• State Not Answered
  • Replies 2 replies
  • Subscribers 61 subscribers
  • Views 1494 views
  • Users 0 members are here
Options
Related

Use Active Roles Synchronization Service to copy one AD domain to another?

Mireand
over 3 years ago

Hello!

Anyone already tried make a copy of a production AD domain to a test AD domain?

The idea is to have a test AD domain always in sync with the production AD domain (OU Structure, accounts, groups...)

Best regards,

Nicolas

  • 0 over 3 years ago

    (1) You can mimic OU, user, group, computer etc./ object from Prod to Test by use of AR Sync | AD Connector.

    (2) Limitation: all ARS AD Management Workflow Configuration links is stored as SID/GUID (Access Templates Links, Policy Links etc.) SID/GUID is AD-system generated indexes and cannot be copied by AR Sync (1). Therefore, you cannot simply take Prod\SQL\ActiveRoles74 db and move to Test\SQL\ActiveRoles74 and expect Test\ARS to work. You will need to re-link/re-apply all policies and access templets against Test AD OUs, groups GUIDs/SIDs...

  • 0 over 3 years ago in reply to Aidar.Karabalaev

    Thank you!

     (1) is enough for my needs, just wanted to know if it was possible before digging into it!