Active Directory Test Environment

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

I am trying to build a test environment that mimics the production
environment, I have tried a couple of scenarios to do this but neither has
worked too well. Goal is to replicate the entire schema and the AD data in
the test environment. Here is what I have tried:

1. Tried to do a bare metal recovery of the DC holding all 5 FSMO roles in
the authoritative domain using Tivoli on to a test box by following the
outlined procedures from IBM and that did not work at all.

2. Created a child domain under the forest but then the problem is that it
is not a TRULEY isolated test environment.

3. Created an isolated environment and used a product called SimpleSync
which worked great and brought in all the data but it was a trial version and
the real version costs several thousand dollars.

What I was wondering was if ldifde or csvde are able to dump the entire
directory data ALONG with the schema then i could import that in my test
environment and may be even make the procedure into a script so the test is a
day behind the production data. Can someone please recommend a simple or
RIGHT way of achieving this task. The test network is to have NO visibility
to the production network but the production network does have access on the
test network. A have put in a small firewall to separate the two with inbound
rules from certain IPs over certain ports.

Any help or direction would be greatly appreciated.

Thanks

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Try this:

1. Create a member server in the domain.
2. Promote it to a Domain Controller in your domain
3. Move it to your isolated test environment -- and never allow it back
4. Seize all FSMO roles with NTDSUTIL
5. Remove all DC remnants with NTDSUTIL Metadata Cleanup

You should be in business. Take care with DNS too... You'll be ok if its AD
integrated, but if its not, make it a secondary, and promote it to primary
once it is segregated.

DO NOT be tempted to "update" it later to get new changes to the environment
by allowing these to be on the same network.
--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL

"Harpreet Sidhu" <HarpreetSidhu@discussions.microsoft.com> wrote in message
news:5250885C-8D4B-4ED7-95EF-970F69EA1925@microsoft.com...
> Hi,
>
> I am trying to build a test environment that mimics the production
> environment, I have tried a couple of scenarios to do this but neither has
> worked too well. Goal is to replicate the entire schema and the AD data in
> the test environment. Here is what I have tried:
>
> 1. Tried to do a bare metal recovery of the DC holding all 5 FSMO roles in
> the authoritative domain using Tivoli on to a test box by following the
> outlined procedures from IBM and that did not work at all.
>
> 2. Created a child domain under the forest but then the problem is that it
> is not a TRULEY isolated test environment.
>
> 3. Created an isolated environment and used a product called SimpleSync
> which worked great and brought in all the data but it was a trial version
> and
> the real version costs several thousand dollars.
>
> What I was wondering was if ldifde or csvde are able to dump the entire
> directory data ALONG with the schema then i could import that in my test
> environment and may be even make the procedure into a script so the test
> is a
> day behind the production data. Can someone please recommend a simple or
> RIGHT way of achieving this task. The test network is to have NO
> visibility
> to the production network but the production network does have access on
> the
> test network. A have put in a small firewall to separate the two with
> inbound
> rules from certain IPs over certain ports.
>
> Any help or direction would be greatly appreciated.
>
> Thanks

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

That is definetly an idea worth trying, the only hitch is that I would not be
able to keep the two envrionments in "sync" as I had wanted to for obvious
reasons. Maybe after I set it up this way I could do active directory
restores maybe once a month to try to keep the data somewhat fresh.

Our dns is Ad-integrated so that should be ok, I am also going to try using
NT-backup/restore as suggested in
http://support.microsoft.com/Default.aspx?kbid=249694

I doubt this will work but will let everyone know either way. Thanks for the
idea on introducing a member server and promoting it I will try that out as
well and share the results.

Thanks,
Harpreet

"Ryan Hanisco" wrote:

> Try this:
>
> 1. Create a member server in the domain.
> 2. Promote it to a Domain Controller in your domain
> 3. Move it to your isolated test environment -- and never allow it back
> 4. Seize all FSMO roles with NTDSUTIL
> 5. Remove all DC remnants with NTDSUTIL Metadata Cleanup
>
> You should be in business. Take care with DNS too... You'll be ok if its AD
> integrated, but if its not, make it a secondary, and promote it to primary
> once it is segregated.
>
> DO NOT be tempted to "update" it later to get new changes to the environment
> by allowing these to be on the same network.
> --
> Ryan Hanisco
> MCSE, MCDBA
> FlagShip Integration Services
> Chicago, IL
>
> "Harpreet Sidhu" <HarpreetSidhu@discussions.microsoft.com> wrote in message
> news:5250885C-8D4B-4ED7-95EF-970F69EA1925@microsoft.com...
> > Hi,
> >
> > I am trying to build a test environment that mimics the production
> > environment, I have tried a couple of scenarios to do this but neither has
> > worked too well. Goal is to replicate the entire schema and the AD data in
> > the test environment. Here is what I have tried:
> >
> > 1. Tried to do a bare metal recovery of the DC holding all 5 FSMO roles in
> > the authoritative domain using Tivoli on to a test box by following the
> > outlined procedures from IBM and that did not work at all.
> >
> > 2. Created a child domain under the forest but then the problem is that it
> > is not a TRULEY isolated test environment.
> >
> > 3. Created an isolated environment and used a product called SimpleSync
> > which worked great and brought in all the data but it was a trial version
> > and
> > the real version costs several thousand dollars.
> >
> > What I was wondering was if ldifde or csvde are able to dump the entire
> > directory data ALONG with the schema then i could import that in my test
> > environment and may be even make the procedure into a script so the test
> > is a
> > day behind the production data. Can someone please recommend a simple or
> > RIGHT way of achieving this task. The test network is to have NO
> > visibility
> > to the production network but the production network does have access on
> > the
> > test network. A have put in a small firewall to separate the two with
> > inbound
> > rules from certain IPs over certain ports.
> >
> > Any help or direction would be greatly appreciated.
> >
> > Thanks
>
>
>