With the release of Windows Server 2012 Edition, Microsoft featured a new way in which Domain Controllers can be deployed in an Active Directory infrastructure. This new method offers the possibility of cloning an active DC from your environment, but several requirements must be fulfilled before you can successfully clone a DC: A server that’s running Hyper-V which hosts a VM. A second Domain Controller that’s running within the same AD domain with PDC Emulator operations master role. The Domain Controller that will be cloned must not run the PDC Emulator operations master role.
We’ll need to add the source Domain Controller to the Cloneable Domain Controllers security group in Active Directory. To achieve this result you can use either Active Directory Users and Computers or Active Directory Administrative Center consoles:
Once the DC has been successfully added to the required security group, we have to run Get-ADDCCloningExcludedApplicationList cmdlet to review the software that can potentially interact with our cloning operation. Note that not all applications can be used in this mechanism so the cmdlet will display a list with those must be excluded:
To add these programs and services to the exclusion list, execute Get-ADDCCloningExcludedApplicationList with the –GenerateXml option. Note that the following command will create the XML file in C:\Windows\NTDS:
Get-ADDCCloningExcludedApplicationList -GenerateXml -Path C:\Windows\NTDS –Force
After you’ve executed this command, simply run Get-ADDCCloningExcludedApplicationList again and view its output. You should see something similar to the following screenshot:
You can navigate to the XML path and view its content. Remember that if applications that were displayed when executing Get-ADDCCloningExcludedApplicationList are not added to the exclusion list, the whole cloning operation will fail so make sure to generate the XML file:
Next thing we’ll have to do is create the DC configuration file by using the New-ADDCCloneConfigFile cmdlet. This command supports multiple parameters so you can use the Get-Help New-ADDCCloneConfigFile -full cmdletto view each of them. Note that you can specify the IPv4Address, IPv4DNSResolver, IPv4SubnetMask, IPv4DefaultGateway, PreferredWINSServer, CloneComputerName and many others:
New-ADDCCloneConfigFile -Static -IPv4Address “192.168.10.10” – IPv4DefaultGateway “192.168.10.11” -IPv4DNSResolver “192.168.10.10” -IPv4SubnetMask “255.255.255.0” -Static -CloneComputerName “Srv-DC02” “192.168.10.10”
The cloned machine will automatically detect this file and configure the settings added here. The cmdlet will verify if the PDC Emulator role is hosted on the source DC, if the computer is member of the Cloneable Domain Controllers security group and if all programs and services that do not support this cloning operation have been placed in the CustomDCCloneAllowList XML file:
All that’s left to do is to export the Virtual Machine using Hyper-V Manager console or Powershell and then import the cloned Domain Controller. You can use the Export-VM –Name Srv-DC02 –Path D:\VMs command to export the virtual machine using Powershell. It’s easier to use the Export button from Hyper-V Manager console if you prefer the GUI. The import command in Hyper-V Manger can be used with the Create a New Unique ID option to import the cloned machine. Alternately you can use the Import-VM –Path ‘path_to_VM.XML’ –Copy –GenerateNewId cmdlet from Powershell to perform the same operation. Once the import procedure is completed, you can start both machines and see the results.
That’s about it for this cloning procedure folks, as you can see, the new Domain Controller cloning feature added with Windows Server 2012 is pretty intuitive and easy to understand. If you have any misunderstandings feel free to pot a comment and I’ll respond as soon as possible. Wish you a wonderful day and stay tuned for the following articles.
