Help in duplicating production AD into test domain Copy AD..

[Tony]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi I am working a project where I need to duplicate my production network in
a test enviroment. production is a Win 2000 Domain running in mixed mode with
Exchange 2000 and 20003 servers. Can someone point me in the right direction
of the best way to copy all user, computer,and group objects into the new
test domain which is also running Windows 2000 in mixed mode. Currently have
about 16000 objects in AD.

Any help is greatly appreciated,
Tony Davis

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Tony wrote:

> Hi I am working a project where I need to duplicate my production network in
> a test enviroment. production is a Win 2000 Domain running in mixed mode with
> Exchange 2000 and 20003 servers. Can someone point me in the right direction
> of the best way to copy all user, computer,and group objects into the new
> test domain which is also running Windows 2000 in mixed mode. Currently have
> about 16000 objects in AD.
>
> Any help is greatly appreciated,
> Tony Davis
>
>

This is how *I* would do it. Create your structure of OUs first, then use csvde
to export your user and group accounts and use csvde to imoprt them into the
other domain. I haven't tried that with machine accounts though. You may not be
able to do those properly. Also, if you have password policies enforced you will
have to temporarily disable them as csvde does not import passwords and AD will
prevent the accounts from being imported due to blank passwords not meeting
password requirements.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Tony" <Tony@discussions.microsoft.com> wrote in message
news:ACD3B82E-1735-4877-925E-C033857BF13D@microsoft.com...
> Hi I am working a project where I need to duplicate my production network
in
> a test enviroment. production is a Win 2000 Domain running in mixed mode
with
> Exchange 2000 and 20003 servers. Can someone point me in the right
direction
> of the best way to copy all user, computer,and group objects into the new
> test domain which is also running Windows 2000 in mixed mode. Currently
have
> about 16000 objects in AD.
>
> Any help is greatly appreciated,
> Tony Davis
>
>
>
We just went through this very thing. Since there is a great lack of
documentation on this subject we promoted a domain controller in our
production AD, then took it off the prod network and plugged it into a
separate physical lab network. That gave us what we wanted (replica AD) but
left us with two unclean and possibly unstable ADs.

From there we used 'ntdsutil' and cleaned up the metadata on the production
network. In the lab, it was a bit more dicey. We first had to sieze all the
FSMO roles to the lone DC in the lab, then we proceeded to do metadata
cleanup on the rest of the "dead" domain controllers, removing all the
sites, site links - leaving the one site and site link for the lab DC of
course.

Eventually we got a working copy of our AD in a test lab, but it took a lot
of messing around to get AD happy again. Netdiag, dcdiag, and ntdsutil
proved (again) to be invaluable tools. The event veiwer was also suprisingly
descriptive as well.

We had also tossed around the idea of doing system state restores, but we
couldn't get the same hardware in the lab as we did in the lab and we felt
that would make things even more difficult.

As far as possibly keeping them somewhat synch'ed - I have no idea and that
is a challenge for us. So if anyone on the list has any ideas on how to
synch two unlike directories together it would be appreciated.

HTH,

AJ Schroeder

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

If you want to synchronise two ADs use the IIFP --a free download from
Microsoft.

It's a cut down version of MIIS just for AD and AD/AM

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net