April 22, 2013

Clone Windows Server 2012 Domain Controller?

As most of you know, cloning a domain controller will cause replication issues in your Active Directory environment and most likely your job. Domain controllers with same SID simply cannot exist in the same AD forest. This is why most of us always promote a domain controller from a new install.

So why would you want to clone a domain controller? You wouldn't but now with Windows Server 2012 Microsoft supports this. Even though cloning a domain controller seems like bad idea to season IT Administrators, it has its advantages. The main advantage is the ability to deploy domain controllers instantly. Especially if you have a large NTDS database, replication can take some time. Additionally you still need to configure the domain controller to meet with your environment standards. Windows Server 2012 supports just that, allowing IT administrators to clone domain controllers on Windows Server 2012 avoiding the typical sysprep and dc promotion. Using Hyper-V, administrator simply craft up the DcCloneConfig.xml file with its unique domain controller settings. Then you copy this file in the NTDS directory. Once this is done, you can export the virtual domain controller and import it as a second domain controller. Also note that you can mount the VHD file and place the DCCloneconfig.xml file in the NTDS directory. For this to work, you need to run Windows Server 2012 Hyper-V and PDC in the environment must be running Windows Server 2012.

How to clone Windows Server 2012 Domain Controller

  1. Create a DcCloeConfig.xml file and configure desired settings.
    Note that Sample file is located at %systemroot%\system32\SampleDCCloneConfig.xml
      <img src="file:///C|/Documents and Settings/Administrator/My Documents/infotechguyz/windowsserver8/CreateaDcCloeConfig.xmlfile.jpg" width="581" height="393" />
  2. Here is the DcCloneConfig.xml attribute glossary

    SiteName - AD site where new DC will be placed
     ComputerName - Host name of new DC
     Address – IP address of new DC
     SubnetMask – Subnet mask of new DC
     DefaultGateway – Gateway of new DC
     DNSResolver – DNS Server IP Address, multiple IPs allowed
     PreferredWINSServer – IP Address of WINS server
     AlternateWINSServer – Alternate WINS IP
  3. Use Get-ADDCCloningExcludedApplicationList powershell command on source domain controller to search for incompatible services and applications. <img src="file:///C|/Documents and Settings/Administrator/My Documents/infotechguyz/windowsserver8/Get-ADDCCloningExcludedApplicationList powershelcommand.jpg" width="597" height="91" />
  4. Once configured, copy the DcCloneConfig.xml and CustomDCCloneAllowList.xml to NTDS folder.
    Note you can use below command to query the NTDS folder. Usually, c:\windows\ntds
     reg.exe query HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /t reg_sz /v "dsa working directory"
  5. Now, simply shutdown the source domain controller and export it!
  6. When the exported VM boots it will promote the domain controller automatically using the xml settings.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)