[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 137
  • Last Modified:

getting users and objects from prod AD into the test lab for testing. Do I need all attributes? What are the essential ones?

Hello,
We are building the test lab that should mirror prod environment. The main goal is to test restructure of OUs, GPOs consolidations, and DC upgrades from 2003  to 2012. Currently we are on 2003 Forest and Domain Level and schema is upgraded already to 2008 R2 plus we have Exchange 2010 (so we also have exchange attributes in the schema).
Now, I am trying to get users and objects from prod AD into the test lab for testing using LDIF files. Do I need all attributes? What are the attributes that I need and don't need? Or would you advise to try to get ALL the attributes for the testing including exchange?
The goal of our testing is mentioned above. Please let me know.

So, I need to build the query that will have all the necessary attributes.

If you could please add the ones I need to have.

THank you.

Below are the attributes like this which will be included in the import....
-l "cn,givenName,objectclass,sAMAccountName, etc.............."

ldifde -f TestExportLAb1.ldf -s 2k3r2-02 -t 3268 -d "dc=test,dc=lab,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,sAMAccountName"
0
creative555
Asked:
creative555
  • 3
  • 3
1 Solution
 
VB ITSSpecialist ConsultantCommented:
If the aim is to mirror your production environment then it may be a better idea to restore from a backup as opposed to going through all the trouble of duplicating all the settings and accounts from your live system. There's a lot of nuances that can develop in an environment over time which may not be evident when setting up a test lab from scratch.
0
 
creative555Author Commented:
Thanks for the response. We didn't have an option to do a restore of prod AD because of client's request. We LDIFDE scripts instead for importing /exporting and now using GPOs scripts to restore GPOs

Please advise, regarding attributes that are essential for testing GPOs, restructure Ou, etc.
I got all the following attributes from Production. IS there any other attributes that I need to transfer?

"cn,givenName,objectclass,sAMAccountName,distinguishedName,instanceType,displayName,name,codePage,countryCode,logonHours,accountExpires,sAMAccountName,objectCategory,company,department,co,telephoneNumber,postalCode,description,title,st,l,c,sn,objectCategory,userPrincipalName"
0
 
VB ITSSpecialist ConsultantCommented:
Have a look at this page: http://www.selfadsi.org/user-attributes.htm

Without knowing exactly what AD attributes are actually in use, I can't really answer your question however if you use the link above you can go through each tab in their live environment and note down whatever attributes they have information in and use that with your LDIFDE script.

One thing I did note from your list is that you don't seem to have the memberOf attribute - you'll probably want to include this in case there are some GPOs applying via security filtering :)
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
creative555Author Commented:
Oh. THank you. "MemberOf" is a good one that I missed....Will definitely add it. Will confirm to make sure it is working and give you credits.
0
 
VB ITSSpecialist ConsultantCommented:
You also have objectCategory and sAMAccountName in there twice so you may want to remove the duplicate entries as well.
0
 
creative555Author Commented:
THank you so much. Excellent answer. This is exactly what I did
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now