Solved

getting users and objects from prod AD into the test lab for testing. Do I need all attributes? What are the essential ones?

Posted on 2014-12-15
6
130 Views
Last Modified: 2014-12-24
Hello,
We are building the test lab that should mirror prod environment. The main goal is to test restructure of OUs, GPOs consolidations, and DC upgrades from 2003  to 2012. Currently we are on 2003 Forest and Domain Level and schema is upgraded already to 2008 R2 plus we have Exchange 2010 (so we also have exchange attributes in the schema).
Now, I am trying to get users and objects from prod AD into the test lab for testing using LDIF files. Do I need all attributes? What are the attributes that I need and don't need? Or would you advise to try to get ALL the attributes for the testing including exchange?
The goal of our testing is mentioned above. Please let me know.

So, I need to build the query that will have all the necessary attributes.

If you could please add the ones I need to have.

THank you.

Below are the attributes like this which will be included in the import....
-l "cn,givenName,objectclass,sAMAccountName, etc.............."

ldifde -f TestExportLAb1.ldf -s 2k3r2-02 -t 3268 -d "dc=test,dc=lab,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,sAMAccountName"
0
Comment
Question by:creative555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:VB ITS
ID: 40502255
If the aim is to mirror your production environment then it may be a better idea to restore from a backup as opposed to going through all the trouble of duplicating all the settings and accounts from your live system. There's a lot of nuances that can develop in an environment over time which may not be evident when setting up a test lab from scratch.
0
 

Author Comment

by:creative555
ID: 40507533
Thanks for the response. We didn't have an option to do a restore of prod AD because of client's request. We LDIFDE scripts instead for importing /exporting and now using GPOs scripts to restore GPOs

Please advise, regarding attributes that are essential for testing GPOs, restructure Ou, etc.
I got all the following attributes from Production. IS there any other attributes that I need to transfer?

"cn,givenName,objectclass,sAMAccountName,distinguishedName,instanceType,displayName,name,codePage,countryCode,logonHours,accountExpires,sAMAccountName,objectCategory,company,department,co,telephoneNumber,postalCode,description,title,st,l,c,sn,objectCategory,userPrincipalName"
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40508185
Have a look at this page: http://www.selfadsi.org/user-attributes.htm

Without knowing exactly what AD attributes are actually in use, I can't really answer your question however if you use the link above you can go through each tab in their live environment and note down whatever attributes they have information in and use that with your LDIFDE script.

One thing I did note from your list is that you don't seem to have the memberOf attribute - you'll probably want to include this in case there are some GPOs applying via security filtering :)
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:creative555
ID: 40508411
Oh. THank you. "MemberOf" is a good one that I missed....Will definitely add it. Will confirm to make sure it is working and give you credits.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40508428
You also have objectCategory and sAMAccountName in there twice so you may want to remove the duplicate entries as well.
0
 

Author Closing Comment

by:creative555
ID: 40516900
THank you so much. Excellent answer. This is exactly what I did
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question