dcsimg
Read more on "Server Virtualization Spotlight" »

Cloning Virtual Domain Controllers in Windows Server 2012

By Nirmal Sharma (Send Email)
Posted April 1, 2013


In versions of Microsoft Windows Server prior to Windows Server 2012, the process of adding an additional virtual domain controller involved copying data using one of two options during the domain controller promotion process: "Replicate over the Network" or "Using IFM Media."

Depending on the size of the database (NTDS.DIT), it can take a considerable amount of time to copy the Active Directory database with either option.

The new cloning feature introduced in Windows Server 2012, however, not only speeds up the process for building a new additional domain controller but also saves time when it comes to provisioning domain controllers for rapid deployment.

A Windows Server 2012 Virtual Domain Controller running on a Hyper-V Version 3.0 and VMware's vSphere 5.1 knows that it is running on a virtualization platform. This is a significant change from virtual domain controllers running on Windows Server 2008 R2 and earlier.

A Windows Server 2012 Domain Controller running on a virtualization platform comes with cloning and safe restore capabilities features, and these features cannot be disabled. This article is geared primarily towards explaining the cloning process, and we'll leave exploration of the safe restore capability for another time.

Server Tutorials To avoid replication of old objects or lingering objects, Microsoft modified the Hyper-V Hypervisor code to include a capability called VM-Generation-ID. The VM-Generation-ID (VMGID) feature allows a Windows Server 2012 Virtual Domain Controller to be cloned safely and successfully.

Overview

Beginning with Microsoft Windows Server 2012, there's a new attribute in Windows Server 2012 Active Directory on the computer object of the Virtual Domain Controller and a VM Instance container that is running the Virtual Domain Controller. This attribute is called the VM-Generation-ID unique identifier.

When the Windows Server 2012 Virtual Domain Controller starts up, it matches the data of VM-Generation-ID with the VM Instance container data. If there's a mismatch with the data, Windows Server 2012 Virtual Domain Controller knows that either a snapshot has been applied or a cloning event has taken place. Hence, in the case of cloning event, Active Directory Administrators never need to worry and can safely clone a Virtual Domain Controller running Windows Server 2012.

Requirements

The following requirements are imposed to successfully clone a Virtual Domain Controller:

  • Virtualization platform that supports VMGID. VMGID is currently supported on Hyper-V Version 3.0 on Windows Server 2012 and vSphare 5.1
  • Windows Server 2012 operating system running as a Guest Domain Controller
  • PDC Emulator to be available on a Windows Server 2012 Domain Controller before the cloning process begins.
  • Forest Functional Level to be Windows Server 2003 or higher
  • Schema version should be set to 56.
  • Cloneable Domain Controllers group and permissions set on Domain Naming Context of the Source Virtual Domain Controller

Note: The PDC Emulator must be running on a Windows Server 2012 Domain Controller and is required for the following reasons:

  1. A special Cloneable Domain Controllers group is created in the Active Directory and permissions are set for this group on the root of the domain naming context. By default, the group has no members in it. The PDC Emulator, if it is transferred from an earlier domain controller to Windows Server 2012, creates this group if it does not exist already.
  2. The cloning Domain Controller uses the DRSUAPI RPC protocol to contact the PDC Emulator directly for creating the computer object for the Domain Controller which is being cloned.

Cloning

The safe cloning feature of VM-Generation-ID provides an opportunity to clone the Windows Server 2012 domain controller successfully. At a high level, the process for cloning involves the following steps:

  • Preparing the environment
  • Authorizing a domain controller as a source for the cloning
  • Reviewing and generating the list of applications and services
  • Configuring the source domain controller
  • Exporting, copying, importing and renaming the source domain controller as a new virtual machine
  • Starting the new virtual machine
  • Wrapping up

Page 1 of 2

Read more on "Server Virtualization Spotlight" »

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.