So, one of the things I have always known is that it is important to have a test environment prior to making changes in your normal production domain/forest. One of the challenges I have always seen with this is how to create a test environment that closely matches what you have in production. Recently, I have learned more about this and will lay out some of the things I have done to create a test environment.
With the advent of virtual machines, this process is made much simpler. I have setup my Hyper-V machine with a few machines to try to match my existing production environment:
- Root DC – 2008 R2 SP1
- Child Domain DC – 2008 R2 SP1
- Client – Windows 7 SP1
- Client – Windows XP SP3
- File Server – 2008 R2 SP1
In my Hyper-V environment, I have also setup an internal network. In this case, an internal network means that the virtual machines can all talk with each other as well as communicate with the host machine while still being isolated from the rest of my production forest. This communication with the host gives me the means to copy files from my host into my test environment. (Make sure you set the IP address on the Virtual Internal network card to match with your test environment!)
Exporting Information from Root Domain
Once you have your Root DC up and running in your test lab, now it is time to get all of the information from your Root DC exported. To do this, I performed a couple of steps.
Export Schema
To export the schema, I ran the following at an administrative command prompt on a root DC:
- ldifde -f PRODSchema.ldif –d CN=Schema,CN=Configuration,DC=WS08DOMAIN01,DC=local
Export Environment
The next step is to get the entire environment exported from your Root domain. In this case, I want to include users, groups, OUs and GPOs. To do this, I found this nifty script from Microsoft called CreateXMLFromEnvironment.wsf. (For the download location on these, go to References below.) Then, you can run a command similar to this:
- cscript CreateXMLFromEnvironment.wsf ./XML/RootAD.xml /T
emplatePath:./XML /includeallgroups /includeusers
One thing I found in my environment was that it didn’t seem to capture users in the Users container, so I moved users I wanted to capture into a different OU.
Importing Information into Test Root Domain
Now that I captured the data from my production root domain, I now imported this information into my test root domain controller.
Import Schema
Importing the schema is fairly straightforward. You can use a tool called AD DS/LDS Schema Analyzer to compare the differences between your production schema and the default schema in your test lab. (This is installed when you install the role Active Directory Lightweight Directory Services.) Then, using this to compare your schemas, you can create an LDIF file with just the portions of schema that are new. In my case, the elements that were new included SMS/SCCM schema updates, as well as a few from an older Symantec firewall product (that never really seemed to work 
). Once you have the new LDIF file, you can run a command similar to this:
- ldifde -i -f MissingElements.ldf -c dc=X DC=WS08DOMAIN02,DC=net
(For complete details on this, see the technet article referenced below.)
Import Environment
Now, the final step to get your environment up and running is to import the Users, Groups, OUs and GPOs onto your test DC. This time, we are using a different script from the MS GPMC sample scripts called CreateEnvironmentFromXML.wsf. Here is the command line I ran:
- cscript CreateEnvironmentFromXML.wsf /xml:./XML/RootAD.xml /CreateUsersEnabled /PasswordForUsers:”SomePasswordHere!”
Now, as easy as that we have our production root domain mirrored in our test domain.
Child Domain
Follow the steps above for exporting and importing the environment from your child Domain into your child test domain and you are ready to begin playing! You will notice that it doesn’t import any computer objects as it would be harder to use those objects. Instead, you will create any test client machines and servers in your test environment.
Conclusion
I hope this information is helpful as you set up your testing systems. Remember that if you don’t have a testing environment, your production environment is a test environment.
References:
http://technet.microsoft.com/en-us/magazine/2009.04.schema.aspx – Exporting/Importing Schema
http://www.microsoft.com/downloads/details.aspx?FamilyId=38C1A89B-A6D2-4F2A-A944-9236999AEE65&displaylang=en – Download location for Group Policy Management Console Sample Scripts
http://msdn.microsoft.com/en-us/library/aa814151(VS.85).aspx – Information about GPMC Sample Scripts