Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

clone a 2008 domain controller for sandbox in vsphere

Posted on 2014-03-12
6
Medium Priority
?
1,423 Views
Last Modified: 2014-03-29
is it safe to clone my primary domian controller and move it to a test vlan sandbox
which is isolated from production
need a sandbox to test restore critical servers like sql and exchange
i need a domain controller to test these
i was just going to change the nic settings in vsphere to the sandbox vlan
is this ok?
0
Comment
Question by:dougdog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 13

Expert Comment

by:Abhilash
ID: 39924243
Yes it is ok to clone a production server. But do not clone it with IP settings and then try changing the NIC association. This might cause a issue. You can use the Customization wizard during the cloning process to change the network properties so that you do not cause any harm to existing production machine.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39924349
Hi,

yes, you can clone primary domian controller and move it to a test vlan sandbox.

but make sure that you have isolated network.
0
 

Author Comment

by:dougdog
ID: 39924640
Do I need to do anything
As it won't open active directory or sites and services.
Also won't open dns
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39924665
1. Check and make sure all services are running fine.
2. verify that NIC is enabled.
3. Run DCDIAG /v
4. check the event log for errors and warnings
5. share if you are getting any error.
0
 
LVL 27

Accepted Solution

by:
Steve earned 2000 total points
ID: 39961179
I don't fully agree with the advice above so my advice is provided without reference to the above comments.

Firstly, yes you can safely clone a DC and use it in a sandbox environment. It's not generally recommended to clone/p2v a DC but for sandbox purposes it certainly makes sense.

This needs to be done in a very specific way though:

Boot the server into DC restore mode (to ensure the AD database is not 'open' and prevent corruption during the clone)
run your cloning tool
boot the DC back into it's normal state

Now move across to your cloned machine:
ensure the NIC is attached to a completely separate network that has no link/routing to the original one and preferably no internet.
boot the VM into DC restore mode (to prevent AD from starting before you're ready)
remove any aps that could cause an issue (eg hardware specific tools/drivers)
amend the 'new' NIC to have the same IP as the original DC
double check all is good and that the server CANNOT see your original network
reboot the cloned server into normal mode

This works fine on older operating systems, but more recent ones can throw an extra issue into the mix due to a recent addition to DCs whereby the cloned machine KNOWS that you have cloned it. it's a great feature with many benefits, but it can be a pain to clone a DC in a multi-DC environment as the DC may insist on replicating from another DC before it is willing to function as a DC. There are ways around it though, and it's also not an issue if you only have 1 DC.
0
 

Author Closing Comment

by:dougdog
ID: 39963868
perfect
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question