Category Archives: Microsoft Windows Server

Cloning Windows Server 2016 Domain Controllers

Microsoft Windows Server, , ,

Cloning

Overview

Using virtualization technologies certainly sounds exciting when it comes to your Domain Controllers in a Windows Server 2016 environment. After all, think about scalability. You need more of it, just clone an existing Domain Controller and add the additional clone to your infrastructure.

The Steps

To ensure cloning is a success, Microsoft outlines a process for us and provides us with some new tools.

Step 1: On the virtual machine you want to clone (the source VM), run the Get-ADDCCloningExcludedApplicationList cmdlet. This shows you services and applications you might have installed on the Domain Controller that do not support cloning. Uninstall any that are true concerns.

Step 2: Rerun Get-ADDCCloningExcludedApplicationList with the -GenerateXml and -Path arguments in order to create an allow list XML file.

Step 3: Add your source VM you want to clone to the Cloneable Domain Controllers group. You can use the Add-ADGroupMember cmdlet or the GUI for this.

Step 4: Create a cloning configuration file for your new system. This XML file provides parameters like computer name and IP address for the new virtual machine. The easiest way to create this file is to use the PowerShell cmdlet of New-ADDCCloneConfigFile cmdlet.

Step 5: Shut down your source VM and duplicate it to create your clone. I recommend the Export and Import approach for the VM to ensure you get all your snapshots and other goodies.

Step 6: Boot your cloned Domain Controller and watch as the process of AD Cloning completes at startup.

Transferring and Seizing Operations Master Roles

Microsoft Windows Server, , , ,

 MCSA

Overview

Here is a section from my dear friend Ben Finkel’s upcoming text – MCSA 70-742 Cert Guide: Identity with Windows Server 2016

Remember, if you need a refresher on the FSMO roles, see my post here.

Transferring and Seizing Operations Master Roles

The Flexible Single Master Operations (FSMO) roles described earlier in this blog are important pieces for a functioning AD DS deployment. Occasionally you may need to transfer the role from one DC to another. For example, if a controller is being retired or shutdown you will want to transfer the role to another DC prior to that. If the need arises to move these roles from their current DC, there are different management tools required for each role. The following summarizes the tools:

  • RID: Active Directory Users and Computers
  • PDC: Active Directory Users and Computers
  • Infrastructure Master: Active Directory Users and Computers
  • Domain Naming Master: Active Directory Domains and Trusts
  • Schema Master: Active Directory Schema Snap-In

To change the RID, PDC, or Infrastructure Master role you need to “seize” it from the current master:

  1. Log onto the domain controller that you wish to host the role.
  2. Start Server Manager from either the Start Menu or the Taskbar.
  3. From the navigation menu on the left choose AD DS.
  4. Right-click your server in the contents pane and click Active Directory Users and Computers. NOTE: This ensures you are launching Active Directory Users and Computers on the domain controller you want to transfer the role to.
  5. Right-click the domain in the left-hand pane and select Operations Masters…
  6. On the Operations Masters dialog, choose the tab for the role you wish to seize (RID, PDC, and Infrastructure are available).
  7. Note the current master is listed, and the current machine name is in the second text box. To seize the role click Change…
  8. Click Yes to confirm.
  9. Once the transfer is complete click OK.

To change the Domain Naming Master you need to “seize” it from the current master:

  1. Log onto the domain controller that you wish to host the role.
  2. Start Server Manager from either the Start Menu or the Taskbar.
  3. From the navigation menu choose AD DS.
  4.  Right-click the server and click Active Directory Domains and Trusts.
  5.  Right-click the Active Directory Domains and Trusts in the left-hand pane and select Operations Masters… (Note:  Right-click on the top-level node that reads Active Directory Domains and Trusts, not on the domain itself).
  6. Note the current master is listed, and the current machine name is in the second text box. To seize the role click Change…
  7. Click Yes to confirm.
  8.  Once the transfer is complete click OK.

To change the Schema Master you will first need to activate the Schema snap-in:

  1. Log onto the domain controller that you wish to host the role.
  2. Open a command prompt.
  3. Type regsvr32 schmmgmt.dll and press Enter.
  4. Click OK on the success dialog.
  5.  At the command prompt type mmc.exe and press Enter.
  6.  The MMC window will launch. Click File then select Add/Remove Snap-in…
  7.  Select the Active Directory Schema snap-in from the list of Available snap-ins on the left then click Add >
  8. Click OK.
  9. On the MMC window click to select the Active Directory Schema snap-in. Two folders, classes and attributes, should show up on the right.
  10. Right-click the Active Directory Schema and select Operations Master… (Note: You might need to right click and choose
  11. first to ensure you are configuring the correct DC)
  12.  Note the current master is listed, and the current machine name is in the second text box. To seize the role click Change…
  13. Click Yes to confirm.
  14. Once the transfer is complete click OK.

InformIT (Pearson Education)