Making sure all agents and software packages are cloneable

To successfully clone a domain controller, all agents and software packages that you've installed and configured on the domain controller you intend to clone, need to support it.

When you install the Active Directory Domain Services role on a Windows Server 2012 installation, or on any newer version of Windows Server, there is the Get-ADDCCloningExcludedApplicationList PowerShell cmdlet that you can use. When you run this PowerShell cmdlet, it will return the applications and services that Microsoft does not know if you can successfully clone.

All Microsoft services and add-on packages that ship with Windows Server are tested, so these are already part of the DefaultDCCloneAllowList.xml file. The contents of the DefaultDCCloneAllowList.xml file is shown as follows:

For any other service and/or application, the recommended practice is to ask the vendor if domain controller cloning is supported. When all services and applications check out, you can run the following line of PowerShell to add them to your organization's CustomDCCloneAllowList.xml file:

Get-ADDCCloningExcludedApplicationList -GenerateXml -Path C:\Windows\NTDS -Force

In the preceding Windows PowerShell example, the default path for the Active Directory database is supplied. Change it accordingly before running the lines of PowerShell.

After cloning, the domain controller you intend to clone will pick up this file when you store it on removable media or in the same path as the Active Directory database.