• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1488
  • Last Modified:

clone a 2008 domain controller for sandbox in vsphere

is it safe to clone my primary domian controller and move it to a test vlan sandbox
which is isolated from production
need a sandbox to test restore critical servers like sql and exchange
i need a domain controller to test these
i was just going to change the nic settings in vsphere to the sandbox vlan
is this ok?
0
dougdog
Asked:
dougdog
1 Solution
 
AbhilashBloggerCommented:
Yes it is ok to clone a production server. But do not clone it with IP settings and then try changing the NIC association. This might cause a issue. You can use the Customization wizard during the cloning process to change the network properties so that you do not cause any harm to existing production machine.
0
 
Santosh GuptaCommented:
Hi,

yes, you can clone primary domian controller and move it to a test vlan sandbox.

but make sure that you have isolated network.
0
 
dougdogAuthor Commented:
Do I need to do anything
As it won't open active directory or sites and services.
Also won't open dns
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Santosh GuptaCommented:
1. Check and make sure all services are running fine.
2. verify that NIC is enabled.
3. Run DCDIAG /v
4. check the event log for errors and warnings
5. share if you are getting any error.
0
 
SteveCommented:
I don't fully agree with the advice above so my advice is provided without reference to the above comments.

Firstly, yes you can safely clone a DC and use it in a sandbox environment. It's not generally recommended to clone/p2v a DC but for sandbox purposes it certainly makes sense.

This needs to be done in a very specific way though:

Boot the server into DC restore mode (to ensure the AD database is not 'open' and prevent corruption during the clone)
run your cloning tool
boot the DC back into it's normal state

Now move across to your cloned machine:
ensure the NIC is attached to a completely separate network that has no link/routing to the original one and preferably no internet.
boot the VM into DC restore mode (to prevent AD from starting before you're ready)
remove any aps that could cause an issue (eg hardware specific tools/drivers)
amend the 'new' NIC to have the same IP as the original DC
double check all is good and that the server CANNOT see your original network
reboot the cloned server into normal mode

This works fine on older operating systems, but more recent ones can throw an extra issue into the mix due to a recent addition to DCs whereby the cloned machine KNOWS that you have cloned it. it's a great feature with many benefits, but it can be a pain to clone a DC in a multi-DC environment as the DC may insist on replicating from another DC before it is willing to function as a DC. There are ways around it though, and it's also not an issue if you only have 1 DC.
0
 
dougdogAuthor Commented:
perfect
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now