Best way to clone 2008 R2 Domain Controller onto identical hardware?

I have a Windows 2008 R2 Server that is configured as my primary domain controller. This server is also a DNS, DHCP (two scopes served on 2 VLANs from a single adapter) and a file server. This server has the PDC, RID Master, etc... FSMO roles as well. Unfortunately the server shows a hardware error indicator that suggests an issue with the motherboard. I have another brand new, identical, server that I would like to clone the current system to before it fails. The only difference would be that I would like to use a 4 drive RAID 10 array instead of the current 2 drive RAID 1 array, but I suspect the OS won't care as long as it sees the same resulting drive configuration. My question is, what is the best, and fastest (least down time) way to accomplish this, and what problems may I encounter?

My current plan is this: 1) Full current backup of the server. 2) Unbox and setup the new server hardware and RAID array. 3) Create an image of the current server using a cloning utility such as Todo Backup, or learn the built-in tools. 4) Attempt load the image onto the new hardware off-line to test for a successful load. 5) Schedule downtime and repeat the clone process. 6) Shutdown the old server. 7) Load the image onto the new server on-line in my production environment.

I'm hoping to identify any problems with my plan to avoid any unnecessary risks. My concern is that I will encounter problems with "Trust relationship" errors, activation issues, etc... and possibly have to "reset" the computer account in Active Directory.

Any guidance would be greatly appreciated!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Never clone a DC (at least in 2008 R2 or older, and only rarely in 2012.)  It only takes one mistake and you end up in an irreversible AD corruption situation.

Add the new machine. Configure the networking. MAke it a new DC. And let AD do its thing and replicate.  The only significant task you'll have to do is migrate DHCP and update any scope options and other static-address devices to look at the new DC.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
Is this the only Domain Controller in the environment? If you have multiple DC's in your environment then it is best to transfer the FSMO roles to another DC. 2008R2 is not compatible to clone and have it working properly. You will run into issues regarding the USN's (update sequence numbers) and replication among the DC's will not sync properly.

However if you have only 1 DC in the environment then creating an image of the DC will not affect anything because it does not have any other replication partners. Restoring a DC from an image is only done when it is the only DC in the environment or all of the DC's in your environment get compromised.

If that is the case you would restore the DC using the image and then you would have to bring up bran new DC's which would replicate from the DC that was restored by image.

Cliff GaliherCommented:
Even in a single-DC environment,  I don't recommend cloning (backups are not clones when done properly.) I've seen too many times now where the admin got tired after three test restores, forgot to shut down the live system before restoring their clone, and by introducing the clone, created a USN conflict in what was supposed to always be a single-DC environment. That is an example of a simple mistake I was referencing in my initial answer. In short, never clone a DC.  Backup? Sure...with AD aware backup software so the restore is marked as non-authoritative.  But clone?  Never.  Never Never.
Brook_LaneAuthor Commented:
Well, I'm certainly glad I asked the question. It would seem that cloning would be a poor choice since I do absolutely have a multi-DC environment. Honestly I was hoping this could be done quickly and easily with a simple clone, but clearly I have more work to do. Thank you all for your excellent advice!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.