• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 140
  • Last Modified:

getting users and objects from prod AD into the test lab for testing. Do I need all attributes? What are the essential ones?

Hello,
We are building the test lab that should mirror prod environment. The main goal is to test restructure of OUs, GPOs consolidations, and DC upgrades from 2003  to 2012. Currently we are on 2003 Forest and Domain Level and schema is upgraded already to 2008 R2 plus we have Exchange 2010 (so we also have exchange attributes in the schema).
Now, I am trying to get users and objects from prod AD into the test lab for testing using LDIF files. Do I need all attributes? What are the attributes that I need and don't need? Or would you advise to try to get ALL the attributes for the testing including exchange?
The goal of our testing is mentioned above. Please let me know.

So, I need to build the query that will have all the necessary attributes.

If you could please add the ones I need to have.

THank you.

Below are the attributes like this which will be included in the import....
-l "cn,givenName,objectclass,sAMAccountName, etc.............."

ldifde -f TestExportLAb1.ldf -s 2k3r2-02 -t 3268 -d "dc=test,dc=lab,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,sAMAccountName"
0
creative555
Asked:
creative555
  • 3
  • 3
1 Solution
 
VB ITSSpecialist ConsultantCommented:
If the aim is to mirror your production environment then it may be a better idea to restore from a backup as opposed to going through all the trouble of duplicating all the settings and accounts from your live system. There's a lot of nuances that can develop in an environment over time which may not be evident when setting up a test lab from scratch.
0
 
creative555Author Commented:
Thanks for the response. We didn't have an option to do a restore of prod AD because of client's request. We LDIFDE scripts instead for importing /exporting and now using GPOs scripts to restore GPOs

Please advise, regarding attributes that are essential for testing GPOs, restructure Ou, etc.
I got all the following attributes from Production. IS there any other attributes that I need to transfer?

"cn,givenName,objectclass,sAMAccountName,distinguishedName,instanceType,displayName,name,codePage,countryCode,logonHours,accountExpires,sAMAccountName,objectCategory,company,department,co,telephoneNumber,postalCode,description,title,st,l,c,sn,objectCategory,userPrincipalName"
0
 
VB ITSSpecialist ConsultantCommented:
Have a look at this page: http://www.selfadsi.org/user-attributes.htm

Without knowing exactly what AD attributes are actually in use, I can't really answer your question however if you use the link above you can go through each tab in their live environment and note down whatever attributes they have information in and use that with your LDIFDE script.

One thing I did note from your list is that you don't seem to have the memberOf attribute - you'll probably want to include this in case there are some GPOs applying via security filtering :)
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
creative555Author Commented:
Oh. THank you. "MemberOf" is a good one that I missed....Will definitely add it. Will confirm to make sure it is working and give you credits.
0
 
VB ITSSpecialist ConsultantCommented:
You also have objectCategory and sAMAccountName in there twice so you may want to remove the duplicate entries as well.
0
 
creative555Author Commented:
THank you so much. Excellent answer. This is exactly what I did
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now