Announcement

Collapse
No announcement yet.

Production AD and Dev AD on same Network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Production AD and Dev AD on same Network

    Hello,

    In the past I have always created simple AD Test environments completely segmented away from the production network.

    However, we have a requirement to created a Dev AD to test some account creation scripts from their production system. Therefore they would like for the Dev AD to be accessible from the production network.

    The Dev environment will be 2003 but recreated / migrated to 2008 as we do the same in production late this year. All DCs will be virtual.

    My initial thought was that I could created the Domain new with a different name and simply recreate the OU structure and permissions on the OUs they plan to test with.

    I am concerned that even if they domains are different names and no trusts etc will be created I am worried some how they would impct each other.

    The only change i plan to make to production would be to create a forward on our DNS servers for the Dev domain.

    Thanks
    Keith

  • #2
    Re: Production AD and Dev AD on same Network

    If you're not going to have a trust, how are you intending to run scripts from one domain against the other?

    Our solution for this kind of scenario was to create our dev environment as a mirror image of the live setup, but everything in VMWare. Assuming you have a backup solution like (but not limited to) Backup Exec, build your dev system by restoring the live backup tapes to the dev virtual machines. Same passwords, same networking, same policies. But it's now an environment you can throw away or run whatever scripts you want to try with no danger to the real system. A couple of servers booting VMWare ESXi 4.1 from an internal USB stick each, 6 SAS drives in a raid 5 array to hold everything, several multi-port NICs if needed. Works a treat.

    Account creation scripts are readily available on the Internet (remember, Google is your best friend.) I spent some time about 2 years ago creating exactly that kind of script, including setting an initial password in the script, reading values for multiple users from a spreadsheet. Not exactly a piece of cake because I have no training for VB, but there's lots of info out there.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: Production AD and Dev AD on same Network

      Thanks RicklesP for the reply.

      The scripts are already created by that team they just want a Dev environment to test on. Also they are looking to bring in another 3rd party solution in the same capacity so hoping to use the dev environment for this as well.

      I was thinking about keeping the 2 domains seperated and in their scripts configure the credentials of a new service account in the dev domain.

      I could make virtual copy of a GC DC, but then it has to be completely isolated and will have to virtualize the existing enrionment as well.

      Comment


      • #4
        Re: Production AD and Dev AD on same Network

        With regard to your concern:
        I am concerned that even if they domains are different names and no trusts etc will be created I am worried some how they would impct each other
        , you do not have to worry, even if there is a trust in place, they would not "impact" each other. You can have as many instances of Active Directory on the same network segment without a problem.

        When it comes to having more than one domain and you want to share resources between them, you would first configure the DNS infrastructures to support it, then create the trusts.
        JM @ IT Training & Consulting
        http://www.itgeared.com

        Comment

        Working...
        X