Steps for Cloning Virtual Domain Controllers Page 2
1. Preparing the environment
Checking availability of VM-Generation-ID Driver
Microsoft Hyper-V 3.0 running on Windows Server 2012 provides a driver called Microsoft Hyper-V Generation Counter (vmgencounter.sys). This driver is responsible for cloning a domain controller. You can easily check the availability of this driver under the Device Manager on the Hyper-V Host.
The source domain controller must have the control access right (CAR) to allow a DC to create a clone of itself on the domain NC head. By default, the well-known group Cloneable Domain Controllers has this permission and contains no members. The PDCE creates this group when that FSMO role transfers to a Windows Server 2012 domain controller.
2. Authorizing a domain controller as a source for the cloning
Add the source domain controller computer object to the Cloneable Domain Controllers security group so that this domain controller can be used for the cloning. The cloning process checks to see if the current domain controller is designated for cloning virtual domain controllers.
3. Reviewing the list of applications and Services
As part of this process, you need to review the list of applications and services installed on the source domain controller which will be included in the cloning.
Every application or service running on a computer creates Security Identifiers to identify some of its internal components. It is a necessary action to check if there is any application running on the domain controller that will be impacted by the cloning process.
To get the list of applications and services installed, run the following PowerShell command:
Once you have the list, check with the application vendor to see if their application is impacted. When you have finalized the list of applications to be part of the cloning process, you need to generate a
CustomDCCloneAllowList.XML file using the below command
CustomDCCloneAllowList.XML file is stored under %SystemRoot%\NTDS\ folder
4. Configuring the source domain controller
At this stage, a PowerShell command is run to generate the
DCCloneConfig.XML file in the %SystemRoot%\NTDS folder. The file contains the necessary configuration information for the cloned domain controller. A sample DCCloneConfig.XML file exists in the %SystemRot%\System32 folder. The sample file name is
Run the following PowerShell command to generate the
New-ADDCCloneConfigFile -CloneComputerName "Name_of_New_DC" -SiteName "Name_of_AD_Site"
-Static -IPv4Address "IP_Address_of_New_DC" -IPv4SubnetMask "Subnet_Mask_for_New_DC"
-IPv4DefaultGateway "Gateway_For_New_DC" -IPv4DNSResolver "IP_Address_of_DNS_Server"
Once the cloning file is generated, shut down the Source Virtual Domain Controller by running the following PowerShell command or using Hyper-V Manager:
Stop-VM -Name "SourceDC" - ComputerName "HyperVHost"
5. Exporting, copying, importing and renaming the source domain controller as a new virtual machine
At this point, the source domain controller is ready with the necessary cloning configuration files. Run the following PowerShell command to export, import and rename the Source Domain Controller:
To Export the Virtual Machine of Source Domain Controller:
Export-VM -Name "SourceDC" - ComputerName "HyperVHost" -Path "E:\ExportedSourceDC"
Copy E:\ExportedSourceDC folder contents to a new Hyper-V Host
To Import and generate a new VM-Generation-ID:
$vm = Import-VM -Path "E:\ExportedSourceDC\SourceDC\Virtual Machines" -Copy -GenerateNewId
Note: GenerateNewID makes it possible for the domain controller to be cloned successfully. If you are importing to the same Hyper-V Host, make sure to use the unique folder locations by specifying the parameters with the Import-VM command as mentioned below:
To rename the newly cloned Virtual Machine:
Rename-VM -VM $vm -New-Name "VirtualDC2"
6. Starting New Virtual Machine
Finally, start the source domain controller and newly imported cloned virtual machine. When the cloned virtual machine starts up, it processes the instructions from the
DCCloneConfig.XML file to configure it with a new computer name, IP Address and AD Site, which you had specified during step 4 using the
7. Wrapping up
Cloned domain controllers will also be part of the Cloneable Domain Controllers group. Make sure to remove the computer object of the newly cloned domain controller from this group.
In this article we learned about the new cloning feature introduced in the Windows Server 2012 as well as the necessary requirements you need to make sure are in place before the cloning process begins. The article also explained the steps involved in cloning a virtual domain controller running Windows Server 2012.
Nirmal Sharma is a MCSEx3, MCITP and Microsoft MVP in Directory Services. He has specialized in Microsoft Technologies since 1994 and has followed the progression of Microsoft Operating System and software. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to Solution IDs for www.Dynamic-SpotAction.com. Nirmal can be reached at email@example.com.
Read more on "Server Virtualization Spotlight" »