Anyone out there who runs a successful Microsoft Windows Active Directory, knows that it is pre-eminently useful to have a test environment that very nearly represents your production environment…to do…you know…testing!
I went to a VMWare Disaster Recovery seminar and one of the presenters described how easy it was for them to use and create a test environment by simply taking one of their existing, virtualized Domain Controllers, cloning it, attaching it to a private network, and off you go.
I thought I would give that a try, and here’s what I came up with.
- Shutdown and clone a Virtual Domain Controller with a 20GB disk drive, 4.5 minutes.
- Power-on and attach the virtual DC to a totally private network, visible only to other virtual machines on the same box, 15 seconds.
- Install DNS on the Domain Controller to allow for dynamic updates within the private network, 3 minutes.
- Seizing FSMO roles from Domain Controllers that aren’t in this private network, 3 minutes.
- Sit back in wonder, 45 seconds.
These simple steps aren’t completely error free. Because the DC I chose was a replication partner with a bunch of other DCs and Active Directory Sites, it was necessary to do some tweaking to remove the “defunct” Domain Controller properties from the Active Directory. That process is documented well, here: Remove old Domain Controller Settings from FRS and the Domain.
Also, step 4 isn’t immediately obvious since most Domain Administrators would be familiar with the GUI-mode way of transferring FSMO ownership. That transfer, though, requires that the current FSMO owner be online to accede the role. Which brings us to this article: How to forcibly transfer (or seize) FSMO Roles from one DC to another from Daniel Petri (a really great resource for Windows administrators, IMO).
There you have it, folks. How to clone your Microsoft Active Directory Domain Services using VMWare in less than 12 minutes!