Jump to content
Sign in to follow this  
  • entries
  • comments
  • views

Cloning Windows Server 2012 Domain Controllers

Sign in to follow this  


After a busy week in Belgrade where I delivered a session on the new hot features of Windows Server 2012, here I am in Bratislava, where I delivered the same session called “Windows Server 2012: How hot can it be? Show me!”. It seems that this session proved to be a good one (the audience in Belgrade voted for my session as the best 3rd one), so this is why I decided to repeat the session here at the ShowIT Conference in Bratislava.

During this session the audience had the opportunity to discover and see live some of the hottest features of Windows Server 2012, like DirectAccess, DHCP Failover, IPAM, Powershell ISE, the brand new Server Manager, but also I’ve demonstrated how easy is to clone a Domain Controller, in order to rapidly provision additional Domain Controllers.

So let’s start with the preliminary checks: first of all you need to make sure that your virtualization platform supports Domain Controllers Cloning. In order to check that, you should go in the Device Manager of your virtual Domain Controller that you want to clone and in the System devices you should check for the existence of this special device called “Microsoft Hyper-V Generation Counter”:


The presence of this device means that you can safely clone this Domain Controller.

UPDATE: Make sure that your DC is a member of the Clonable Domain Controllers Group.

The next step is to make sure that the owner of the PDC FSMO role is a Windows Server 2012 Domain Controller. You can check this by using Active Directory Users and Computers in the Operations Masters. We have at least one Domain Controller that has Windows Server 2012 installed:


Now let’s proceed by checking for some incompatible services that are already installed on the Domain Controller that cannot be cloned, like DHCP. If I clone the entire DHCP Server I’ll face a problem, because I cannot use two DHCP Servers in the network with the same configuration, I should implement something called DHCP Failover. So for now I should exclude these services. By using a simple powershell cmdlet, I should get the list of all incompatible services, so I should use Powershell and type:

get-ADDCCloningexcludedapplicationlist as below:


So now we know that DHCP Server should be excluded from the cloning operation, we should type the following command to create the CustomDCCloneAllowList.xml file that will contain details about these services. The file is automatically stored in the Windowsntds folder:

get-ADDCCloningExcludedApplicationList –generatexml so this is what we get:


And the file is created:


But what about the computer name of the new DC and its IP configuration? Since we clone the virtual DC, the “copy” will have the same computer name and the exact same IP configuration, so we should change that. We can do this easily by using one more Powershell cmdlet to specify all these details for the new virtual DC (please type this command in one line):

new-addccloneconfigfile –clonecomputername DC3 –static –ipv4address

-ipv4defaultgateway –ipv4subnetmask

-ipv4dnsresolver @(“”,””)

Obviously the new computer name will be DC3, its IP address will be and so on:


The file DCCloneConfig.xml that will be created in the WindowsNTDS folder will be this:


We are almost finished, now we should shut down the virtual Domain Controller that we want to clone and export the virtual machine on the same Hyper-V server or on a different Hyper-V server. The next step is to import the exported virtual machine, but just make sure that you create a new unique ID for this virtual machine during the import operation:


As soon as you finish with the export and import operations, just start both Domain Controllers and let them finish with the process. On the cloned Domain Controller you should see this message:


Congratulations! You just cloned your Domain Controller!!

678 b.gif?host=spanougakis.wordpress.com&blog=5779105&post=678&subd=spanougakis&ref=&feed=1



Sign in to follow this  


Recommended Comments

There are no comments to display.

Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...