How do you set up test AD environments?

I am often asked how PowerShell can be used to set up test or lab Active Directory environments – and frankly could not come up with a single comprehensive answer – different people need different things in their labs.

Here’s what I do personally:

If I need to create a bunch of test accounts I just do something like:

1..20 | foreach-object { New-QADUser -Name "TestUser$_" -SamAccountName "TestUser$_" -ParentContainer mydomain.local/demo}

This creates accounts with no password set and disabled. If my demo needs enabled accounts I can just use the -UserPassword switch to set the password and Enable-QADUser to enable the accounts.

I often just use PowerGUI to randomly select a few users and set their City and/or Department. I guess I could do that with a pretty easy script randomly setting the values.

And then I can create groups and populating them by selected criteria, e.g.:

Get-QADUser -Department Sales | Add-QADGroupMember DL.Sales

There’s also a part of me telling that a better way would be to just create a CSV file instead and import the data:

Import-CSV c:\users.csv | ForEach-Object { New-QADUser -Name $_.Name -SamAccountName $_.Name -Department $_.Department -ParentContainer mydoman.local/demo }

Alternatively, one could user Get-QADUser (Get-QADObject, etc.) to retrieve data from a real domain, and re-create the data in a test environment. This obviously is a bad idea for external public demos but sounds like a good way to do test environments.

What are you doing for your test and demo environments? Any help/advice needed in doing what you want to do?

Tags: , , ,

About these ads

7 Responses to “How do you set up test AD environments?”


  1. 1 Rob December 12, 2007 at 1:45 pm

    If I needed to duplicate a subset of the objects in a complex domain to a test lab, I’d be tempted to use the ADSchemaAnalyzer tool and ADAM. Once you’ve got the objects you want replicated to the ADAM database, move it to the lab and script the population of the new AD domain from that.

  2. 2 gpoguy December 12, 2007 at 2:42 pm

    Also, surprisingly the GPMC (Group Policy Management Console) includes two scripts–CreateEnvironmentFromXML.wsf and CreateXMLFromEnvironment.wsf that will duplicate a production AD domain into a test one. It includes the entire OU structure, GPOs, groups and users, if you choose.

  3. 3 xaegr December 13, 2007 at 5:31 pm

    2 gpoguy:
    Great! Tnx! :)

    If you need some random accounts that looks real, you can download lists of popular names and surnames from this page: http://www.census.gov/genealogy/names/names_files.html

    Then take only most popular names to powershell variables:

    $last = gc dist.all.last | select -First 1000
    $firstm = gc dist.male.first | select -First 100
    $firstf = gc dist.female.first | select -first 100

    and filter to exclude all statistical information:

    $last = $last | ?{$_ -match “^(\S+)”}|%{$matches[1]}
    $firstf = $firstf | ?{$_ -match “^(\S+)”}|%{$matches[1]}
    $firstm = $firstm | ?{$_ -match “^(\S+)”}|%{$matches[1]}

    now create $rnd object for generating random numbers, and function for creating random user (it will add male and female users with equal chance):

    function New-RandomAdUser ($Parent){
    if($rnd.next(2) -eq 1)
    {$fn = $firstm[$rnd.next($firstm.length)]}
    else
    {$fn = $firstf[$rnd.next($firstf.length)]}
    $ln=$last[$rnd.next($last.length)]
    New-QADUser -Name “$f $l” -SamAccountName $l -ParentContainer $Parent
    }

    And just call it some times to create users:
    1..100 | foreach {New-RandomAdUser “testdomain.local/TestUsers”}


  1. 1 Setting demo AD environments « Dmitry’s PowerBlog: PowerShell and beyond Trackback on December 14, 2007 at 5:02 pm
  2. 2 AD User Provisioning from CSV Got Easier « Dmitry’s PowerBlog: PowerShell and beyond Trackback on January 21, 2008 at 8:03 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




My Recent Tweets

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

December 2007
M T W T F S S
« Nov   Jan »
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Follow

Get every new post delivered to your Inbox.

Join 2,329 other followers

%d bloggers like this: