I find it very useful for testing in isolated sites as well. We used it extensively for isolated testing the introduction of up level DCs based on some guidance Glen L gave us years ago
Systematically test computers/application usage and coexistence with W2K8 DCs. 1) For applications running on Windows that find DCs through DCLocator<http://msdn.microsoft.com/en-us/library/ms675983(VS.85).aspx>, move the application servers into the temporary site....during a maintenance window of course. a) Add SiteName string value to netlogon\parameters registry key on the application servers and set it to the temporary site name. SiteName overrides DynamicSiteName written by the dclocator algorithm. Basically you are telling the computer what site it belongs to without having to change/create subnet configuration in AD. b) change the secure channel of the application server to the W2K8 DC using nltest /sc_reset:domain\dcname c) wait until Kerberos tickets expire, or reboot the application server, then have the application owner perform functionality testing. 1) now if the scenario is more complex...client connects to application, which impersonates client to access resources on backend servers, then you will want to do a,b,c on client and backend systems to make the testing as realistic as possible. 2) For LDAP applications running on Windows that use the domain A record to find a DC, add a host file entry on the application server pointing the domain A record to the W2K8 DC a) wait until kerberos tickets expire, or reboot the application server, then have the application owner perform functionality testing. 3) For LDAP applications not running on Windows, identify the mechanism they use to find a DC/LDAP server...probably configured in the application itself...then provide it with the DC A record or domain A record, or SRV record to be used to find the W2K8 DC. a) execute on a test matrix to ensure application functionality. 4) General authentication and ticket processing through the W2K8 DC. Work with business unit managers (aka..guinea pigs) to put their machines into the temporary site (SiteName reg value) and have them perform their normal business functions for a while....tests their machine and locally installed apps ability to use the new DC for auth and queries. From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Wednesday, April 29, 2015 5:49 PM To: [email protected]; [email protected] Subject: [NTSysADM] OT: Forcing a Server's AD Site You may find this helpful: New blog post: Forcing a Server's Active Directory Site http://bit.ly/1OGb4OK<https://urldefense.proofpoint.com/v2/url?u=http-3A__bit.ly_1OGb4OK&d=AwQFAg&c=hLS_V_MyRCwXDjNCFvC1XhVzdhW2dOtrP9xQj43rEYI&r=TA_mjBT8bS0r8rLrnubGjA&m=AjnGBQswDZDW-ydu_VSqmfRJV4UjrIdU6tt4DFfMPsw&s=zFyDI2TVoGrBtCKNOp4hiMAnw2wWj6yvJcpTaNhlOJc&e=> http://theessentialexchange.com/blogs/michael/archive/2015/04/29/forcing-a-server-s-active-directory-site.aspx<https://urldefense.proofpoint.com/v2/url?u=http-3A__theessentialexchange.com_blogs_michael_archive_2015_04_29_forcing-2Da-2Dserver-2Ds-2Dactive-2Ddirectory-2Dsite.aspx&d=AwQFAg&c=hLS_V_MyRCwXDjNCFvC1XhVzdhW2dOtrP9xQj43rEYI&r=TA_mjBT8bS0r8rLrnubGjA&m=AjnGBQswDZDW-ydu_VSqmfRJV4UjrIdU6tt4DFfMPsw&s=TT9pdy20fdCilZcWYmBsffjohp6Lxspl0UO6nHIWqec&e=> PG&E is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/
