Cloning Virtual Domain Controllers in Windows Server 2012
April 1, 2013
In versions of Microsoft Windows Server prior to Windows Server 2012, the process of adding an additional virtual domain controller involved copying data using one of two options during the domain controller promotion process: "Replicate over the Network" or "Using IFM Media."
Depending on the size of the database (NTDS.DIT), it can take a considerable amount of time to copy the Active Directory database with either option.
The new cloning feature introduced in Windows Server 2012, however, not only speeds up the process for building a new additional domain controller but also saves time when it comes to provisioning domain controllers for rapid deployment.
A Windows Server 2012 Virtual Domain Controller running on a Hyper-V Version 3.0 and VMware's vSphere 5.1 knows that it is running on a virtualization platform. This is a significant change from virtual domain controllers running on Windows Server 2008 R2 and earlier.
A Windows Server 2012 Domain Controller running on a virtualization platform comes with cloning and safe restore capabilities features, and these features cannot be disabled. This article is geared primarily towards explaining the cloning process, and we'll leave exploration of the safe restore capability for another time.
To avoid replication of old objects or lingering objects, Microsoft modified the Hyper-V Hypervisor code to include a capability called VM-Generation-ID. The VM-Generation-ID (VMGID) feature allows a Windows Server 2012 Virtual Domain Controller to be cloned safely and successfully.
Beginning with Microsoft Windows Server 2012, there's a new attribute in Windows Server 2012 Active Directory on the computer object of the Virtual Domain Controller and a VM Instance container that is running the Virtual Domain Controller. This attribute is called the VM-Generation-ID unique identifier.
When the Windows Server 2012 Virtual Domain Controller starts up, it matches the data of VM-Generation-ID with the VM Instance container data. If there's a mismatch with the data, Windows Server 2012 Virtual Domain Controller knows that either a snapshot has been applied or a cloning event has taken place. Hence, in the case of cloning event, Active Directory Administrators never need to worry and can safely clone a Virtual Domain Controller running Windows Server 2012.
The following requirements are imposed to successfully clone a Virtual Domain Controller:
Note: The PDC Emulator must be running on a Windows Server 2012 Domain Controller and is required for the following reasons:
The safe cloning feature of VM-Generation-ID provides an opportunity to clone the Windows Server 2012 domain controller successfully. At a high level, the process for cloning involves the following steps: