- You could do a backup and a restore
- If you have the same hardware in the test domain and the test network is isolated from the production network, you can just restore the system from a backup. Everything will be there and you will be ready to go. It's good to practice an AD restore once in a while. Once it is restored, you can upgrade the systems to Windows 2003. After the upgrade you would likely want to elevate the domain function to Windows 2003 Native. You would of course, do a backup and restore of the Exchange server as well.
- You could build the test servers in production and move them to the lab.
- You would build your Windows 2000 server and promote it to being a DC in the production directory. Then, you could power it off and move it to the lab. In this way you have a copy of the AD in the lab that matches production at some point in time. You will need to perform some specific steps to clean up residual issues with this type of operation. First, you will need to clean the production AD of any remnants of the AD server you moved to the lab. You are cleaning an orphaned object from the AD. Otherwise the remaining domain controllers will get caught up into trying to replicate to a server that is not there. This is a manual process but is well documented: http://support.microsoft.com/kb/216498
In the test lab you will need to seize all of the FSMO roles for the directory. Remember the test network and the production network CANNOT be connected to one another. You can do a similar operation with Exchange. You can see though that in any complex type of environment, this becomes complex. If you are only testing AD and not Exchange this isn't a bad way to go. Option 1 is still best.
- Recreate Domain objects
- You can build your Windows 2003 system and use LDIFDE.exe to export and import the objects. While this will roughly reproduce the objects you are not likely to get an environment that is truly in line with the production.
This was first published in December 2004