Welcome everyone for today’s session on Virtual Domain Controller Cloning in Server 2012.
As we know cloning, copying, snapshots or anything but reinstalling a virtual domain controller wasn’t the best for your Active Directory, instead it would most likely make your existing directory from bad to worse. USN rollbacks, lingering objects, time mismatch and ultimately risking AD corruption.
Starting with Server 2012 DC cloning and Snapshot restoration is supported.
In Server 2012, a new VM-Generation-ID unique Identifier is incorporated as an additional attribute of a Domain Controller’s Computer object in AD as well as of VM host (VM container) which is running Virtual DC instance.
When a Virtual DC running Server 2012 boots up, Server 2012 looks for mismatch between VM-Generation-ID recorded on VM instance and VM-Generation-ID on DC’s computer object in AD. If there is a mismatch windows Server knows of the possible snapshot or cloning event which has occurred, and it pushes the latest RID pool and USN for updated information. This safeguards AD health.
· VM-Generation-ID attribute must be supported on your host hypervisor. VM-Generation-ID support is included in Hyper-V v3 (Server 2012). Other Hypervisor vendors may have the ability but please confirm the version with your vendor support group.
· Source DC must be Server 2012
· PDC role holder must be available to cloned DC and ensure its running Server 2012.
How to Clone your Virtual Domain Controller in Server 2012
Ø Authorize the Source Domain Controller
You will add the source DC, which you will use to close other DC’s to a special Active Directory group called “Cloneable Domain Controllers”. You can find it under Users container.
Best practice is to remove the cloneable DC from this group after completing your task. As cloned DC will also be added to this group. So best you clean it at the end.
Ø Compatible Services to Clone
You need to ensure the services running on your server, if they are compatible with DC cloning. Since certain Software components will be affected after a change in computer name and Security Identifier. You must remove all incompatible software’s prior to cloning; else the process can fail.
Command to list services running on your DC: Get-ADDCCloningExcludedApplicationList
For all incompatible software, you will update them in the Exclude list.
Command to update the list on your DC: Get-ADDCCloningExcludedApplicationList –GenerateXml
And this is how the XML file will look like, found at c:\windows\NTDS:
Ø Configure Source DC to setup new clone DC – DCCloneConfig.xml
You can configure the source DC with set of instructions to clone new DC with specific settings as Network Settings, DNS, WINS, AD Site name, Computer Name etc.
New Clone DC will read the DCCloneConfig.xml file and use these settings while booting up the new Clone DC.
Here is how you will create the DCCloneConfig.xml in powershell
New-ADDCCloneConfigFile -IPv4Address 192.168.1.15 -IPv4DefaultGateway 192.168.1.10 -IPv4SubnetMask 255.255.255.0 -IPv4DNSResolver 192.168.1.20 -Static -SiteName London -CloneComputerName DC2
You can view your DCCloneConfig.xml file from c:\windows\NTDS:
Since I have configured the source DC for cloning and there is not unsupported service and I’m ready to start the cloning process.
Ø Shut down the VM
Shut down the Virtual machine of Source Domain Controller to prepare it for cloning.
You can simply shut down your virtual machine (DC1) or shoot the power shell command let
Stop-VM –Name server2012 –ComputerName AMAN-LAB1
Ø Export the Virtual Machine
Export the Virtual Machine of Source Domain Controller to a Folder Path
Export-VM –Name server2012 –ComputerName AMAN-LAB1 –Path E:\CloneDATA
This usually takes around 5 Minutes to complete but may differ on every environment.
Ø Import the VM
$NewCloneDC = Import-VM -Path "E:\CloneDATE\server2012\Virtual Machines\xyz.xml" -Copy –GenerateNewId –VhdDestinationPath E:\Hyper-V\VirtualHardDisks\DC2
We use a variable ($NewCloneDC) to store the information in it. With the Import-VM switch we point it to path of the xml file and use –copy for copying the vhd data and –GenerateNewID to specify a new generation ID different to source exported VM and this completes the task.
If we are importing it to the same Hyper-V host, it’s important you create a new folder in the hierarchy and import it there. Since the name is same of exported VM you will need to rename it
This takes about 5 minutes again to complete
Ø Rename the New cloned VM
Rename-VM -VM $NewCloneDC -New-Name "DC2"
Ø Power ON new DC
After the renaming step lets power on the source and new VM. New VM will read information from DCCloneConfig.xml and assign itself a new computer name and IP settings.
This should bring up the new DC2 with specified settings.
Hope this was informative and a good experience.
Sorry I disagree, I tested this in my lab and detects that it takes more time to have a template of S.O win2012/r2 clean (vhd or vhdx) and only install the ADDS role and then promote to aditional DC.In addition to clone you must meet certain prerequisites, you must shutdown the source DC and must have an additional DC to PDC, with the traditional method we all know it is easier and faster. I do not see much sense about clone the DC, someone really analyze whether there are advantages.Please take the total time and you'll find out for yourself.Regards