Essays academic service


An introduction to the three important points about active directory

Export and then import the virtual machine of the source domain controller Prerequisites To complete the steps in the following procedures, you must be a member of the Domain Admins group or have the equivalent permissions assigned to it. The Windows PowerShell commands used in this guide must be run from an elevated command prompt. To do this, right click the Windows PowerShell icon, and then click Run as administrator.

Note If you are using another hypervisor, you should contact the vendor of that hypervisor to verify if the hypervisor supports VM-Generation ID.

To increase the availability of the AD DS service, this guide recommends and provides instructions using two different Hyper-V hosts, which helps prevent a potentially single point of failure.

However, you do not need two Hyper-V hosts to perform virtual domain controller cloning. In order to successfully import and export a VHD file using Hyper-V, the virtual network switches on both Hyper-V hosts should have the same name.

If the two Hyper-V hosts HyperV1 and HyperV2 have different processors, shut down the virtual machine VirtualDC1 that you plan to export, right-click the VM, click Settings, click Processor, and under Processor compatibility select Migrate to a physical computer with a different processor version and click OK.

If necessary, you can transfer the PDC emulator role to a domain controller that runs Windows Server 2012. For more information, see Using Ntdsutil.

This will be the source domain controller used for cloning. Note For cloning to succeed, the source domain controller that is used to create the clone cannot be from a DC that has been demoted since the source VHD media was created. You should not clone a VHD or restore a snapshot that is older than the tombstone lifetime value or the deleted object lifetime value if Active Directory Recycle Bin is enabled.

If you are copying a VHD of an existing domain controller, be sure the VHD file is not older that the tombstone lifetime value by default, 60 days. You should not copy a VHD of a running domain controller to create clone media.

This can cause a sharing problem when trying to import the new VM. The source Windows Server 2012 domain controller used for cloning should be in a healthy state. To determine the state of the source domain controller run dcdiag. If they are not specified, the cloned domain controller will point to itself as Preferred DNS server by default. The cloned domain controller will not have a DNS delegation. The following server roles are not supported for cloning: The group membership update performed in this step must replicate to PDC emulator before cloning can be performed.

  • If there are snapshots on the source domain controller, they should be deleted before the source domain controller is exported because the VM will not import if a snapshot has processor settings that are incompatible with the target hyper-v host;
  • Note If you are using another hypervisor, you should contact the vendor of that hypervisor to verify if the hypervisor supports VM-Generation ID;
  • You should not copy a VHD of a running domain controller to create clone media.

If the Cloneable Domain Controllers group is not found, the PDC emulator role might not be hosted on a domain controller that runs Windows Server 2012. To identify applications or services that run on a source domain controller which have not been evaluated for cloning On the source domain controller VirtualDC1click Server Manager, click Tools, click Active Directory Module for Windows PowerShell and then type the following command: Get-ADDCCloningExcludedApplicationList Vet the list of the returned services and installed programs with the software vendor to determine whether they can be safely cloned.

If applications or services in the list cannot be safely cloned, you must remove them from the source domain controller or cloning will fail. For the set of services and installed programs that were determined to be safely cloned, run the command again with the "GenerateXML switch to provision these services and programs in the CustomDCCloneAllowList.

It is recommended that you specify a suitable site in the DCCloneConfig. The computer name is optional. If you do not specify one, a unique name will be generated based on the following algorithm: The prefix is the first 8 characters of the source domain controller computer name. For example, a source computer name of SourceComputer is truncated to a prefix string of SourceCo. A unique naming suffix of the format ""CLnnnn" is appended to the prefix string where nnnn is the next available value from 0001-9999 that the PDC determines is not currently in use.

For example, if 0047 is the next available number in the allowed range, using the preceding example of the computer name prefix SourceCo, the derived name to use for the clone computer will be set as SourceCo-CL0047.

