Mirroring/Cloning a Domain Controller?

Hi folks, as the title suggests...Does anyone have any experience w/ creating an identical copy of a Domain Controller? How did you go about accomplishing this task? Not necessarily looking to create a BDC or anything...just a mirror of the Domain Controller.

Thanks for any and all replies.

 

I assume that you run either srever 2003 or 2008, so domain controller should replicate automatically. BDC is for NT environment. Server 2003 and 2008 have read and write Active Directory database unlike NT that has PDC and BDC.

 

There's a lot of stuff that comes up on Google, but most of it depends on the specific reasons for cloning/mirroring a domain controller; what's the reason for doing so?

 

It is for a fault toterant. You should not have single active directory domain controller in your forest because if it goes down, so does your infrastructure.

 

Well yes it is Server 2003 afaik. I'm working w/ limited information as I am not the one who actually wants to do this but nevertheless I believe the reason behind this is to just have a copy of the Domain Controller just incase it needs to be restored.

Either way...what are my options really?..I did both a google search and a search here on NBR and didn't see anything relevant.

 

I assume you have at least two domain controllers on the same VLAN. I think they connect to your core switch right? As long as you have both domain controllers on the same VLAN, and they can contact each other, you can test them by ping each other. You don't have to do anything because each domain controller will replicate the database to each other on regular basis. You should care more about FSMO (Flexible Single Master Operation)

To answer your question, you don't have to really do anything as long as both domain controllers can communicate with each other. You do need multiple domain controller for fault tolerant, and you are partially right about restore Active Directory database, but it is not the topic here. Am I sound like a genius?

 

Thanks merlin but what if there is only one Domain Controller? How can I get a copy of the one Domain Controller?

 

Joining a second domain server is so simple. You just make sure to authorize the controller into Active directory. It will then automatically replicate the domain information.

If you are using server 2003, log into the new computer locally and use dcpromo.exe and select the option "add additional controller to an existing domain."

If you are using Server 2008, log into the new computer locally and use Server manager. Select the "add additional controller to an existing domain."

There are a few hangups as you go to restore a domain controller in case of a failure under server 2003. It can be sometimes of a pain to troubleshoot. So I say go ahead and try to restore a controller and get the kinks out of the way before it really happens.

Edit:

I didn't read your original post. If you are looking to clone your domain controller data, you will need an imaging program for server 2003. It comes with a utility called NTBACKUP which is a pain in the rear to use. I myself use Notron Ghost.

 

The easiest way to back up your DC is using MS NT backup. I think you know how to use it, so I am not going to tell you how to open the program. You don't have to back up everything. You back up only System State, which contain SYSVOL folder. Your Active Directory is in there. That all you have to do, but I don't recommend you have only one DC in your company because you set up yourself to fail right there.

Don't listen to the guy below who tells you to use Ghost. There is no IT admin uses Ghost on his DC because it adds more headache to you in te future. Don't forget that DC is the brain of your network. Exchange is depend on Active Directory database and LDAP to function properly.

 

Thanks for the replies guys...very helpful. +rep