How to copy a Microsoft Active Directory - active-directory

I have two Microsoft Active Directories (AD) on two separate networks. Both networks have the same CIDR.
I am performing an environment copy and need to copy AD1 to AD2. All content in the copy needs to maintain the SIDs. VMs in the target network need to come up with the same IPs and see the target AD and connect and work. Target VMs will be created. User account/user groups/managed service account provisioned on the source image will connect to the new Target AD.
This is a straight environment copy; however, the source AD cannot be copied as an image.
How do I do this?

Related

Passing AD attributes to Realm Joined RHEL 7 box

I have realm joined a rhel7 machine to my Windows AD environment. I was pleased to see that groups were mapped successfully within the rhel7 instance. I was able to see them via the id command.
I have additional AD attributes that I utilize for NTFS file permissions. In this case, i use an AD extension "caveat" to control some folders on an SMB share.
I want to mount the SMB share and have all user attributes working on my already configured Windows Access Controls.
Is this possible?
Thank you

Is it possible to Give IIS Users Permissions Outside of inetpub?

I am trying to give IIS full control permissions to a folder located on the C: drive of the machine that is hosting the website. It contains database files that are necessary for my application. Is there some way to give explicit permissions for IIS?
Someone posted that I could give NETWORK SERVICE full control over the directory, so I've already granted The NETWORK SERVICE account full permissions and I'm still not able to access the database files. Everything works fine when I store a copy of the database files inside of \inetpub\wwwroot folder.
IIS Version 8.5.9600.16384
Look at the Application Pool and grant the permissions to the App Pool identity, or set the identity to a user who has the necessary permissions.
Are you using a local database? if it is local, open port 1433. SQL Connection String
choose the one that suits you

Replace AD with Azure AD

We are using a third-party IT provider that handles our network administration and domain accounts, but as part of moving to a different office and setting up new infrastructure, we are considering dropping that and using Azure Active Directory only.
Researching the topic online seems to indicate that Azure AD is not a complete replacement for on-premises Active Directory, as things like local resource access and group policies outside of Azure would be missing. However, we are moving towards using Azure for most things (file storage, etc), so that should be fine if we still have that functionality there.
Before finalizing the decision to go in that direction, we just need to be certain of a few things:
1) Is there a way to create a new account in Azure AD so that it can be used to login from any machine in the office, without having to create it locally first and then connect the two?
2) Is there a way to sync user data, such as user/desktop files, across any devices the account is used to log into?
3) Is it possible to have an office printer configured in Azure so that it can be used with an Azure AD login, completely independent on any on-premises setup (i.e, not Hybrid Cloud Print, which seems to require an on-premises network/AD to be joined with Azure AD)?
The goal is to be able to log in and work from any internet-connected device, whether in the office or at home, without needing to use a VPN and/or remote desktop, and forego on-premises AD administration.
This is possible as long as the device is joined to Azure AD. Once the device is joined to Azure AD, then newly created cloud-only users can also login to the devices.
Ref: https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join
Enterprise state roaming should help in this aspect. It might not cover everything you are looking for but the important app-specific data and user settings are synced.
Ref: https://learn.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-overview
There is no direct solution from Microsoft for pure cloud scenarios. There are few 3rd party services offered for this.
Ref: https://appsource.microsoft.com/en-us/product/azure/printix.64182edf-4951-40d5-91c8-733e1c896b70
Hope this helps.

Copy / Migrate / Synchronize Active Directory Password across Domain

I am in the middle of an Active Directory Migration and need to keep user passwords synchronized between the old and new environment.
As I want to implement a Service for getting the Job done and don't want to use the API of ADMT (Active Directory Migration Tool) I am in the need of a method to copy Passwords from the old account to the migrated one.
Does anybody know about a Windows API function that is capable of copying passwords from an account across Domains to another one - which is the migrated version of it?

IBM WebSphere Portal & multiple Active Directories with trusted relationship

There are two active directory user registrys with trusted relationship, where users of one directory included in the groups of another directory. I need to configure IBM WebSphere Portal 6.1 on WAS7 that he used those related directories. But when federated repository is configured and I am trying to find users via group there are only those users who are in the same directory as the group. It works like it is independent registrys without trusted relationship.
Is it possible to configure portal server that he understood the trusted relationship of user registrys?
The solution was the usage of Global LDAP search port 3268 (3269) instead of default LDAP ports 389(636) and standalone repository.
Enable following referrals for both WAS security settings and WIM. You will have to edit security.xml and wimconfig.xml manually to accomplish all required changes.

Resources