  • For more troubleshooting information about virtualized domain controllers, see Virtualized Domain Controller Troubleshooting;
  • To create a clone domain controller named Clone2 with dynamic IPv4 settings, type:

The source domain controller's membership in the Cloneable Domain Controllers group must be reflected on the GC. The GC does not need to be the same domain controller as the PDC emulator, but preferably it should be in the same site. If a GC is not available, the command fails with the error "The server is not operational. If you specify only of those arguments, cloning fails with error code 0x80041005 appearing in the dcpromo. To create a clone domain controller named Clone2 with dynamic IPv4 settings, type: This can be more efficient than individually preparing each VM, for example, by importing each copy.

  1. The GC does not need to be the same domain controller as the PDC emulator, but preferably it should be in the same site. To do this, right click the Windows PowerShell icon, and then click Run as administrator.
  2. This will be the source domain controller used for cloning. As a best practice, you should leave the Cloneable Domain Controllers group empty until you are ready to perform cloning operations, and you should remove members after cloning operations are complete.
  3. Note For cloning to succeed, the source domain controller that is used to create the clone cannot be from a DC that has been demoted since the source VHD media was created. A unique naming suffix of the format ""CLnnnn" is appended to the prefix string where nnnn is the next available value from 0001-9999 that the PDC determines is not currently in use.

You should first run the cmdlet locally on the source media to ensure that prerequisite checks pass. The prerequisite checks are not performed in offline mode because the cmdlet could be run from a machine that may not be from the same domain or from a domain-joined computer. After you run the cmdlet locally, it will create a DCCloneConfig. You may delete the DCCloneConfig.

Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)

Export and then import the virtual machine of the source domain controller In this procedure, export the virtual machine of the source virtualized domain controller and then import the virtual machine. This action creates a clone virtualized domain controller in your domain. You need to be a member of the local Administrators group on each Hyper-V host.

If you use different credentials for each server, run the Windows PowerShell cmdlets to export and import the VM in different Windows PowerShell sessions. If there are snapshots on the source domain controller, they should be deleted before the source domain controller is exported because the VM will not import if a snapshot has processor settings that are incompatible with the target hyper-v host.

If the processor settings are compatible between the source and target an introduction to the three important points about active directory hosts, you may export and copy the source without deleting snapshots beforehand. After import, however, the snapshots must be deleted from the clone VM before it starts.

To copy a virtual domain controller by exporting and then importing the virtualized source domain controller On HyperV1, shutdown the source domain controller VirtualDC1. Note You should delete all the associated snapshots because each time a snapshot is taken, a new AVHD file is created that acts as differencing disk. This creates a chain affect. Use the Copy the virtual machine create new unique ID option when importing the virtual machine.

You should not deploy more than the recommended number of clone domain controllers simultaneously unless you have thoroughly tested that number for your environment. If it was shutdown, make sure it has started and performed initial synchronization so it is aware that is holds the PDC emulator role. For more information, see Microsoft KB article 305476.

After cloning completes, verify the name of the clone computer to ensure the cloning operation succeeded. If you try to log on and receive an error indicating no logon servers are available, try logging on in DSRM. The cloned domain controller will be a member of the Cloneable Domain Controllers group because it copies the membership from the source domain controller.

As a best practice, you should leave the Cloneable Domain Controllers group empty until you are ready to perform cloning operations, and you should remove members after cloning operations are complete. If the source domain controller stores a backup media, the cloned domain controller will also store the backup media. You can run wbadmin get versions to show the backup media on the cloned domain controller.

A member of the Domain Admins group should delete the backup media on the cloned domain controller to prevent it from being accidentally restored. For more information about how to delete a system state backup using wbadmin.

Virtualized domain controller cloning

To log on to a domain controller that is started in DSRM, use. Correct the cause for cloning failure and verify that the dcpromo. If cloning cannot be re-tried, safely discard the media. If cloning can be re-tried, you must remove the DS Restore Mode boot flag in order to try cloning again. Open Windows Server 2012 with an elevated command right click Windows Server 2012 and choose Run as Administratorand then type msconfig.

On the Boot tab, under Boot Options, clear Safe boot it is already selected with the option Active Directory repair enabled. Click OK and restart when prompted. For more troubleshooting information about virtualized domain controllers, see Virtualized Domain Controller Troubleshooting.