Refreshing Active Directory in Test Lab

[DJO]

We are testing Active Directory account provisioning in our lab and I
was hoping for some suggestions and best practices regarding
refreshing AD.

The lab will have two Windows 2003 DCs. My plan was to take one DC
offline line as an AD baseline. We would then run our account
provisioning tests. After each test we would like to go back to the AD
baseline.

Would the above be the best way to proceed?

Any suggestions or links would be appreciated.

Thanks,

Dave

 

[Jorge de Almeida Pinto [MVP]]

http://blogs.dirteam.com/blogs/jorge/archive/2005/11/20/105.aspx
http://blogs.dirteam.com/blogs/jorge/archive/2005/11/20/107.aspx

see the post and the comments
--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

 

[Chris Calderon]

Yes, you can take a DC off line and resieze the FSMO roles in an
segmented/isolated network which you can use for your lab. From there you
can configure provisioning code towards that environment and use it for
Staging/QA before deploying to Production.

Typically what I do is also have a small development environment to build
the provisioning logic and code. This way you can hammer it as much as you
want to get the base functionality of the business rules. Once you got most
of it working, you'd move the provisioning code to Staging/QA. Here you can
unit test in a mirrored environment of production. This will allow you to
refine the code and fix any bugs. This primarily is for identifying how it
will react in production. Once validated and unit tested you can build a run
book on production deployment.

Much of this is dependent on how large the environment is and what type of
provisioning product you are using. Just to answer you original questions,
you idea is a good way to proceed.

Chris

 

[Herb Martin]

We are testing Active Directory account provisioning in our lab and I
was hoping for some suggestions and best practices regarding
refreshing AD.

The lab will have two Windows 2003 DCs. My plan was to take one DC
offline line as an AD baseline. We would then run our account
provisioning tests. After each test we would like to go back to the AD
baseline.

Maybe the following is obvious but I cannot be sure from
your sentence above so 'just in case':

BEFORE you return the baseline server to the network you will
remove the EXISTING DC by either using DCPromo or re-installing
the OS (I prefer the former unless there is a good reason.)

Also note that you may have to putz around with NTDSUtil to remove
the abandoned DC accounts (both when you go offline to the lab
originally, when you move one of the two offline, and when you
have removed the active test machine and return the offline-baseline
back to the net.)

 

[Ken Aldrich]

Personally I would recommend putting your backup solution to the test.
Whenever I wanted to refresh my test domain I would pull the set of tapes I
needed and rebuild the DCs in the testlab from the tapes. This kept me keen
on restoration proceedures and gave me confidence I could do it in a pinch.
It also gives you a very nice copy of what you need without yanking servers
and doing scary stuff to your production boxes.