dcsimg
Read more on "Server Virtualization Spotlight" »

Steps for Cloning Virtual Domain Controllers Page 2

By Nirmal Sharma (Send Email)
Posted April 1, 2013


1. Preparing the environment

As part of preparing the environmental process, you need to run a set of commands to validate the driver that is responsible for cloning the domain controllers and PDC Emulator, which must be available on a Windows Server 2012 Domain Controller.

Checking availability of VM-Generation-ID Driver

Microsoft Hyper-V 3.0 running on Windows Server 2012 provides a driver called Microsoft Hyper-V Generation Counter (vmgencounter.sys). This driver is responsible for cloning a domain controller. You can easily check the availability of this driver under the Device Manager on the Hyper-V Host.

Checking availability of PDC Emulator Role

The source domain controller must have the control access right (CAR) to allow a DC to create a clone of itself on the domain NC head. By default, the well-known group Cloneable Domain Controllers has this permission and contains no members. The PDCE creates this group when that FSMO role transfers to a Windows Server 2012 domain controller.


2. Authorizing a domain controller as a source for the cloning

Add the source domain controller computer object to the Cloneable Domain Controllers security group so that this domain controller can be used for the cloning. The cloning process checks to see if the current domain controller is designated for cloning virtual domain controllers.


3. Reviewing the list of applications and Services

As part of this process, you need to review the list of applications and services installed on the source domain controller which will be included in the cloning.

Every application or service running on a computer creates Security Identifiers to identify some of its internal components. It is a necessary action to check if there is any application running on the domain controller that will be impacted by the cloning process.

To get the list of applications and services installed, run the following PowerShell command:

Get-ADDCCloningExcludedApplicationList

Once you have the list, check with the application vendor to see if their application is impacted. When you have finalized the list of applications to be part of the cloning process, you need to generate a CustomDCCloneAllowList.XML file using the below command

Get-ADDCCloningExcludedApplicationList -GenerateXML

The CustomDCCloneAllowList.XML file is stored under %SystemRoot%\NTDS\ folder


4. Configuring the source domain controller

At this stage, a PowerShell command is run to generate the DCCloneConfig.XML file in the %SystemRoot%\NTDS folder. The file contains the necessary configuration information for the cloned domain controller. A sample DCCloneConfig.XML file exists in the %SystemRot%\System32 folder. The sample file name is SampleDCCloneConfig.XML.

Run the following PowerShell command to generate the DCCloneConfig.XML file:

New-ADDCCloneConfigFile -CloneComputerName "Name_of_New_DC" -SiteName "Name_of_AD_Site"
-Static -IPv4Address "IP_Address_of_New_DC" -IPv4SubnetMask "Subnet_Mask_for_New_DC"
-IPv4DefaultGateway "Gateway_For_New_DC" -IPv4DNSResolver "IP_Address_of_DNS_Server"

Once the cloning file is generated, shut down the Source Virtual Domain Controller by running the following PowerShell command or using Hyper-V Manager:

Stop-VM -Name "SourceDC" - ComputerName "HyperVHost"


5. Exporting, copying, importing and renaming the source domain controller as a new virtual machine

At this point, the source domain controller is ready with the necessary cloning configuration files. Run the following PowerShell command to export, import and rename the Source Domain Controller:

To Export the Virtual Machine of Source Domain Controller:

Export-VM -Name "SourceDC" - ComputerName "HyperVHost" -Path "E:\ExportedSourceDC"

Copy E:\ExportedSourceDC folder contents to a new Hyper-V Host

To Import and generate a new VM-Generation-ID:

$vm = Import-VM -Path "E:\ExportedSourceDC\SourceDC\Virtual Machines" -Copy -GenerateNewId

Note: GenerateNewID makes it possible for the domain controller to be cloned successfully. If you are importing to the same Hyper-V Host, make sure to use the unique folder locations by specifying the parameters with the Import-VM command as mentioned below:

-VhdDestinationPath
-SnapshotFilePath
-SmartPagingFilePath
-VirtualMachinePath

To rename the newly cloned Virtual Machine:

Rename-VM -VM $vm -New-Name "VirtualDC2"


6. Starting New Virtual Machine

Finally, start the source domain controller and newly imported cloned virtual machine. When the cloned virtual machine starts up, it processes the instructions from the DCCloneConfig.XML file to configure it with a new computer name, IP Address and AD Site, which you had specified during step 4 using the New-ADDCCloneConfigFile command.


7. Wrapping up

Cloned domain controllers will also be part of the Cloneable Domain Controllers group. Make sure to remove the computer object of the newly cloned domain controller from this group.


Conclusion

In this article we learned about the new cloning feature introduced in the Windows Server 2012 as well as the necessary requirements you need to make sure are in place before the cloning process begins. The article also explained the steps involved in cloning a virtual domain controller running Windows Server 2012.


Nirmal Sharma
is a MCSEx3, MCITP and Microsoft MVP in Directory Services. He has specialized in Microsoft Technologies since 1994 and has followed the progression of Microsoft Operating System and software. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to Solution IDs for www.Dynamic-SpotAction.com. Nirmal can be reached at nirmal_sharma@mvps.org.

Follow ServerWatch on Twitter and on Facebook

Page 2 of 2

Read more on "Server Virtualization Spotlight" »

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.