asked on

Copy an entire Active Directory Domain to a dev environment

We want to bring the OU structure of course, as well as groups and users... changing the domain.com to domain.fake along the way.

What's the best approach?

ASKER CERTIFIED SOLUTION

Ed OConnor

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Ivan

Hi,

I think all of this can be achieved with full backup of DC, specially if it is VM, and then restore on new machine, or restore VM.

Put this on separate LAN, and there you go.

Regards,
Ivan.

Krzysztof Pytko

I think the most simple way for that might be using LDIFDE command to export OUs, users and groups structure and restore them within development environment.

This is the most clean scenario you can follow and do this very quickly.
Just take a look at the article on my blog, describing how to do that for OU
http://kpytko.pl/active-directory-domain-services/how-to-migrate-ou-structure-from-one-domain-to-another/

add -z switch into LDIFDE syntax during import to avoid stop action on import errors i.e. if something already exists.

The same way might be used for users and groups, you need to only modify export filter to

users:

ldifde -f c:\users.ldf -r “(&(objectClass=user)(objectCategory=person))” -l objectClass,description,sAMAccountName,givenName,sn

Open in new window

and other attributes you might need.

groups:

ldifde -f c:\groups.ldf -r “(objectClass=group)” -l objectClass,description,name

Open in new window

and other attributes you might need.

More about attributes and ldap names you can find on a SelfADSI blog at http://selfadsi.org/

If you need more support, do not hesitate to ask.

Regards,
Krzysztof

Albert Widjaja

Yes, I agree, Ivan and Sam method works well in my case here.
Thanks for posting the good Q&A.