NNS PKB170209

   Product Knowledge Base Article ID: 170209 - Last Review: 2009-02-17 - Revision: 1

    Step-by-Step Guide to Create an Active Directory Test Domain with Data from the Production Environment


	On this page: Introduction Export Data from the Active Directory Production Environment Edit the Text-Based Export Files Import Data into the Active Directory Test Environment More Information Applies to
	Introduction Under some circumstances it will be useful to have an Active Directory domain for test purposes based on data from the productive environment. This article describes the steps necessary to create a test domain with data from the production Active Directory domain using NNS ADix v3. In this guide you will perform the following tasks: Export Data from the Active Directory Production Environment: Export the Active Directory objects from the production domain into text-based files. Edit the Text-Based Export Files: Edit the data in the text-based export files. This step can be skipped, if the name of the production domain and domain controller is equal to the name of the test domain and domain controller. Import Data into the Active Directory Test Environment: Import the Active Directory objects from the edited text-based files into the Active Directory test domain. We assume that a test domain is in place an fully functional. Further we assume that your are familiar with Active Directory and NNS ADix v3. Scenario for this guide: There is an Active Directory domain called mydomain.com from which we will import organizational unit objects, group objects and user objects into a test domain called mydomain.test. The domain controller in the production domain is called dc01.mydomain.com and the domain controller in the test domain is called dc01.mydomain.test. .top
	Export Data from the Active Directory Production Environment Every Active Directory object you want to use in your test environment must be first exported from the production Active Directory domain into text-based files. These files will be used to create the AD objects in the test domain. In the steps described below the production domain is called mydomain.com and the test domain is called mydomain.test. In our test scenario we will export organizational unit objects, group objects and user objects, but you can also export other objects (e.g. computer objects, contact objects, etc.). Mandatory export operation settings: Use the following export operation settings for every export operation: Export group membership using the pre-Windows 2000 logon names -> disabled Export the object class for each object to export -> enabled Export the object path for each object to export -> enabled Export the object GUID path for each object to export -> disabled We recommend to create one export file per object class, e.g. create a file for organizational unit objects, one for groups, one for users, etc. *Export objects of type organizationalUnit:* Export the OU structure from the domain mydomain.com into a file called ou.csv. This file will be used to import the OU structure into the domain mydomain.test. Mandatory attributes to export: ou Optional attributes to export: description *Export objects of type group:* Export the groups from the domain mydomain.com into a file called group.csv. This file will be used to import the groups into the domain mydomain.test. Mandatory attributes to export: sAMAccountName, groupType Optional attributes to export: description, mailNickName, proxyAddresses, displayName, ... *Export objects of type user:* Export the user objects from the domain mydomain.com into a file called user.csv. This file will be used to import the user objects into the domain mydomain.test. Mandatory attributes to export: sAMAccountName Optional attributes to export: description, userPrincipalName, sn, givenName, displayName, ... Export the group membership: Export the group membership from every group in the domain mydomain.com into a file called groupmebership.csv. This file will be used to update the group membership for the groups in the test domain. Mandatory attributes to export: member .top
	Edit the Text-Based Export Files Before you can import the files created previously into the test domain, you have the change the domain names and domain controller names in every export file (if the production domain has the same name as the test domain and the domain controller has the same name too, you can skip this step). In the steps described below the production domain is called mydomain.com and the test domain is called mydomain.test. The domain controller in the production domain is called dc01.mydomain.com and the domain controller in the test domain is called dc01.mydomain.test. Changing the domain and domain controller names: In order to change the domain and domain controller names open every export file with an editor (e.g. Notepad) and perform a search/replace for the following strings: Search for dc=mydomain,dc=com and replace with dc=mydomain,dc=test Search for LDAP://dc01.mydomain.com and replace with LDAP://dc01.mydomain.test Search for mydomain.com and replace with mydomain.test After editing the files save them using new names (e.g. you can prefix the files using the string imp-. E.g. save ou.csv as imp-ou.csv). These files will be used for the import operation. .top
	Import Data into the Active Directory Test Environment The files edited and saved in the previous step can now be used for the import operations. Mandatory import operation settings: Use the following import operation settings for every import operation: If object does not exist, create a new object -> enabled Use the pre-Windows 2000 logon name when updating group membership -> disabled Clear the current group membership -> disabled Clear the current group members -> disabled Import operation: In order to import the objects into the test domain, perform the steps described below in the following order: *Import objects of type organizationalUnit:* Import the OU structure from the file called imp-ou.csv into the test domain. This will create the OU structure in the test domain. This step must be the first step when importing the objects. *Import objects of type group:* Import the group objects from the file called imp-group.csv into the test domain. This will create all the groups in the test domain. *Import objects of type user:* Import the user objects from the file called imp-user.csv into the test domain. This will create all the user objects in the test domain. Import the group membership: Update the group membership of every group in the test domain using the file called imp-groupmembership.csv. This step must be the last step, because the group membership can only be set if every object already exists. .top
	More Information There are some Active Directory attributes you can't export or import. E.g. you can't export the attribute userPassword, because this is an write-only attribute. If your test domain requires a password for every security principal, set a new password using the attribute userPassword in the import file. Further you can't import system attributes like objectGUID, objectSID, etc., because these attributes are managed solely by the Directory Service. .top
	Applies To NNS ADix v3 .top