How to create a new AD domain from an existing domain?
May 3, 2007 5:47 AM Subscribe
How can I copy an existing Active Directory domain to a new, distinct domain?
How can I copy the the structure and contents of an existing Active Directory domain to a new server such that, when completed, it will look like the first, but will be a distinct domain?
I'm working on a project where we need to develop an integration with the existing domain, but for a lot of obvious reasons we can't work with that domain itself. The basic reason for all this is that both environments need to exist on the same network, but I want to prevent any sort of replication between the two. What I'd like to do is establish a distinct domain on a new machine and then import the structure and contents of the first domain into the second.
I'm not an utter noob with AD, but I'm also far from an expert. Is this much more complicated than exporting the first AD to LDIF, modifying the dc components in the DNs of all the objects, and reimporting into the new machine?
I know I've seen this done before.
How can I copy the the structure and contents of an existing Active Directory domain to a new server such that, when completed, it will look like the first, but will be a distinct domain?
I'm working on a project where we need to develop an integration with the existing domain, but for a lot of obvious reasons we can't work with that domain itself. The basic reason for all this is that both environments need to exist on the same network, but I want to prevent any sort of replication between the two. What I'd like to do is establish a distinct domain on a new machine and then import the structure and contents of the first domain into the second.
I'm not an utter noob with AD, but I'm also far from an expert. Is this much more complicated than exporting the first AD to LDIF, modifying the dc components in the DNs of all the objects, and reimporting into the new machine?
I know I've seen this done before.
I believe you want the Active Directory Migration Tool.
posted by flabdablet at 7:47 AM on May 3, 2007
posted by flabdablet at 7:47 AM on May 3, 2007
Response by poster: rhizome, I'm not really trying to move anything. I guess I'm essentially trying to clone an existing domain with the provision that it will be completely distinct and have no operation connection to the source domain in spite of the fact that it will be on the very same wire.
I want them to look like each other, but not be able to talk to each other.
I think "foo.ad.domain.tld -> foo.ad.other.tld" expresses it best.
posted by hwestiii at 9:20 AM on May 3, 2007
I want them to look like each other, but not be able to talk to each other.
I think "foo.ad.domain.tld -> foo.ad.other.tld" expresses it best.
posted by hwestiii at 9:20 AM on May 3, 2007
The ADMT maybe, or you might have to do a straight rebuild via LDIF export.
posted by rhizome at 10:12 AM on May 3, 2007
posted by rhizome at 10:12 AM on May 3, 2007
The ADMT was designed for exactly what you're trying to do. LDIF's will accomplish it as well but it's slightly more complicated. It will even go further and move a lot of the security information. LDIF's will not do that.
posted by purephase at 11:30 AM on May 3, 2007
posted by purephase at 11:30 AM on May 3, 2007
« Older How do I share files and folders over a home... | The Blinking Cursor of Immense Frustration Newer »
This thread is closed to new comments.
foo.ad.domain.tld -> bar.ad.domain.tld ?
foo.ad.domain.tld -> bar.ad.other.tld ?
quux.ad.domain.tld -> foo.quux.ad.domain.tld ?
posted by rhizome at 7:44 AM on May 3, 2007