A simple question... How do you create a "shard" of AD for testing?

There are a couple of ways to make this happen...you "could" spin up a DC and ensure that it also holds a Global Catalog Role, wait for replication to occur, and then physically take it off of the network...and move it to another network...I wouldn't bring that DC back into production for an update....

The other way would be to spin up a new DC and perform a bulk export/import into the new domain with the data from the production domain, and make it a one-way thing.

Here's a link to do that from the MS site...

http://technet.microsoft.com/en-us/library/bb727091.aspx

Hope this answers the question...

jim

+ 1 on Lozano's point. DON'T EVEr mix production and Lab DCs you can harm yourself really quickly.

I used to do that with "good old" Lab Manager by importing (P2V / V2V)  a couple of Domain Controllers ( basically the couple holding the FSMO roles) into the Lab Manager environment and by spinning them up in different "network bubbles" to have different test environments. Always keep them separated from the Production network.

If you are a purist you may need to do some cleanup of the DCs (removing othr DCs and so on) but 90% of the time they work good.

You can also take a single DC and then move all the FSMOs roles to that one: it is easier and doesn't force you to stop two DCs. There are some powershell script that can automate the cleaning and the FSMO movement.

My first question would be, is the entire environment virtual?

If so, maybe leveraging vCloud Director would be a good fit.  VMs can be imported from vSphere into an isolated vApp environment.  Additionally, as different versions of AD/Applications occur, they can be imported into different vApps, giving some rudamentary "versioning."

That's how I would have done it in my last position, had vCloud Director been around when we started...

You did say isolated right?

Hi Chad,

I am going to keep this reply short as I am not an expert on the subject but we do do something similar to this in EMC IT when I was there a long time ago.

I believe you could do this with inter-Site repclition within AD.  Sync then disable or fracture replication between multple sites in the forest. 

http://technet.microsoft.com/en-us/library/cc755994(WS.10).aspx

I suspect our MS ninjas will have more to add then me.

Ben

We used to do this for DR testing in my last place,  we used to use platespin to periodically copy one of the DC's that held some of the main FSMO roles.  We would bring it up on the DR VMware environment where the DR network was ring fenced,  we had a procedure for seizing FSMO roles the DC didn't have and for removing site links that obviously did not exist in the DR world and a few other things to get it up and running cleanly.

The same principal could be applied to a test environment,  it seems Fabio was doing something similar with Lab Manager.

Hi Chad

I have done this in the past with the UTools UMove utility and works great combined with Lab Manager or vCloud director.

more info on utools.com

Sachin