Saturday, July 6, 2013

Hyper-V VM linked Clone - Cloning a vDC - II

Part I described how you can do Linked Cloning in Hyper-V without messing up your Virtual Machines same as VMWare workstation Linked Cloning feature.

In Part II you will be guided through special steps required for virtual Windows Server 2012 Domain Controller linked cloning.

Windows Server 2012 becomes virtualization aware not like previous windows releases, a new VM-Generation-ID unique Identifier is incorporated as an additional attribute of a Domain Controller’s Computer object in AD as well as of VM host which is running Virtual DC instance.

When a Virtual DC running Server 2012 boots up, Server 2012 looks for mismatch between VM-Generation-ID recorded on VM instance and VM-Generation-ID on DC’s computer object in Active Directory.

If there is a mismatch windows Server knows of the possible snapshot or cloning event which has occurred, and it pushes the latest RID pool and USN for updated information. This safeguards Active Directory health.

Difference between doing a rollback for vDC to a snapshot and cloned vDC is a .xml file prepared during the cloning process helps configuring the cloned vDC once first booted

For more information about new Windows server virtualization safeguards:

DISCLAIMER: In this series of 2 parts tutorial, i am expressing my own opinion and experience which not necessarily assure that this is suitable for production environment.


  • VM-Generation-ID attribute must be supported on your host hypervisor. VM-Generation-ID support is included in Hyper-V v3 (Server 2012 and Windows 8).
  • Primary vDC Role holder should be operational and available to cloned vDC.
  • Source vDC should be member of domain default security group "Cloneable Domain Controllers".
  • Default security permissions for this group must not be changed.



Cloned VM need xml configuration file prepared from template vDC for applying configurations to IP, Default Gateway, Subnet Mask, DNS and Site Name.
Run the following CMDLet on template vDC:

"New-ADDCCloneConfigFile -IPv4Address -IPv4DefaultGateway -IPv4SubnetMask -IPv4DNSResolver, -Static -SiteName Main-Site"

above cmdLet will generate .xml file which would configure cloned vDC first switched on with mentioned network configuration and site name configured previously in Active Directory Domain and Sites.

This will check above the prerequisites in place or not and if Template vDC have any application\service not support cloning or not (i.e. DHCP).

XML file is written by default to c:\windows\ntds in Guest vDC file system. That's one of three valid locations where the file can be placed for cloning. All three locations are:
  1. %windir%\NTDS
  2.  Wherever the DIT lives (if you've changed the path to D:\NTDS, for example)
  3.  The root of any removable media


Now make a backup copy for source vDC's .vhdx followed by immediate Snapshot as its .vhdx will be template for others cloned vDCs from now on.


Create new VM and choose "existing HDD option", this will be our template vDC .vhdx disk image file. DO NOT POWER ON THE MACHINE...!


Do an immediate Snapshot for cloned vDC then feel confident to hit the power on

Let the cloning process finish...

Confirming Cloned vDCs integrity:

By opening ADSI We notice different "VM-Generation-ID" for each cloned vDC in Active Directory computer object.

Since these information is not replicated between DCs, attribute msDS-GenerationID for template vDC will be only saved on its own Active Directory DB and can be viewed from template vDC only. If you try to view this value from another cloned vDC, you'll see that the value shows up as not set.

above screenshot shows different VM-Generation-ID values for cloned vDC and template one.

No comments:

Post a Comment