Dear, professionals. Everyone has experienced the problem of having a test environment with an isolated domain. In which it is important to have actual objects.
I need to synchronize two identical (same domain) separated ADs. I confess prod AD is AWS Directory Service, the second AD is also AWS Directory Service but is a test environment.
Spent some time looking for a solution.
1. ADMT - not suitable, because it works with domains directly (can`t export). If the two domains are identical, ADMT will not work. But he knows how to transfer passwords.
2. Backup and restore is too heavy and cannot be automated. An exception is the transfer of a virtual machine image, but unfortunately this is not possible in my scenario.
3. Using ldifde. Does not know how to transfer passwords and is morally obsolete.
4. Writing a PowerShell script. It won't be difficult, I've been automating with PowerShell scripts for a long time. But, unfortunately, the password cannot be transferred either.
The main problem is password transfer
Perhaps someone was able to implement AD synchronization with the test environment?
Thank you.
P.S. what if do like this?
prod.contoso.com (prod) -> admt sync -> transfer.contoso.com -> admt sync -> prod.contoso.com (lab clone)
some madness :)
