Yup, build yourself a test domain in VMWare, different ip and subnet address range for it. Set it up like your domain is in production, snapshot your servers before doing any migrations or upgrades, then practice all you want. Revert back to the snapshot and start all over again.
You will find that there will be many benefits of having a test domain. Mine was originally setup to practice the migration from Exchange 2003 to Exchange 2007, so I've got OWA & ActiveSync working, plus other applications that interact with Exchange, test workstations with users & mailboxes etc. That's still in progress, but in the midst of all that, we got a couple of new Cisco ASA boxes, all the configuration & switching over was done to the test domain first, all the bugs got worked out before we went to production with it. The switch was done last weekend during our normal monthly network maintenance outage, the users never knew it happened. Smooth as silk. My point is that with a test domain, you can use it for more that just what you're thinking about here, I've got a sharepoint server, new windows 2008 server, isa box etc. Basically a miniature version of my production domain that I can test with any time something new comes up that I don't want to risk blowing up production with On Thu, Aug 27, 2009 at 10:41 AM, <michael.le...@pha.phila.gov> wrote: > I know a number of folks on this mailing list use VMware, so I thought I > would ask this here. > > I have a VMware ESX cluster, and want to practice the steps for upgrading > my domain from AD 2000 to AD 2003 (then, AD2008 later). I can recall doing > something similar 3 years back with the regular VMware Server, but that > was on a physically isolated network. Here, I want to do it on the > production ESX cluster. > > My AD structure: root domain, and then a child domain. The root domain is > pretty much empty; we use the child domain for all our users, servers, > etc. > I already have a root domain DC and a working domain DC, as VMs. So here's > what I am thinking of doing. > > Create a new vSwitch, but assign it to no physical NICs. That should > completely isolate it. > Create a new port group within this new vSwitch, using a separate, private > IP range (i.e., 172.16.x.x) > Clone each of the 2 DC VMs. > Assign each of the new cloned DCs to the new port group. > Start'em both up. > From the root cloned DC, manually seize all the FSMO roles for the root > domain. > (do I need to use ADSIEDIT to remove references to the other DCs for this > domain?) > - so now the cloned root DC has all the FSMO roles for the root domain > From the child cloned DC, manually seize all the FSMO roles for the child > domain. > (do I need to use ADSIEDIT to remove references to the other DCs for this > domain?) > - so now the cloned child DC has all the FSMO roles for the child domain > > So what I have now is a virtualized copy of my domain structure, with each > of the virtual DCs now having all the FSMO roles for their respective > domains. I will then make a clone of both of these, so that I can always > get back to this particular point in the configuration. > > Have I missed anything so far? > > At this point, I should be able to practice upgrading the domains to 2003 > level. > > Do forest prep/schema prep on the root domain. > Create a Win2003 member server from a template; join to the root domain, > and then install AD on it. It should then pull up the whole domain to be a > 2003 AD domain. > > The process of upgrading the domain to 2003 AD level should upgrade *both* > the root and child domains, right? But (at this point) there are no > Win2003 servers in the child domain, so is the 2003 server handling both > domains at that point? That's where I am confused. > > Pointers/links/personal horror stories needed. > > Thanks > > -- > Michael Leone > Network Administrator, ISM > Philadelphia Housing Authority > 2500 Jackson St > Philadelphia, PA 19145 > Tel: 215-684-4180 > Cell: 215-252-0143 > <mailto:michael.le...@pha.phila.gov> > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke Sent from Newark, TX, United States ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
