Testing Deployment Processes

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In a lab environment before the pilot program begins, the deployment team must test specific tasks that are essential to the Active Directory deployment process, such as testing account and resource migration from Windows NT 4.0 to Windows Server 2003 Active Directory.

To verify the deployment process in the lab environment:

  • Test disaster recovery.

  • Test account and resource migration.

  • Evaluate delegation, administration, and management.

Test Disaster Recovery

Test disaster recovery in your lab environment to validate that users can log on within an acceptable response time until a failed domain controller is restored and to determine the time that is required to restore the failed domain controller.

To implement a disaster recovery process in your Active Directory deployment, back up the System State data on at least two domain controllers in the lab environment. After you back up the data, you need to test the validity of the backup tape and the restore process. Test the following scenarios:

  • Perform a non-authoritative restore of the domain controller whose directory services database contains corrupted data.

  • Perform an authoritative restore of a domain controller to restore Active Directory data that has been deleted.

Make sure that the tests represent the slowest connection speeds in your environment and the largest number of user accounts.

For example, when you determine the time that is required to restore a failed domain controller, make sure to test the restore of System State data from your backup for any domain controller that is the only one in a site that is connected with a data rate of 128 Kbps or less. In addition, test the restore of System State data from your backup for any domain controller in a domain that contains more than 20,000 user accounts.

When a domain controller is connected to other domain controllers with a data rate that is equal to or greater than 128 Kbps, test your process for installing Active Directory on a new domain controller and letting Active Directory replication repopulate the Active Directory database.

For more information about testing disaster recovery, see the Active Directory Disaster Recovery (.doc) link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.

Test Account and Resource Migration

To test the deployment process for account and resource migration, use the procedures in the chapter for the restructure process that you are planning. Organizations that are planning to restructure Windows NT 4.0 domains can also perform the following tests of their restructure process:

To test the deployment process for account and resource migration

  1. In two or more production Windows NT 4.0 account domains, create new backup domain controllers (BDCs).

  2. Remove the new BDCs from the production network.

  3. Install the new BDCs in the lab environment.

  4. Promote the new BDCs to primary domain controllers (PDCs).

  5. Perform in-place upgrades and restructure the account domains in your lab.

  6. Perform account and resource migrations by using a migration tool such as ADMT.

  7. Verify that migrated accounts have access to resources and retain user profiles.

Evaluate Delegation, Administration, and Management

Evaluate the delegation, administration, and management processes by creating the organizational unit structure that is specified by your Active Directory design. Delegate control of organizational units to specific group accounts that are used for administration. Use these steps to verify the success of the delegation:

To verify successful delegation of control of OUs to specific groups

  1. Log on as a user who belongs to the group account to which you delegated control.

  2. Perform administration tasks on objects within the organizational unit (for example, modify the properties of a user in an account organizational unit).

  3. Try, and subsequently fail, to perform administrative tasks on organizational units to which the administration group does not have delegated control.