Solved

clone a 2008 domain controller for sandbox in vsphere

Posted on 2014-03-12
6
1,266 Views
Last Modified: 2014-03-29
is it safe to clone my primary domian controller and move it to a test vlan sandbox
which is isolated from production
need a sandbox to test restore critical servers like sql and exchange
i need a domain controller to test these
i was just going to change the nic settings in vsphere to the sandbox vlan
is this ok?
0
Comment
Question by:dougdog
6 Comments
 
LVL 13

Expert Comment

by:Abhilash
ID: 39924243
Yes it is ok to clone a production server. But do not clone it with IP settings and then try changing the NIC association. This might cause a issue. You can use the Customization wizard during the cloning process to change the network properties so that you do not cause any harm to existing production machine.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39924349
Hi,

yes, you can clone primary domian controller and move it to a test vlan sandbox.

but make sure that you have isolated network.
0
 

Author Comment

by:dougdog
ID: 39924640
Do I need to do anything
As it won't open active directory or sites and services.
Also won't open dns
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39924665
1. Check and make sure all services are running fine.
2. verify that NIC is enabled.
3. Run DCDIAG /v
4. check the event log for errors and warnings
5. share if you are getting any error.
0
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 39961179
I don't fully agree with the advice above so my advice is provided without reference to the above comments.

Firstly, yes you can safely clone a DC and use it in a sandbox environment. It's not generally recommended to clone/p2v a DC but for sandbox purposes it certainly makes sense.

This needs to be done in a very specific way though:

Boot the server into DC restore mode (to ensure the AD database is not 'open' and prevent corruption during the clone)
run your cloning tool
boot the DC back into it's normal state

Now move across to your cloned machine:
ensure the NIC is attached to a completely separate network that has no link/routing to the original one and preferably no internet.
boot the VM into DC restore mode (to prevent AD from starting before you're ready)
remove any aps that could cause an issue (eg hardware specific tools/drivers)
amend the 'new' NIC to have the same IP as the original DC
double check all is good and that the server CANNOT see your original network
reboot the cloned server into normal mode

This works fine on older operating systems, but more recent ones can throw an extra issue into the mix due to a recent addition to DCs whereby the cloned machine KNOWS that you have cloned it. it's a great feature with many benefits, but it can be a pain to clone a DC in a multi-DC environment as the DC may insist on replicating from another DC before it is willing to function as a DC. There are ways around it though, and it's also not an issue if you only have 1 DC.
0
 

Author Closing Comment

by:dougdog
ID: 39963868
perfect
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
When rebooting a vCenters 6.0 and try to connect using vSphere Client we get this issue "Invalid URL: The hostname could not parsed." When we get this error we need to do some changes in the vCenter advanced settings to fix the issue.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question