Solved

clone a 2008 domain controller for sandbox in vsphere

Posted on 2014-03-12
6
1,382 Views
Last Modified: 2014-03-29
is it safe to clone my primary domian controller and move it to a test vlan sandbox
which is isolated from production
need a sandbox to test restore critical servers like sql and exchange
i need a domain controller to test these
i was just going to change the nic settings in vsphere to the sandbox vlan
is this ok?
0
Comment
Question by:dougdog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 13

Expert Comment

by:Abhilash
ID: 39924243
Yes it is ok to clone a production server. But do not clone it with IP settings and then try changing the NIC association. This might cause a issue. You can use the Customization wizard during the cloning process to change the network properties so that you do not cause any harm to existing production machine.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39924349
Hi,

yes, you can clone primary domian controller and move it to a test vlan sandbox.

but make sure that you have isolated network.
0
 

Author Comment

by:dougdog
ID: 39924640
Do I need to do anything
As it won't open active directory or sites and services.
Also won't open dns
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39924665
1. Check and make sure all services are running fine.
2. verify that NIC is enabled.
3. Run DCDIAG /v
4. check the event log for errors and warnings
5. share if you are getting any error.
0
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 39961179
I don't fully agree with the advice above so my advice is provided without reference to the above comments.

Firstly, yes you can safely clone a DC and use it in a sandbox environment. It's not generally recommended to clone/p2v a DC but for sandbox purposes it certainly makes sense.

This needs to be done in a very specific way though:

Boot the server into DC restore mode (to ensure the AD database is not 'open' and prevent corruption during the clone)
run your cloning tool
boot the DC back into it's normal state

Now move across to your cloned machine:
ensure the NIC is attached to a completely separate network that has no link/routing to the original one and preferably no internet.
boot the VM into DC restore mode (to prevent AD from starting before you're ready)
remove any aps that could cause an issue (eg hardware specific tools/drivers)
amend the 'new' NIC to have the same IP as the original DC
double check all is good and that the server CANNOT see your original network
reboot the cloned server into normal mode

This works fine on older operating systems, but more recent ones can throw an extra issue into the mix due to a recent addition to DCs whereby the cloned machine KNOWS that you have cloned it. it's a great feature with many benefits, but it can be a pain to clone a DC in a multi-DC environment as the DC may insist on replicating from another DC before it is willing to function as a DC. There are ways around it though, and it's also not an issue if you only have 1 DC.
0
 

Author Closing Comment

by:dougdog
ID: 39963868
perfect
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question