Active DirectoryMicrosoft TechnologiesWindows Server

Step-by-Step Guide to clone a Domain Controller

From Windows server 2012 Microsoft introduce feature to allow clone on domain controller. It helps to quickly restore a domain controller in event of failure and also it helps to deploy test environments easily when needed.

In previous, if you clone a domain controller, it will not allow to deploy on same domain or the forest without running sysprep to remove security information before cloning. Then afterwards you need to promote the domain manually. But now when clone domain controller it will do the sysprep and promote process automatically.

For the demo purpose I am using a windows 2012 R2 domain controller which is deployed in Hyper-V environment.
 

1)    Log in to the Source Domain controller as Domain admin or Enterprise administrator
2)    Go to Server Manager > Tools > Active Directory Users and Computers

clone1

3)    Then go to “Domain Controllers” OU. Select the DC needs to clone and right click to select properties.

clone2

4)    Go to member of tab and click on Add.

clone3

5)    Then add security group Cloneable Domain Controllers and click ok.

clone4

6)    Close the mmc and load the windows PowerShell with admin rights. Then type and enter Get-ADDCCloningExcludedApplicationList . This will check the system if there is program which will not compatible with the clone process.

clone5

7)    If it’s comes up with list make sure those services are removed before clone.
8)    After cleanup process type
New-ADDCCloneConfi gFile –Static -IPv4Address “10.10.10.7” -IPv4DNSResolver “10.10.10.2” -IPv4SubnetMask “255.255.255.0” –CloneComputerName “DC2” -IPv4DefaultGateway “10.10.10.1” -SiteName “Default-First-Site-Name”

In here I specify the ip address information it (the clone server) will hold. Also the computer name and site name.

clone6

9)    Once its pass and completed the process, exit from the console and the server.
10)    For next steps we need to turn off the source domain controller. So before proceed make sure organization is aware about the downtime and the impact.
11)    Load the Hyper-V manager and right click on the DC which needs cloning. Then select Turn-off.

clone7

12)    Once its turn off, right click on DC and select export. Then select the path to save the export file.

clone8

clone9

13)    Once export process is completed, right click on the source dc and click on start.
14)    Then in Hyper-V go to Action > Import Virtual Machine

clone10

15)    It will open up the import wizard and click next to continue.

clone11

16)    In next window specify the folder path to the exported DC. Then click next.

clone12

17)    Next window to select the DC and click next

clone13

18)    In next window from the list select “Copy the virtual machine (create a new unique ID )” option can click next.

clone14

19)    In next window it ask for the VM path. You can leave default or the different path based on your requirement. Once done click on next.

clone15

20)    Next it’s ask for storage folder. Again it can change as per requirement. Once done click next.

clone16

21)    Then it gives a summary page. Click on finish to start the import process.

clone17

22)    Once import is completed, right click on the clone dc and click on start.
23)    It will runs under several stages preparing the AD.

clone18

24)    Once process is completed, l logged in to the server as domain admin. In Domain controller OU I can see the new clone dc. Also under site and services I can see the cloned dc located correctly.

clone19

clone20

This is the end of the post and if there is any question feel free to contact me on rebeladm@live.com

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Cyber SecurityMicrosoft DefenderMicrosoft Technologies

Microsoft Defender for Identity Part 02 – Create Directory Service Account

In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *