[Cialug] ask CIALUG: test accounts in the modern environment?

[jim kraai]

I'm working for a large government org (four large state universities and
colleges are well into the process of consolidating their IT systems) with
enterprise-scale systems, user counts, billing, etc., with the full range
of historical mainframe, oracle-as-neo-mainframe, a couple of thousand web
sites, cloud services on the rise, and appear to be 80+% done with a
migration from OpenLDAP to AD.

I'm getting resistance to the idea of creating test accounts for migrating
systems that either weren't on OpenLDAP or had hacked/hybridized auth/auth
code to AD.

I would really appreciate it if anyone would give points on both sides of
the general argument.

The argument I'm formulating at this moment is that it's more secure and
less customer-impactful to have known, controllable test accounts to
perform a full range of tests on than to hunt-and-hope through the existing
user base for accounts to hijack or to manipulate each other's (devs')
accounts for testing.

In my ideal world, I'm thinking of a pool of fleshed out accounts as IT
resources that can each be managed and allocated for internal use with
something like memberships in a custom security group or having a set of
custom security attributes to identify the account, support logging, and
prevent external activities--like billable stuff.