<div>
Hi, 
 
I think all of this can be achieved with full backup of DC, specially if it is VM, and then restore on new machine, or restore VM. 
 
Put this on separate LAN, and there you go. 
 
Regards, 
Ivan.
</div>

<div>
I think the most simple way for that might be using LDIFDE command to export OUs, users and groups structure and restore them within development environment. 
 
This is the most clean scenario you can follow and do this very quickly. 
Just take a look at the article on my blog, describing how to do that for OU 
<a href="http://kpytko.pl/active-directory-domain-services/how-to-migrate-ou-structure-from-one-domain-to-another/" rel="ugc">http://kpytko.pl/active-directory-domain-services/how-to-migrate-ou-structure-from-one-domain-to-another/</a> 
 
add -z switch into LDIFDE syntax during import to avoid stop action on import errors i.e. if something already exists. 
 
The same way might be used for users and groups, you need to only modify export filter to 
 
users: 

<pre><code class="code-1 nolinks" id="code-20-41839799-1">ldifde -f c:\users.ldf -r “(&amp;(objectClass=user)(objectCategory=person))” -l objectClass,description,sAMAccountName,givenName,sn
</code></pre>
 
and other attributes you might need. 
 
groups: 

<pre><code class="code-1 nolinks" id="code-20-41839799-2">ldifde -f c:\groups.ldf -r “(objectClass=group)” -l objectClass,description,name
</code></pre>
 
and other attributes you might need. 
 
More about attributes and ldap names you can find on a SelfADSI blog at <a href="http://selfadsi.org/" rel="ugc">http://selfadsi.org/</a> 
 
If you need more support, do not hesitate to ask. 
 
Regards, 
Krzysztof
</div>

<div>
Yes, I agree, Ivan and Sam method works well in my case here. 
Thanks for posting the good Q&amp;A.
</div>

<div>
<div class="content wysiwyg-content">
We want to bring the OU structure of course, as well as groups and users... changing the domain.com to domain.fake along the way. 
 
What's the best approach?
</div>
</div>

We want to bring the OU structure of course, as well as groups and users... changing the domain.com to domain.fake along the way.

What's the best approach?

Copy an entire Active Directory Domain to a dev environment

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).