe. Anyhow my questions are as fallows.

    1. Can the test group users still access objects (file shares, and other objects) from the old subnet but reside on the new subnet I was thinking sites and services may be of some help but I do not know.

    2. I do not want Replication to the PDC from the new Subnet DC all I want the new DC to do is talk to is a select group of people (GPO Security groups and distribution groups.) However retain all Users / Computers etc. (Is this Possible)

    Thank you for your input

  • #2
    Re: AD Dupe Subnet and Repair

    Ok, You need to ellaborate further what you like to achive
    From you writing I belive, you like to create a new DC / domain and then move all your old AD accounts to new one and then decomission your old domain and DC. During this phase all new AD object in your new domain can access resources in your old domain.
    Is that you after?

    Comment


    • #3
      Re: AD Dupe Subnet and Repair

      One more thing how did you realized your existing AD is in devastate condition. I found its more easier and time effective to revamp existing structure rather than buiding a new one.

      Comment


      • #4
        Re: AD Dupe Subnet and Repair

        Can you tell us more about how "screwed up" it is?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: AD Dupe Subnet and Repair

          Ok so heres the deal the existing DC has been promoted demoted 4 times within a month before the company I contacting for fired the previous techs. in that servers are in the users OU not the default users OU a newly created one. trusts are broken all over the place sid are screwed and after an AD helth check only primary funtions of the DC passed. When I started here I said I would like to uild a new DC on a different subnet with the exact same data and tree structure as what is in place now. I do not want anyone authenticating to this new DC with the exception of a few test users. As it stands I have corrected all issues to PDC so trusts are repaired etc.. however the tree itself and other things need to be repaired. eventually I am adding Distribution groups, DFS and other junk to the DC But I do not want to affect the production environment while this is being done. I have built DC's before off site and slapped them in place when it was done however since they hired a bunch of guys who had no business in a DC junking the mess out of it continuously for three years straight the director of IT and some AX server guys here is gun shy and does not want me to make production changes but rather build a new DC on a new ProEdge but within this organization so that the AX server guys can rest their little noggins.

          Comment


          • #6
            Re: AD Dupe Subnet and Repair

            Well it wouldn't be as easy as you thinking. Do you have Exchange server and other AD dependant services running on old Domain? Do you know you cann''t have same name of new domain \ Tree as your old domain? Even if you thinking to creatge new forest still forest name should different from new one. Check if you can have your domain level to Windows 2003. if You can have domain Windows 2003 , then after moving all your AD objects we can rename your domain same as old one. If AD is so dusty husky rusty why not you start creating a brand new enviro.

            Comment


            • #7
              Re: AD Dupe Subnet and Repair

              A new environment may be the best option thank you for your input.

              Comment

              Working...
              X