Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

Establishing a seperate test environment

I am a network guy (Cisco) so I am a bit out of my comfort zone with this one.

My client is in the process of implementing Oracle IAM and want to establish a test environment and I have been assigned the responibility to design a possible solution.  They have previously tried to stage a test environment in the production environment but had a few mishaps doing this.  They now want to instead create a child domain or a completely seperate domain to do this. They want to do this because they require to write to the AD and to exchange servers to test, as well as checking IAM integration. Also they don't want the GL from the Test Exchange server users to be seen by production users.  I know there is an option to hide the users from exchange but there are hundreds of users so this will be too much work to get done and is not an option unfortunately.

the critaria:
AD in the test environment must be able to write to an AD in the production environment (but not affect the actual AD in the production environment). I do not think this is possible unless there is a tick-box to deny replication to other AD in the domain.

I am thinking that a completely seperate domain needs to be established. But then I am uncertain if this will affect the existing domain since they will be using the same network hardware (routers, switches, firewalls, internet connection...etc.)

The environment consists of mainly Windows Server 2008 and some Windows server 2003, Exchange 2010.

Any insight into how this can be done would be very helpful.
Marius Gunnerud
Marius Gunnerud
1 Solution
You can do a P2V of your existing DC's and Exchange, and then power it up in vmWare ESX
vmware P2V Converter.

It's better to keep this out of your domain, on a standalone server grade hardware.

Check this kb on P2V'ing a DC

You can always setup a sub-domain and a test DC, but that wont be a true representation of your existing environment with your existing DC's.
With a P2V type test environment, you essentially have a replica of your production environment, and that is a close approximation of how the actual deployment might look like.

It's better to keep this out of your existing AD.

the adva

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now