Personally, I'm a fan of using virtualization. The scenario is something like this: Goal: evaluate new applications in real-world simulation of the production environment; be able to test applications to destruction if needed. Secondary Goal: Provide an environment or multiple environment that accurately depicts the production environment that can be provisioned with minimal effort. Possible solution: Use virtual server technology to create domain controllers that can be copied to isolated environments. More detail: By using a virtual server technology, I can introduce a new DC into the environment and try very hard to prevent it from being used by clients (think DNS and branch office deployment scenarios). That VM DC can be shutdown on a scheduled basis (or ad-hoc as needs arise) and I can then copy that VM to a lab VM that uses an isolated environment. Configure the lab as needed for the test and test away. Pros: Provides real-world scenario with point in time data for more accurate testing. Can be mostly automated with scripts and batch files etc. GPO's and other settings are exactly as they are in production. Cons: Can be labor disruptive if I have to reconfigure a lab and rejoin workstations all the time especially if that lab is used for other purposes such as desktop maintenance or development. You could use the ldif export/import. Could also use script if you wanted. Or backup tapes. None of these will allow you to fully test an environment for GPO's and other settings that otherwise wouldn't come over in an export/import. My thoughts anyway. Al
________________________________ From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Tue 9/13/2005 8:44 AM To: [email protected] Subject: RE: [ActiveDir] Importing user from one domain to another Thanks Al. The lab will be isolated, we are trying to replicate the production environment as close as possible. We will use it to test schema extensions, new apps like MIIS, etc. I was under the impression the accounts would be created but set as disabled with a null password. Please advise you have any ideas on how to make this smoother. Thanks again, Travis Abrams ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Tuesday, September 13, 2005 7:23 AM To: [email protected] Subject: RE: [ActiveDir] Importing user from one domain to another Yep. You can even have LDIF do it for you if you wanted. ;) Not sure you have the information you need to create the new users though. You may want to check that. (for example, what are you planning to do about surname or passwords or enabled vs. disabled accounts?) Any particular reason why you are creating this on the a network that can talk to the production network? I don't know the purpose of this lab, but if you want true pre-production lab it might make more sense to use something virtual and isolated. It may be that you have that already and this is something different for all I know. Al ________________________________ From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Mon 9/12/2005 5:06 PM To: [email protected] Subject: [ActiveDir] Importing user from one domain to another We are setting up our lab as the lab.company.com domain. I have an export of our production environment using ldifde -f Exportuser.ldf -s Server1 -t 3268 -d "dc=Export,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,sAMAccountName" . In the file it references our production domain. Can I just replace that reference with our Lab domain? Thanks, Holland + Knight Travis Abrams IT Security & Systems Manager Holland & Knight LLP ________________________________
<<winmail.dat>>
