Solved

clone a 2008 domain controller for sandbox in vsphere

Posted on 2014-03-12
6
1,343 Views
Last Modified: 2014-03-29
is it safe to clone my primary domian controller and move it to a test vlan sandbox
which is isolated from production
need a sandbox to test restore critical servers like sql and exchange
i need a domain controller to test these
i was just going to change the nic settings in vsphere to the sandbox vlan
is this ok?
0
Comment
Question by:dougdog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 13

Expert Comment

by:Abhilash
ID: 39924243
Yes it is ok to clone a production server. But do not clone it with IP settings and then try changing the NIC association. This might cause a issue. You can use the Customization wizard during the cloning process to change the network properties so that you do not cause any harm to existing production machine.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39924349
Hi,

yes, you can clone primary domian controller and move it to a test vlan sandbox.

but make sure that you have isolated network.
0
 

Author Comment

by:dougdog
ID: 39924640
Do I need to do anything
As it won't open active directory or sites and services.
Also won't open dns
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39924665
1. Check and make sure all services are running fine.
2. verify that NIC is enabled.
3. Run DCDIAG /v
4. check the event log for errors and warnings
5. share if you are getting any error.
0
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 39961179
I don't fully agree with the advice above so my advice is provided without reference to the above comments.

Firstly, yes you can safely clone a DC and use it in a sandbox environment. It's not generally recommended to clone/p2v a DC but for sandbox purposes it certainly makes sense.

This needs to be done in a very specific way though:

Boot the server into DC restore mode (to ensure the AD database is not 'open' and prevent corruption during the clone)
run your cloning tool
boot the DC back into it's normal state

Now move across to your cloned machine:
ensure the NIC is attached to a completely separate network that has no link/routing to the original one and preferably no internet.
boot the VM into DC restore mode (to prevent AD from starting before you're ready)
remove any aps that could cause an issue (eg hardware specific tools/drivers)
amend the 'new' NIC to have the same IP as the original DC
double check all is good and that the server CANNOT see your original network
reboot the cloned server into normal mode

This works fine on older operating systems, but more recent ones can throw an extra issue into the mix due to a recent addition to DCs whereby the cloned machine KNOWS that you have cloned it. it's a great feature with many benefits, but it can be a pain to clone a DC in a multi-DC environment as the DC may insist on replicating from another DC before it is willing to function as a DC. There are ways around it though, and it's also not an issue if you only have 1 DC.
0
 

Author Closing Comment

by:dougdog
ID: 39963868
perfect
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question