Multiple test Active Directory envirovments hand in hand with production domain controllers

Posted by MadBoy on Server Fault See other posts from Server Fault or by MadBoy
Published on 2010-12-28T15:07:22Z Indexed on 2010/12/28 15:55 UTC
Read the original article Hit count: 303

What's the best approach of having multiple test environments next to production one?

We have multiple programming teams that build solutions that use Active Directory very often. We have tried different approaches, starting with their own domain controllers (in same subnet), or additional OU's in our production AD that the team gets control over and can create/delete accounts within that one OU.

We thought of possible 4 solutions:

  1. Setting up separate OU's in ou production env.
  2. Creating subdomains for our contoso.com domain like test.contoso.com, something.contoso.com and delegating control to the teams (would we need additional DC's or the two that we have already would be enough to hold this?
  3. Setting up additional test domain controler that has a trust to our main domain and all teams can use the test domain controler as they please.
  4. Setting up single domain controller for every team/project.

We're taking in consideration amount of resources needed, security (for example having multiple domain controlers with multiple passwords may lead users to use simpler passwords) and overall best practices for this scenario.

© Server Fault or respective owner

Related posts about active-directory

Related posts about windows-server-2008-r2