[Windows 8 Server] Virtualized Domain Controller Part 1 (Cloning)

Windows Server "8" Beta introduces virtualized domain controller cloning and safe snapshot restore capabilities.

You can found more informations in the Virtualized Domain Controller TLG and Virtualized Domain Controller UTG.

I'll demonstrate today the cloning capability.
My lab is composed of 1 Hypervisor and 2 VM, all running Windows 8 Server Beta (prerequisite for Virtualized Domain Controller).


Here is the different steps for cloning a DC :

• Create the customized DcCloneConfig.xml file on a source domain controller
• Detect incompatible programs on the source domain controller
• Ensure the PDC emulator runs Windows Server "8" Beta, is not the clone source, and is available
• Authorize the source domain controller for cloning
• Shutdown the source domain controller
• Copy its disk and Create a new clone virtual machine using the copied disks
• Or Export and Import the source VM
• Start the source and cloned domain controller, then allow cloning to occur

So we start by creating the XML file.

Open the SampleDCCloneConfig.xml  in  C:\windows\system32 , modify it and save it in the NTDS folder (D:\WINDOWS\NTDS here)

Now we have to detect if incompatible programs are present on the source domain controller.

For this we use a Powershell Cmdlet :

Get-ADDCCloningExcludedApplicationList

By default, the only application returned in Windows Server "8" Beta is the PrintNotify service.
Any installed applications not included as part of the operating system - such as anti-virus software - show here as well as any incompatible Windows services.

We have to create a second XML file (CustomDCCloneAllowList.xml) in the NTDS Folder to allow each program or service return by the Cmdlet.

We execute again the Cmdlet which shows nothing.

Now we have to check that the source Domain Controller doesn't host the PDC Emulator role.

We add the source Domain Controller in the "Cloneable Domain Controllers" group to authorize the source Domain Controller to be cloned.


For that we use again a Powershell Cmdlet.
The TLG and UTG use the following command :

Get-ADComputer SRV-AD02 | %{add-adgroupmember -identity "Cloneable domain controllers" -members $_.samaccountname}

I use this one :

Add-ADGroupMember -Identity "Cloneable domain controllers" -Members (Get-ADComputer SRV-AD02)

Now we stop the VM.

For the next step we have the choice between :

• Copy the source Domain Controller disk and create a new clone virtual machine using the copied disks
• Export and Import the source VM

The TLG show the first method so I'll use the second.


First I export the source VM using Powershell Cmdlet Export-VM :

Then I import the VM, rename it and start the source Domain Controller.

Finally we remove the cloned snapshot and we start the cloned VM.

And log on it.

We see our new DC in ADAC.

Virtualized Domain Controller Cloning is a really great new feature of Windows 8 Server.

Most of the steps could be scripted unless Microsoft give us new Cmdlets (to generate the XML file for example) in the RTM version.

That was the first part of the Virtualized Domain Controller, next time we'll see safe snapshot restore.