Passed: The domain controller hosting the PDC FSMO role (DC2-FULL.root.fabrikam.com) was located and running Windows Server 2012 or later.
Verifying authorization: Checking if this domain controller is a member of the 'Cloneable Domain Controllers' group...
Located the local domain controller: (DC2-FULL.root.fabrikam.com).
New-ADDCCloneConfigFile : The server is not operational
At line:1 char:1
+ CategoryInfo : ReadError: (Get-AdPrincipal...server:String) [New-ADDCCloneConfigFile], CmdletInvocationException
FullyQualifiedErrorId : 0,MIcrosoft.ActiveDirectory.Management.Commands.Newaddccloneconfigfile
Warning: The local domain controller is not a member of any groups
- A Global Catalog server is available.
- The server on which this problem occurs can reach the Global Catalog server through TCP ports 3268 and 3269.
During the cloning operation, a clone contacts the PDC emulator (PDCe) by using the RPC network protocol, and then validates the "Allow a DC to create a clone of itself" permission. This permission is usually granted through membership in the Cloneable Domain Controllers group. Therefore, make sure that the PDCe has replicated this group membership inbound. The PDCe does not have to be a Global Catalog server to perform the cloning operation. The Global Catalog server behavior in the cmdlet is used only in the server's internal tests, not in the cloning architecture itself.
Article ID: 2745013 - Last Review: Sep 18, 2012 - Revision: 1