Anyone out there who runs a successful Microsoft Windows Active Directory, knows that it is pre-eminently useful to have a test environment that very nearly represents your production environment…to do…you know…testing!
I thought I would give that a try, and here’s what I came up with:
- Shutdown and clone a Virtual Domain Controller with a 50GB disk drive, 10 minutes.
- Attach the virtual DC to a totally private network, visible only to other virtual machines on the same box, 15 seconds.
- Restart the cloned DC, 1 minute.
- Seizing FSMO roles from Domain Controllers that aren’t in this private network, 3 minutes.
- Sit back in wonder, 45 seconds.
These simple steps aren’t completely error free. Because the DC I chose was a replication partner with a bunch of other DCs and Active Directory Sites, it was necessary to do some tweaking to remove the “defunct” Domain Controller properties from the Active Directory. That process is documented well, here: Remove old Domain Controller Settings from FRS and the Domain. If you have a lot of Remote Domain Controllers and you only need your clon e for a little test, it may be to expensive to remove all remote DC’s. In this case you can create this registry value, so your clone isn’t waiting anymore for replication partner:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Value name: Repl Perform Initial Synchronizations
Value type: REG_DWORD
Value data: 0
Also, step 4 isn’t immediately obvious since most Domain Administrators would be familiar with the GUI-mode way of transferring FSMO ownership. That transfer, though, requires that the current FSMO owner be online to accede the role. Which brings us to this article: How to forcibly transfer (or seize) FSMO Roles from one DC to another from Daniel Petri (a really great resource for Windows administrators, IMO).
There you have it, folks. How to clone your Microsoft Active Directory Domain Services using VMWare in less than 18 minutes!