Anyone out there who runs a successful Microsoft Windows Active Directory, knows that it is pre-eminently useful to have a test environment that very nearly represents your production environment…to do…you know…testing!
I went to a VMWare Disaster Recovery seminar and one of the presenters described how easy it was for them to use and create a test environment by simply taking one of their existing, virtualized Domain Controllers, cloning it, attaching it to a private network, and off you go.
I thought I would give that a try, and here’s what I came up with.
- Shutdown and clone a Virtual Domain Controller with a 20GB disk drive, 4.5 minutes.
- Power-on and attach the virtual DC to a totally private network, visible only to other virtual machines on the same box, 15 seconds.
- Install DNS on the Domain Controller to allow for dynamic updates within the private network, 3 minutes.
- Seizing FSMO roles from Domain Controllers that aren’t in this private network, 3 minutes.
- Sit back in wonder, 45 seconds.
These simple steps aren’t completely error free. Because the DC I chose was a replication partner with a bunch of other DCs and Active Directory Sites, it was necessary to do some tweaking to remove the “defunct” Domain Controller properties from the Active Directory. That process is documented well, here: Remove old Domain Controller Settings from FRS and the Domain.
Also, step 4 isn’t immediately obvious since most Domain Administrators would be familiar with the GUI-mode way of transferring FSMO ownership. That transfer, though, requires that the current FSMO owner be online to accede the role. Which brings us to this article: How to forcibly transfer (or seize) FSMO Roles from one DC to another from Daniel Petri (a really great resource for Windows administrators, IMO).
There you have it, folks. How to clone your Microsoft Active Directory Domain Services using VMWare in less than 12 minutes!
I’m glad to see you pointing out “Step 4″, since I’ve seen some customers forget that part and then wonder why things aren’t very stable in their cloned lab environment. Thanks for pointing out yet another way to use VMware!
Be sure to check out the VMWorld presentation of session ID “adc9865″. (found at: http://www.vmware.com/vmtn/vmworld/ )
It deals with how to virtualize DCs. Slides 51 and 52 have some very specific suggestions for time services that are critical to VMs when the PDC Emulator role has been seized.
Thanks, Jim! That is a great resource when thinking about virtualizing production Domain Controllers.
We opted out of using the VMWare services to synchronize our VMs. The ESX hosts are configured to use NTP, however, so if we do decide to go with VMWare based synchronization of the DC’s, we should be good to go.
pre teen pageant gown
Hi, I have problem with do it in my environment. I want to clone DC Win2008 on ESX 3 and Ex2007. The problem starts after log in on new cloned DC in totally separated virtual network. The problem is with replication in AD and DNS. I simply clone 2 DC and bring them into other virtual network. Nothing else was done. FSMO roles are on both servers.