3

Is there an easy way to do a backup, modify and restore of an active directory instance?

More specifically, I'm looking to do a backup, then change all references of DC=foo,DC=com to DC=foo,DC=dev so that I can setup a development AD.

I've been attempting to use ldifde with no success. I'm hoping someone has a simple script that can help accomplish this, my googles have failed me thus far.

VenomFangs
  • 647
  • 2
  • 7
  • 10
  • Why not just set up a development AD domain from scratch? – joeqwerty Jan 05 '17 at 01:02
  • @joeqwerty, We have an IAM program that interacts with AD. The data from the production AD will help with programming/troubleshooting efforts. – VenomFangs Jan 05 '17 at 01:13
  • 3
    There isn't a script that can do this for you and there's no way to "hack" it. What you could do is to restore to an isolated test environment and then perform a domain rename. - https://technet.microsoft.com/en-us/library/cc738208(v=ws.10).aspx – joeqwerty Jan 05 '17 at 01:20
  • @joeqwerty, what process would you recommend for the backup and restore? – VenomFangs Jan 05 '17 at 01:22
  • 3
    Windows Server Backup. – joeqwerty Jan 05 '17 at 01:25
  • Oddly enough I was just a a place where someone in development asked the backup folks to restore a DC to another server. That dev is no longer employed and it was password changing day at that firm. If you can't create a new forest I'd suggest running this by your security team first, they may take as dim a view on cloning your production directory into a development environment as this firm did. – Jim B Jan 05 '17 at 18:38
  • @JimB, thanks for the comment. The original question relates back to trying to test an IAM system in a test environment before going to a production environment. Intent is that the IAM system does provisioning to AD, and has been having lots of issues that need to be figured out in a lower environment, and not production. The IAM system falls under our security team, so they are fully aware of the request. – VenomFangs Jan 05 '17 at 21:53
  • If they don't understand the exponential risks involved, it's certainly not a problem for me. Were I in your position, I'd not want my name associated with this, and I'd make them do the work. I completely agree with the firm in my example above- this should be a career ending move IMHO. If your IAM is also a provisioning system I'm not at a complete loss as to why it can't create any accounts you need in a new forest. – Jim B Jan 06 '17 at 01:01

0 Answers0