Almost all customers that I worked for have an isolated lab that they used for testing and developments. In many cases such environment was created to mimic their production environment. I know of many customers that they will take copies from some of their production Domain Controllers as a base to create their testing/development environment. In these cases the original snapshoot was a true copy of production. Overtime such copy diverges substantially.

 I was evolved with a project to find a solution that insure that such initial copy is updated regularly and in continues synchronization with production. I was looking to achieve a simple, expandable, and unified model to enable application development and testing in a production like environment. The solution insures that all newly created environments stay synchronized with changes in production through high level of automation. The automation process was achieved by: 

1)      Using Microsoft Identity Lifecycle Manager, ILM synchronization engine

2)      Many C# custom code to augment ILM synchronization engine, and

3)      Some VB scripts

The project had several phases. In First phase, we focused on the following tasks:

 We addressed these tasks using combination of technologies and tools. Microsoft ILM was the center piece of the implementation. Using ILM we were able to address task 2 and part of task 4. Addressing task 4 was challenging. Please refer to my posing labeled “Access Control translation through ILM” for further discussion on this item.

We addressed item number 3 by simply backup all GPOs in production and restore them in the isolated environments.  Synchronization of domain SYSVOL was also achieved by similar means

Issam Andoni