Let’s say you are attempting to re-life a domain controller onto new hardware. To do this you need to install the base machine with the same name as the old DC and bring the new machine to the exact same patch level as the original then restore from backup over that basic install making a duplicate of your old DC.
Once you have installed the base Operating System onto the hardware, you need to connect to the internet and download all the patches needed to bring the new hardware to the same patch level as the old Domain Controller.
However there is a problem: How do I connect the new domain controller to the network to download the latest patches and not have it suffer a name and IP clash with the old domain controller.
Resolution: Use Linux to create a sandbox network
So all you need is a standard desktop computer installed with Linux, with 2 Network Cards and the Squid proxy installed.
Edit your /etc/squid/squid.conf and set squid to allow connection from the sandbox network.
acl our_networks src 10.20.30.0/24
Make sure your linux box knows where the default gateway is on your main network.
Also make sure that no traffic from the new DC can hit your current network. turn off IP forwarding on the linux box so there is no chance of the new DC communicating through the box to your current clients.
Configure the new box to use the linux squid proxy 10.20.30.254:3128 and then download your patches safe in the knowledge it won’t be able to confuse your current DC.
You can even ssh to the Linux box and connect through to the DC to remotely configure it:
Create a ssh tunnel for RDP to the new DC behind the linux box:
ssh -L 3390:10.20.20.1:3389 192.168.100.4
Connect using Remote Desktop
rdesktop -0 localhost:3390