How to replicate and set up a test Active Directory DC

Question

I have .net code that will read/write to our local Active Directory domain. The reading part has been tested and works fine, but I wish to test the 'writing' part. My application will be modifying some user profiles in active directory but I don't want to implement this on the live server just in case something breaks. What's the best approach to test 'write' functionality without risking failure of the live server?

Is there a way to replicate Active Directory onto another server and run tests on this new server in isolation of the original Active Directory domain? I was thinking of adding a test machine as a secondary domain controller onto my domain so it replicates the schema. Then taking it off the network and running tests on it, and if it breaks our real domain is no effected by this.

Can some one suggests what is the best approach is to do this? The more detailed the better.. Thanks.

Answer 1

You have basically two options:

1) Set up your own test domain with a full AD infrastructure and test your code there. This is typically quite a good deal of work, and you'll have to switch between your normal work domain, and this test domain for testing purposes. Needs a full fledged server, too.

2) Use AD LDS (Active Directory Lightweight Directory Services) - formerly know as AD/AM (Active Directory/Application Mode). This is an installable Windows service which you can use on a Windows XP or Vista developer machine. It's very close to "real" AD - usually close enough to be good enough for testing.

Marc