Solved

getting users and objects from prod AD into the test lab for testing. Do I need all attributes? What are the essential ones?

Posted on 2014-12-15
6
122 Views
Last Modified: 2014-12-24
Hello,
We are building the test lab that should mirror prod environment. The main goal is to test restructure of OUs, GPOs consolidations, and DC upgrades from 2003  to 2012. Currently we are on 2003 Forest and Domain Level and schema is upgraded already to 2008 R2 plus we have Exchange 2010 (so we also have exchange attributes in the schema).
Now, I am trying to get users and objects from prod AD into the test lab for testing using LDIF files. Do I need all attributes? What are the attributes that I need and don't need? Or would you advise to try to get ALL the attributes for the testing including exchange?
The goal of our testing is mentioned above. Please let me know.

So, I need to build the query that will have all the necessary attributes.

If you could please add the ones I need to have.

THank you.

Below are the attributes like this which will be included in the import....
-l "cn,givenName,objectclass,sAMAccountName, etc.............."

ldifde -f TestExportLAb1.ldf -s 2k3r2-02 -t 3268 -d "dc=test,dc=lab,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,sAMAccountName"
0
Comment
Question by:creative555
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:VB ITS
ID: 40502255
If the aim is to mirror your production environment then it may be a better idea to restore from a backup as opposed to going through all the trouble of duplicating all the settings and accounts from your live system. There's a lot of nuances that can develop in an environment over time which may not be evident when setting up a test lab from scratch.
0
 

Author Comment

by:creative555
ID: 40507533
Thanks for the response. We didn't have an option to do a restore of prod AD because of client's request. We LDIFDE scripts instead for importing /exporting and now using GPOs scripts to restore GPOs

Please advise, regarding attributes that are essential for testing GPOs, restructure Ou, etc.
I got all the following attributes from Production. IS there any other attributes that I need to transfer?

"cn,givenName,objectclass,sAMAccountName,distinguishedName,instanceType,displayName,name,codePage,countryCode,logonHours,accountExpires,sAMAccountName,objectCategory,company,department,co,telephoneNumber,postalCode,description,title,st,l,c,sn,objectCategory,userPrincipalName"
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40508185
Have a look at this page: http://www.selfadsi.org/user-attributes.htm

Without knowing exactly what AD attributes are actually in use, I can't really answer your question however if you use the link above you can go through each tab in their live environment and note down whatever attributes they have information in and use that with your LDIFDE script.

One thing I did note from your list is that you don't seem to have the memberOf attribute - you'll probably want to include this in case there are some GPOs applying via security filtering :)
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:creative555
ID: 40508411
Oh. THank you. "MemberOf" is a good one that I missed....Will definitely add it. Will confirm to make sure it is working and give you credits.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40508428
You also have objectCategory and sAMAccountName in there twice so you may want to remove the duplicate entries as well.
0
 

Author Closing Comment

by:creative555
ID: 40516900
THank you so much. Excellent answer. This is exactly what I did
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now