AD domain controller cloning

Virtualized Domain Controllers can be cloned though copying of the VHD(x) is not supported. The cloning process must be followed to ensure domain and data integrity are kept.

The following prerequisites need to be met.

  • PDC emulator is windows 2012 or about
  • PDC emulator is online at time of cloning
  • Cloned DC is windows 2012 or above
  • Virtualization host platform supports VM-Generation ID

Authorize the source domain controller for cloning

To clone a domain controller is must be a member of the Cloneable Domain Controllers security group. This is found in the ….. container of ADUC  or the below powershell command can be used.

Get-ADComputer <sourcedc> | Foreach-Object {Add-ADGroupMember -Identity “Cloneable Domain Controllers” $_.SamAccountName }

Remove incompatible services or programs or add them to the CustomDCCloneAllowList.xml file

Get-ADDCCloningExclusionApplicationList cmdlet needs to be run to get a list of any applications that  will prevent cloning. Once done, un-install the applications or if they want pose a problem to cloning add them to the CustomDCCloneAllowList.xml file by running the following

Get-ADDCCloningExcludedApplicationList -GenerateXML

A good is that if the services or application identified above are Microsoft’s  such as DHCP then they should be removed.  Also stand alone MSA are not supported an must be removed,  gMSA are supported.

 Create DCCloneConfig.xml

A DCCloneConfig.xml file needs to be created using:

New-ADDCCloneConfig

With following parameters:

  • -CloneComputerName       Specifies the clone DC computer name.
  • -IPv4Address                        Specifies the static IPv4 address of the cloned computer.
  • -IPv4SubnetMask                Specifies the static IPv4 subnet mask of the cloned computer.
  • -IPv4DefaultGateway          Specifies the static IPv4 default gateway address of the cloned computer.
  • -IPv4DNSResolver               Specifies the static IPv4 DNS entries.

 

Take the source domain controller offline

Shut down the domain controller,  to do this in powershell run cmdlet  Stop-Computer

Copy or export the source VM and add the XML if not already copied

Copy the disks manually, without Hyper-V or export the VM, using Hyper-V

Create a new virtual machine from the copy

Create a new VM and associate the copied disk to it or import the exported VM.

Start the new virtual machine to commence cloning

Ensure that the PDC emulator is online and start the virtual machine.  Powershell: Start-VM

 

 

 

Leave a Reply