Updates from QA Training

Windows Server Domain Controller Cloning

With Windows Server 2012 Microsoft have introduced some new technologies around Domain Controllers to enable Safe DC Virtualisation.


Paul Gregory | 28 September 2012

With Windows Server 2012 Microsoft have introduced some new technologies around Domain Controllers to enable Safe DC Virtualisation.

These features enable rapid provisioning for Domain Controllers and the ability to use features like snapshots from the virtualisation vendor. In order to be able to use these features the virtualisation hypervisor must support VM Generation-ID a new attribute exposed to the virtual machine from the Hypervisor. Today VM Generation-ID is supported by Hyper-V 3 and vSphere 5.1 but others will follow quickly. In this blog we will look at Domain Controller Cloning for rapid provisioning and another blog will look at the snapshot feature.

Before cloning can start there are a few things that need to be addressed.  These are:

  • The PDC Emulator needs to be Windows Server 2012
  • You CANNOT clone the PDC Emulator (this can be checked using ADUC or PowerShell)
  • The DC you intend to clone has to be added to a new security group called 'Cloneable Domain Controllers'

Having completed the pre-requisite checks the procedure is as follows:

  1. Check to make sure there are no applications installed on the DC that do not support cloning. This can be done by running Get-ADDCClonedExcludedApplicationList if this command returns any applications then those applications have to be investigated to see if they are 'safe' to clone. Generally any applications which rely on unique ID's will have an issue for example DHCP is not supported because of the DHCP Authorization process.
  2. Having investigated all the applications and removed the 'unsafe' ones then the DC can be cloned. If there are any applications that can be cloned they need to be added to the CustomDCCloneAllowList.xml which would be done by running the command Get-ADDCClonedExcludedApplicationList -GenerateXML. This will create an XML file of the allowed applications and store the file in the same folder as the NTDS.DIT database. If this step is not completed and there are applications installed which the cloning process sees as unsafe the cloning will fail.
  3. The clone command is the run to setup the cloning. The command New-ADDCCloneConfigFile is run. This command accepts a range of parameters from the name of the new DC to static IP settings for the new DC. The settings will be stored in an XML file called DCCloneConfig.xml this file is stored in the same folder as the NTDS.DIT file as well.
  4. Once the command has been completed shutdown the source DC and export the virtual machine. Once the export is complete the source DC can be restarted. The new virtual machine can then be imported onto another host and booted. As part of the boot process the DC will detect it has been cloned and personalise itself using the details in the DCCloneConfig.xml file.

Please watch this video to see this feature in action, or attend a training course on Windows Server 2012  @QATraining


QA Training | Paul Gregory

Paul Gregory

Head of Microsoft Infrastructure

A Microsoft Certified Trainer since 1995, Paul has worked both for and with some of the world's leading IT Services organisations – including Unisys, Dell and Microsoft during the Microsoft Windows (TAP) Technology Adoption Programme. Paul specializes in delivering training around the Windows Operating system as well infrastructure and management solutions around System Center going right back to SMS 1.0. Paul is a frequent visitor to Microsoft's Global Headquarters in Seattle to attend early product workshops and for many years has delivered training courses around the world on behalf of Microsoft. In addition to being actively involved in Microsoft's Windows TAP programme, Paul has recently delivered both Microsoft's Private Cloud 2012 readiness training to partners in the UK and was a member of the Microsoft global training team delivering Windows Server 2012 early adopter training. During recent years Microsoft has requested Paul to deliver System Center training at both Redmond and The South American head office to Microsoft Partners.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.