Re: Active Directory Test Environment
- From: "Harpreet Sidhu" <HarpreetSidhu@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 31 Mar 2005 10:31:06 -0800
That is definetly an idea worth trying, the only hitch is that I would not be
able to keep the two envrionments in "sync" as I had wanted to for obvious
reasons. Maybe after I set it up this way I could do active directory
restores maybe once a month to try to keep the data somewhat fresh.
Our dns is Ad-integrated so that should be ok, I am also going to try using
NT-backup/restore as suggested in
http://support.microsoft.com/Default.aspx?kbid=249694
I doubt this will work but will let everyone know either way. Thanks for the
idea on introducing a member server and promoting it I will try that out as
well and share the results.
Thanks,
Harpreet
"Ryan Hanisco" wrote:
> Try this:
>
> 1. Create a member server in the domain.
> 2. Promote it to a Domain Controller in your domain
> 3. Move it to your isolated test environment -- and never allow it back
> 4. Seize all FSMO roles with NTDSUTIL
> 5. Remove all DC remnants with NTDSUTIL Metadata Cleanup
>
> You should be in business. Take care with DNS too... You'll be ok if its AD
> integrated, but if its not, make it a secondary, and promote it to primary
> once it is segregated.
>
> DO NOT be tempted to "update" it later to get new changes to the environment
> by allowing these to be on the same network.
> --
> Ryan Hanisco
> MCSE, MCDBA
> FlagShip Integration Services
> Chicago, IL
>
> "Harpreet Sidhu" <HarpreetSidhu@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:5250885C-8D4B-4ED7-95EF-970F69EA1925@xxxxxxxxxxxxxxxx
> > Hi,
> >
> > I am trying to build a test environment that mimics the production
> > environment, I have tried a couple of scenarios to do this but neither has
> > worked too well. Goal is to replicate the entire schema and the AD data in
> > the test environment. Here is what I have tried:
> >
> > 1. Tried to do a bare metal recovery of the DC holding all 5 FSMO roles in
> > the authoritative domain using Tivoli on to a test box by following the
> > outlined procedures from IBM and that did not work at all.
> >
> > 2. Created a child domain under the forest but then the problem is that it
> > is not a TRULEY isolated test environment.
> >
> > 3. Created an isolated environment and used a product called SimpleSync
> > which worked great and brought in all the data but it was a trial version
> > and
> > the real version costs several thousand dollars.
> >
> > What I was wondering was if ldifde or csvde are able to dump the entire
> > directory data ALONG with the schema then i could import that in my test
> > environment and may be even make the procedure into a script so the test
> > is a
> > day behind the production data. Can someone please recommend a simple or
> > RIGHT way of achieving this task. The test network is to have NO
> > visibility
> > to the production network but the production network does have access on
> > the
> > test network. A have put in a small firewall to separate the two with
> > inbound
> > rules from certain IPs over certain ports.
> >
> > Any help or direction would be greatly appreciated.
> >
> > Thanks
>
>
>
.
- References:
- Active Directory Test Environment
- From: Harpreet Sidhu
- Re: Active Directory Test Environment
- From: Ryan Hanisco
- Active Directory Test Environment
- Prev by Date: Active Directory audits
- Next by Date: adding a global group to a local group via command line
- Previous by thread: Re: Active Directory Test Environment
- Next by thread: Re: Re: files there but can't see
- Index(es):
Relevant Pages
|
