Hi I have been tasked with copying our live domain structure into a test environment. In the future this copy will be performed monthly (so must be repeatable via a script or some other automated process) in order to keep test in line with live.
The data I need to get is - Active Directory include DNS – AD - Schema, OU Structure, GPO, Roles, Replication settings, topology
(DNS – Configuration settings such as TTL, Scavenging. NOT all zones, client records)
I am slowly cobbling together a method to do this but I have been thrown in the deep end.
A utility which I could point at a domain controller, click export and job done would be lovely but my company isnt going to be buying anything soon to do this so it looks like I am using windows utilities and a clever script for now.
So far I have figured out how to grab the schema using ldifde, and I know I can use this to grab other AD data, basically I am hoping for a bit of help here because of the syntax and my lack of knowledge. Can anyone point me at some shiny scripts etc I can use / command line arguments etc.
Any help would be great.
Well here is what I would do to do this. I would make a test server join to real domain raise the test machine to domain controller and duplicate all the services that can run on two domain controllers DNS AD obvoisly GP ect. Take the test system off the network move to test area. Here comes the painful part you will have to now turn on all the 1 server Roles on the test machine and both servers will now be pissed off they are missing replication partners... you need to either remove the replication so both can be PDC or deal with all the pissy server messages LOL. I just thought of a second Idea too we have a Backup program that backs up AD and full system this might be the easy way just run a backup from the production server (this can be done in live environment) and restore over test machine everytime you want to update..
Hi thanks for your reply, I suggested this to our domain admin and got a big fat noooo. I work in a very secure environment, (tin foil hats galore) and any chance that things could go wrong and affect many users will get rejected... We also use commvault for our backups but cant use the live backup on test as the backup is keyed to the live environment... Looks like its a massive script \o/
Why not restore a backup of your existing environment into the test environment? Delete any DCs that you did not restore.. so if you have 10 DCs and only need to restore 2 of them.. remove the 8 that are not needed from the AD environment and verify replication. You will need to capture a recent backup within 24 hours and restore them together to make it work though. It is a very simple process.. I would assume this is for testing to upgrade the Win2k3 schema to Win2k8.