Tag: Domain controller

Performing an Offline Domain Join – AD DS

by Samuel Mitchell, posted in Microsoft, windows, Windows server

Provisioning a offline domain joined file for a computer:

  1. Logon to a writeable Domain Controller
  2. Open the command prompt (cmd)
  3. Use command:

Djoin /provision /domain <mydomain.com> /machine <computername> /savefile <filename.txt> /machineou <Computers> /dcname <DC1> /reuse

Joining a computer to the Domain offline:

Djoin /requestodj /loadfile <filename.txt> /windowspath <%windir%> /localos

The computer will restart and when it is up, the computer is on the domain.

Reference: https://technet.microsoft.com/en-us/library/offlinedomain-join-djoin-step-by-step(v=ws.10).aspx

Configuring Domain Controller Cloning

by Samuel Mitchell, posted in Data Center Virtualization, Microsoft, VMware, Windows server

Note: There is an Microsoft Hands-on Lab with code WS00148 that can be used to conduct this exercise. The environment may be required to do additional configuration to execute some of these steps since it is not the main aim and you can ignore the steps in that lab to do your own configuration.

Before cloning a virtual Domain Controller (DC), there are a few requirements that needs to exist in the environment.

The requirements are listed below:

  1. There must exist a DC with the FSMO role PDC Emulator running on atleast Windows Server 2012 which is accessible on the network.
  2. The virtual DC to be clone must be running on a hypervisor that supports the feature VM-GenerationID.
  3. The source virtual DC must be running atleast Windows Server 2012 and is a member of the AD group Cloneable Domain Controllers.
  4. There must be a DC Clone Configuration XML file (namely DCCloneConfig.xml) that holds the settings the clone DC will use to configure itself.

To start the process of cloning a DC, the DC needs to be added to the Cloneable Domain Controllers:

  1. Open Server Manager. server_mgr
  2. Then, go to the Active Directory Users and Computers (ADUC). aduc
  3. Go to the Organization Unit (OU) Users,
  4. Select the security group “Cloneable Domain Controllers“. cloneable_group
  5. Right click and select Properties. cloneable_properties
  6. Then go to Members Tab and Add the DC here. select member
  7. Save and Close the settings.

 

Alternately, PowerShell can be used to the previous step, see command:

 

ADGroupMember -Identity ‘Cloneable Domain Controllers’ -member (Get-ADComputer SRV1)

Next step is to check for excluded Application and generate a file using PowerShell:

Open an PowerShell console and use this command:

This command generates a list of excluded applications that are added to the allowed list and saves it to the C:\Windows\NTDS\.

Get-ADDCCloningExcludedApplicationList -GenerateXml

The next command is used to create the DC Cloning configuration XML file that is used to configure the virtual DC clone that you will import into the desired Hypervisor.

New-ADDCCloningConfigFile -CloneComputerName “DCCloneName” -IPv4Address 10.10.10.10 –IPv4DefaultGateway 10.10.10.1 –IPv4SubnetMask 255.255.255.0 –IPv4DNSResolver 10.10.10.100,10.10.10.102 –Static

Now shutdown the VM DC, export a copy of it and then import it as a copy generating a new VM ID. Once the copied VM is booted, you should see the cloning process initializing at boot up. When the process is completed, it will reboot and the new cloned DC is ready for use.

 

Reference: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/introduction-to-active-directory-domain-services-ad-ds-virtualization-level-100