Sunday, March 25, 2012

Domain Controller cloning in Windows Server 8 beta

Virtualized domain controller cloning in Windows Server “8” Beta enables administrators to easily and safely deploy cloned domain controllers by copying an existing virtual domain controller. In a virtual environment, administrators no longer have to repeatedly deploy a sysprepped server image, promote the server to a domain controller and then complete additional configuration requirements for deploying each additional domain controller.

Reference from Microsoft Technet

To perform Domain Controller cloning, there are some platform requirements.
  • PDC emulator FSMO role transferred to a Windows Server 8 beta DC
  • PDC emulator available during cloning operations
  • The HyperV host must be joined the same domain
  • The source Windows Server 8 Beta domain controller cannot have been previously migrated from FRS to DFSR for SYSVOL.
Lab environment
There are 2 domain controllers named DC01, DC02 which are installed Windows Server 8 beta in HyperV host named HV1. The domain name is The forest and domain functional level of is Windows Server 2003. I  will deploy DC03 in HyperV host named HV2.

The Goals
Cloning a new domain controller named DC03 from DC02

1. On DC01, log in as Domain Administrator.
2. Launch "Command Prompt".
3. Perform "netdom query fsmo".

Make sure the PDC role on DC01.

4. Launch "Active Directory Users and Computers".
5. Expand " > Users".
6. Double-click "Cloneable Domain Controllers".

This is a new group for cloning domain controllers. I will add the source domain controller, DC02, in this group.

7. Select "Members" tab.
8. Add "DC02".

9. Click "OK".
10. Go to DC02, log in as Domain Administrator.
11. Launch "Windows Explorer", navigate to "C:\Windows\System32".
12. Open "SampleDCCloneConfig.xml" by Notepad.
13. Save the file as "DCCloneConfig.xml" in "Windows\NTDS".

14. Edit "DCCloneConfig.xml" in "Windows\NTDS".
15. Modify "ComputerName, SiteName, Address, SubnetMask, DefaultGateway and DNSResolver" in the file.

16. Save and exit the file.

Remark: Cloning does not support using static IPv6 entries in Windows Server 8 beta. You must use IPv6 DHCP or IPv6 Stateless address auto-configuration (SLAAC)

17. Launch "PowerShell".
18. Perform "Get-ADDCCloningExcludedApplicationList | format-list" to detect incompatible programs and services on the source domain controller.

Examine the output for any returned Services or Programs. By default, the only application returned in Windows Server 8 Beta is the "PrintNotify" service. Any installed applications not included as part of the operating system - such as anti-virus software - show here as well as any incompatible Windows services, like the DHCP Server service.

19. Launch "Notepad", edit the XML to include an <Allow></Allow> rule for each service or program returned by the "Get-ADDCCloningExcludedApplicationList" cmdlet.

20. Save the file as "CustomDCCloneAllowList.xml" in "Windows\NTDS".

21. Shut down DC02.

Then we can export the VM or copy the VHD or VHDX to HV2 for Domain Controllers cloning. I will create a new VM named in HV2. Copy the vhdx file to the new vm.

22. On HV2, log in as Domain Administrator.
23. Launch "Hyper-V Manager".
24. Create a new VM named without hard disk.

25. Copy the vhdx file of to the folder of in HV2.

26. Add the copied hard disk in's VM.

27. Power on DC02 in HV1.
28. Power on DC03 in HV2.

The domain controller, DC03, is cloning.

29. On DC03, log in as Domain Administrator.
30. Launch "Active Directory Users and Computers".
31. Expand " > Domain Controllers".

32. Launch "Command Prompt".
33. Perform "repadmin /replsum" to verify the replication.

As a result, Domain Controllers cloning is successful.

Understand and Troubleshooting AD DS Simplified Administration in Windows Server 8 Beta

Test Lab Guide: Demonstrate Windows Server 8 Beta Virtualized Domain Controller (VDC)

This posting is provided “AS IS” with no warranties, and confers no rights!


  1. Hello Terry, First congratulations for the blog. That's a really interesting topic about the new WS 2012. I have a question regardingt DC Cloning with WS 2K12, I am having problems with the final step of the cloning, I believe it is the simplest step I am missing somewhere during the step process.
    My First question is:

    My scenario is:

    1DC01 - (PDC)
    1DC02 - (Source DC)

    1 - It is mandatory to have a CustomDCCloneAllowList file within the NTDS.DIT Directory for the cloning process to work or can I only put the DCCloneConfig File (I mean, I've run the cmdlet to find any program and it returns nothing)?

    2 - I am doing everything on my source DC (Pasting the file on the right path, editing the file with the specific informations, copying or exporting the VM or the VHDx file. Evething like Microsoft suggest, but I cannot finish the Cloning.

    When I boot the source VM, it works great, normally, however when I first boot the Cloned one, it shows those informations bellow:

    "Getting devices ready"
    after a few minutes,(there is no message "Domain Controller Cloning is in.. " it reboots.
    After reboots, it shows the "please wait" and finally it allows me to put my credentials, however when I try to logon as a Domain Admin, it show the error message "There are Currently no logon servers available to service the logon request"
    If I decided to log as a Local Administrator, it logs in in SAFE MODE.
    When I look for the informations, it's got the same source Hostname, but everything is similar to a brand new machine. No IP Configuration Changes (instead, it clears the IP Configuration, now it is DHCP), No Names Changed, Etc.

    What am I doing wrong, you have any idea?

    Thanks a lot

    1. Hello Eden,
      Ans: The CustomDCCloneAllowList.xml file is optional unless you install applications or incompatible Windows services on the source domain controller. The files require precise naming, formatting, and placement; otherwise, cloning fails.

      Understand and Troubleshoot AD DS Simplified Administratration in Windows Server "8" Beta

      Are the Hyper-V servers joined to the domain?