7 Steps to Clone Windows Server 2012 Virtual Domain Controllers


Cloning (copying) a virtual machine (VM) is a big benefit of virtualization, but with previous Windows Server versions it hasn't been safe to clone an Active Directory (AD) domain controller (DC) because of AD's distributed nature. This situation has changed with Windows Server 2012 and cloning a DC is now pretty simple to do. Follow the steps below to make a copy of a Server 2012 DC that you can use over and over again.

1. Grant a virtual DC (VDC) permission to be cloned by adding it to the Cloneable Domain Controllers security group. You can do this through any AD management tool, such as Active Directory Administrative Center (ADAC), Active Directory Users and Computers (ADUC), or PowerShell via the Add-ADGroupMember cmdlet.

2. Use the Get-ADDCCloningExcludedApplicationList cmdlet to identify any programs or services running on the source VDC that might not be safely cloned.

3. Review the list, and add any programs or services that you believe will clone successfully (either by contacting the vendor or by conducting your own tests) to the CustomDCCloneAllowList.xml file. This part of the process is yet another reason why DCs should be running a minimal number of applications and services. I’m not aware of any restrictions that would prevent cloning of a Server Core or Minimal Server Interface (MinShell) installation.

4. Run the New-ADDCCloneConfigFile cmdlet on the source VDC. This cmdlet is where you also specify new parameters for the cloned VDC, including name, IP address, subnet mask, DNS servers, and the AD site name it’s to be deployed to.

5. Shut down the source VDC and export it (and, of course, restart the host if it’s intended to be up).

6. Import the created copy (the clone) into its destination host, and start it.

7. The Microsoft article “Active Directory Domain Services (AD DS) Virtualization” describes the cloning process and prerequisites in detail. Because you must run the New-ADDCCloneConfigFile cmdlet on the source VDC, shut it down, and export it whenever you want to clone a new DC, large shops that clone often might want to put the source VDC in its own site with no user subnets. This way, shutting the VDC down at a moment’s notice won’t have any production impact.

For more information about Windows Server 2012's features, visit our Microsoft Windows Server 2012 page.

Sean writes about cloud identity, Microsoft hybrid identity, and whatever else he finds interesting at his blog on Enterprise Identity and on Twitter at @shorinsean.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.