Cloning Virtual Domain Controller In Server 2012 – ACTIVE DIRECTORY 2012

  • Article

cLONING1

 

Welcome everyone for today’s session on Virtual Domain Controller Cloning in Server 2012.

As we know cloning, copying, snapshots or anything but reinstalling a virtual domain controller wasn’t the best for your Active Directory, instead it would most likely make your existing directory from bad to worse. USN rollbacks, lingering objects, time mismatch and ultimately risking AD corruption.

Starting with Server 2012 DC cloning and Snapshot restoration is supported.

In Server 2012, a new VM-Generation-ID unique Identifier is incorporated as an additional attribute of a Domain Controller’s Computer object in AD as well as of VM host (VM container) which is running Virtual DC instance.

When a Virtual DC running Server 2012 boots up, Server 2012 looks for mismatch between VM-Generation-ID recorded on VM instance and VM-Generation-ID on DC’s computer object in AD. If there is a mismatch windows Server knows of the possible snapshot or cloning event which has occurred, and it pushes the latest RID pool and USN for updated information. This safeguards AD health.

Note:

· VM-Generation-ID attribute must be supported on your host hypervisor. VM-Generation-ID support is included in Hyper-V v3 (Server 2012). Other Hypervisor vendors may have the ability but please confirm the version with your vendor support group.

· Source DC must be Server 2012

· PDC role holder must be available to cloned DC and ensure its running Server 2012.

 

How to Clone your Virtual Domain Controller in Server 2012

 

Ø Authorize the Source Domain Controller

You will add the source DC, which you will use to close other DC’s to a special Active Directory group called “Cloneable Domain Controllers”. You can find it under Users container.

clip_image002

Best practice is to remove the cloneable DC from this group after completing your task. As cloned DC will also be added to this group. So best you clean it at the end.

 

 

Ø Compatible Services to Clone

You need to ensure the services running on your server, if they are compatible with DC cloning. Since certain Software components will be affected after a change in computer name and Security Identifier. You must remove all incompatible software’s prior to cloning; else the process can fail.

Command to list services running on your DC: Get-ADDCCloningExcludedApplicationList

For all incompatible software, you will update them in the Exclude list.

Command to update the list on your DC: Get-ADDCCloningExcludedApplicationList –GenerateXml

clip_image004

And this is how the XML file will look like, found at c:\windows\NTDS:

clip_image006

 

 

Ø Configure Source DC to setup new clone DC – DCCloneConfig.xml

You can configure the source DC with set of instructions to clone new DC with specific settings as Network Settings, DNS, WINS, AD Site name, Computer Name etc.

New Clone DC will read the DCCloneConfig.xml file and use these settings while booting up the new Clone DC.

Here is how you will create the DCCloneConfig.xml in powershell

New-ADDCCloneConfigFile -IPv4Address 192.168.1.15 -IPv4DefaultGateway 192.168.1.10 -IPv4SubnetMask 255.255.255.0 -IPv4DNSResolver 192.168.1.20 -Static -SiteName London -CloneComputerName DC2

clip_image008

You can view your DCCloneConfig.xml file from c:\windows\NTDS:

clip_image010

Since I have configured the source DC for cloning and there is not unsupported service and I’m ready to start the cloning process.

 

 

Ø Shut down the VM

Shut down the Virtual machine of Source Domain Controller to prepare it for cloning.

You can simply shut down your virtual machine (DC1) or shoot the power shell command let

 

Stop-VM –Name server2012 –ComputerName AMAN-LAB1

 

Ø Export the Virtual Machine

Export the Virtual Machine of Source Domain Controller to a Folder Path

 

Export-VM –Name server2012 –ComputerName AMAN-LAB1 –Path E:\CloneDATA

clip_image012

This usually takes around 5 Minutes to complete but may differ on every environment.

 

 

Ø Import the VM

$NewCloneDC = Import-VM -Path "E:\CloneDATE\server2012\Virtual Machines\xyz.xml" -Copy –GenerateNewId –VhdDestinationPath E:\Hyper-V\VirtualHardDisks\DC2

clip_image014

We use a variable ($NewCloneDC) to store the information in it. With the Import-VM switch we point it to path of the xml file and use –copy for copying the vhd data and –GenerateNewID to specify a new generation ID different to source exported VM and this completes the task.

If we are importing it to the same Hyper-V host, it’s important you create a new folder in the hierarchy and import it there. Since the name is same of exported VM you will need to rename it

This takes about 5 minutes again to complete

 

 

Ø Rename the New cloned VM

Rename-VM -VM $NewCloneDC -New-Name "DC2"

image

 

 

Ø Power ON new DC

After the renaming step lets power on the source and new VM. New VM will read information from DCCloneConfig.xml and assign itself a new computer name and IP settings.

This should bring up the new DC2 with specified settings.

Hope this was informative and a good experience.