Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Copy Current Server 2008 R2 State to Virtual Machine, And RADIUS Server

Answered Copy Current Server 2008 R2 State to Virtual Machine, And RADIUS Server

  • Thursday, May 10, 2012 10:22 AM
     
     
    Sign In to Vote
    0

    Hi,

    This is my first post, be kind! I have a server running 2008 R2 with the following roles:

    Active Directory

    DHCP

    DNS

    File Services

    Network Policy and Access

    Print and Document

    Web server

    and WSUS

    I wish to make some sort of image from the server (which is live and cannot go down) so i can put it into a virtual machine for testing new features. Advise on the best way to do this is what Im looking for.

    The second part is I want to test a RADIUS setup. Am I correct in thinking that I can use RADIUS to authenticate WIFI users and only WIFI users. As well as possible a small re-direction proxy.

    Any help on this is greatly appreciated

     

All Replies

  • Thursday, May 10, 2012 11:56 AM
     
     
    Sign In to Vote
    1

    Hello,

    you can use P2V conversion BUT NEVER connect that machine with the original network.

    See here about http://technet.microsoft.com/en-us/library/cc764232.aspx but of course this depends on the used Hypervisor where the machine should run on, so which one are you planning to use?

    Normally you should NOT convert DCs, better is to demote the server P2V it and then promote it again. But as this is for testing you can do it that way.

    Additional i like to mention that it is recommended to have at least 2 DC/DNS/GC per domain for fail-over and redundancy. Additional you should NOT use a DC, it is the heart of the domain!!!!, as web server and connect directly to the internet with this. You open a big door for attackers if the DC is that way accessible.

    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

     
  • Thursday, May 10, 2012 12:45 PM
     
     
    Sign In to Vote
    0

    Hi,

    Thanks for the reply, I checked out that article, am I right in thinking it will not affect the server as it is running. you mention not to do it on a DC, I cannot demote it and have two servers that could be used as fail-overs but wouldn't, they don't have the bandwidth available. The physical and virtual will not be on the same network of course. As I type this it sounds like a worse and worse idea! Do you know a way I can just copy the AD and Group Policies over?

    note: The web server role is installed but not used, nor is there direct access to the internet for the server.

    Regards Sebastian Burrell MCP, MCTS


    • Edited by SebBurrell Thursday, May 10, 2012 12:45 PM
    •  
     
  • Thursday, May 10, 2012 1:08 PM
     
     Answered
    Sign In to Vote
    1

    Hello,

    you cannot copy AD and GPOs, if you ONLY need that AD part then just install a second DC to the domain, make it DNS/GC and let them replicate all information. Assure the existing one use AD integrated DNS zones.

    After the second DC has all AD information disconnect the DC and NEVER reconnect. Then run metadata cleanup on the production domain according to http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx and cleanup also DNS zones and zone properties, DNS Name server tab.

    On the TEST machine you MUST seize the FSMO roles and reconfigure the time service after seizing them, either to an external time server or to use the internal hardware clock. If that is done also on this DC you have to run metadata cleanup.

    And again NEVER reconnect the 2 DCs or use the TEST machine on the production domain or connect production clients to it.

    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Marked As Answer by SebBurrell Thursday, May 10, 2012 2:55 PM
    •  
     
  • Thursday, May 10, 2012 1:29 PM
     
     
    Sign In to Vote
    0

    Hi,

    Thanks for the reply, unfortunately I don't have the resources for that solution. But the information was very helpful. I will just manually re-create what is necessary for the test.

    In regards to my second question, when implementing a RADIUS server through NPS on 2008 R2, again this would be from the DC, can I set it to only require authentication from wireless 802.11 connections? This is to increase security for the wireless portion of the network but not affect the current workstation users.

    Thank you for all the help

    Regards Sebastian Burrell MCP, MCTS

     
  • Thursday, May 10, 2012 2:30 PM
     
     
    Sign In to Vote
    0

    Hello,

    for networking questions please ask in http://social.technet.microsoft.com/Forums/en/winserverNIS/threads

    But be aware that using a DC for this is also a bad idea. A DC should only run AD/DNS/GC and that's it. It is the heart of the domain and also multihoming a DC, more then one NIC or ip address, is bad practice and results in multiple problems.

    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

     
  • Thursday, May 10, 2012 2:56 PM
     
     
    Sign In to Vote
    0

    Hi,

    Thank you for the help I will re-post in relevant thread.

    Regards

    Sebastian Burrell MCP, MCTS